Beware of fake salary increase emails, scams try to leverage the Microsoft Voice service, and more.
Welcome to Cyber Security Today. It’s Friday, January 13th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Hackers are taking advantage of bonus and salary reviews going on at this time of the year. Proofpoint tweeted that it has seen evidence of phishing emails being sent to people pretending to be from their organization’s human resources department. The messages include links to infected documents. So be careful before clicking on attachments in messages that have subject lines like, “A Big Rise”, “Are you getting the raise you deserve?”, “Congratulations. Your salary is approved for increment,” and “You’re getting a pay raise.” You might indeed be getting a raise from your boss. But the message likely won’t include a link to a document that needs your Microsoft password to read it. The password is what the hacker wants.
Threat actors continue to find new ways of attacking firms that use Microsoft’s Dynamic 365 Customer Voice service to send phishing links to victims. According to researchers at Avanan, one of the latest tactics is sending a target a message from a SharePoint service of a document that allegedly has sensitive or confidential information. The document’s real purpose is to steal the victim’s Microsoft password when they login to read it. Another tactic is sending a notice of a document that has to be printed out. Again, the goal is to steal credentials. Employees need to be reminded to hover their mouse over all URLs before clicking on links in email or text messages. They also need to double-check who has sent a message with a link.
A pro-Russian hacktivist group that has been going after targets in NATO countries since the war against Ukraine has turned its attention to Denmark and the Czech Republic. According to researchers at Sentinel Labs, this week the group called NoName057(16) disrupted bank services in Denmark and began targeting the websites of those running for president of Czechia in today’s election. Until it was stopped, the gang was also using GitHub to host their distributed denial of service tools. There’s a link to the report in the text version of this podcast for those who want more details on how this gang works.
A police app used by California law enforcement agencies to co-ordinate the arrest of more than 600 suspected sex offenders has been pulled after an investigation by Wired magazine. The publication said this week that the app, called SweepWizard, leaked confidential information about suspects, police officers and details about raids. The problem, the story says, is the app was misconfigured. Anyone who knew a specific URL could retrieve the data without logging in. At the time this podcast was recorded SweepWizard wasn’t listed on the website of its developer, a company called Odin Intelligence.
Microsoft says the Cuba ransomware gang is hacking firms through Exchange email servers that haven’t yet installed a patch released last year. The Bleeping Computer news service said it has seen a recent warning Microsoft is sending to customers using its Defender protection service. This follows a report that the Play ransomware gang is also exploiting this hole. Microsoft released security updates to address this vulnerability in November.
Finally, in Monday’s podcast I said Mac users might be interested in a Microsoft blog on ransomware that can run on the macOS operating system. That blog has been taken down. According to Tech Republic, this came after an author complained the research was close to material in his book, but without attribution.
Later today the Week in Review edition will be out. Guest commentator Jim Love of ITWorldCanada.com and I will discuss fake ChatGPT apps, whether ransomware attacks are going up or down, and more.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. U.S. listeners can also find my stories and podcasts on TechNewsday.com.