Identity and access management provider Okta has discovered what it says is a novel phishing-as-a-service (PhaaS) operation that, if victims fall for an infected email, may get around the user account protections from third-party single sign-on providers to steal Microsoft and Google login credentials. However, that’s a big “if”. Effective security awareness training that alerts…
Category: Malware, Phishing
Exploits, Global Security News, Malware, Phishing
Fake resumes targeting HR managers now come with updated backdoor
CISOs should warn HR staff not to be fooled by a new spear phishing campaign that contains job applications that include updated malware, and take steps to identify and block an improved backdoor. That warning came Monday from researchers at Arctic Wolf, who said a group some researchers know as Venom Spider, or TA4557, has…
Exploits, Global Security News, Malware, Phishing
Polyglot files used to spread new backdoor
A threat actor is using polyglot files to conceal installation of a new backdoor as part of a spear-phishing campaign targeting firms in the United Arab Emirates (UAE), particularly in the aviation, satellite communications, and transportation sectors. The backdoor has been dubbed Sosano by researchers at Proofpoint, who made the discovery with help from PwC’s…