News November 2, 2022

UK health system email accounts hijacked to steal Microsoft logins

2 min read - Last summer, I noticed password reset notices in my email account that I didn’t send. I quickly realized that I was the victim of an account takeover. This happens when someone illegally gains access to your account, typically through compromised…

Application Security September 22, 2022

Does Follina mean it’s time to abandon Microsoft Office?

4 min read - As a freelance writer, I spend most of my day working in Microsoft Word. Then, I send drafts to clients and companies across the globe. So, news of the newly discovered Microsoft Office vulnerability made me concerned about the possibility…

Application Security August 31, 2021

Cyberattacks Use Office 365 to Target Supply Chain

2 min read - Malicious actors have a history of trying to compromise users’ Office 365 accounts. By doing so, they can tunnel into a network and use their access to steal sensitive information. But they need not stop there. They can also single…

News June 21, 2021

New Buer Malware Loader Spread Through DHL Scam Email

2 min read - Digital attackers are using fake DHL shipping emails to trick recipients into opening a malicious Microsoft Office document. According to Proofpoint, the DHL scam email leads to an infection of ‘RustyBuer,’ a new variant of the Buer Loader malware family…

News January 26, 2021

Researchers Identify Enterprise Attack Using New Ransomware

2 min read - A new ransomware, Babuk Locker, has struck five different companies globally, earning the dubious title of first new enterprise ransomware strain of 2021. The threat actors behind Babuk Locker target entire corporate networks instead of individual users. From there, they…

August 5, 2020

Users Beware: Spotting a Microsoft Renewal Scam

3 min read - A novel scam began when a user received an email impersonating a notification from Microsoft, Abnormal Security observed on Friday, July 17. The scam arrived after Microsoft had recently taken several steps to deter scammers. Security professionals should be aware of…

April 8, 2020

Mshta Replaces PowerShell in New Ursnif Campaign

2 min read - Security researchers observed that a new attack campaign replaced PowerShell with mshta as a means to distribute Ursnif malware.

Malware March 30, 2020

Zeus Sphinx Trojan Awakens Amidst Coronavirus Spam Frenzy

7 min read - The renewed Zeus Sphinx activity that IBM X-Force is seeing features a modified variant targeting online banking users in North America and Australia through the use of maldocs themed around COVID-19.

February 25, 2020

Phishing Schemes Use Google Forms to Steal Office 365 Credentials

2 min read - Phishing campaigns aimed at stealing Microsoft user credentials are using Google Forms to dupe potential victims, security researchers warn.

February 17, 2020

Weekly Security News Roundup: Coronavirus-Themed Emotet Spam Tops Malware List

3 min read - Coronavirus-themed spam campaigns delivering Emotet topped a monthly "most wanted" malware list. Learn what else happened last week in security news.