Some users of Microsoft’s web-based email services such as Outlook.com had their account information exposed in an incident that, as it later emerged, also impacted email contents. Microsoft has acknowledged a security incident that, for almost three months, gave hackers access to information related to an unknown number of email accounts on the tech giant’s … More Microsoft reveals breach affecting webmail users
ESET Ireland warns Irish businesses to pay attention to a fraudulent email phishing for login details to Microsoft Office 365. The email pretends to come from the “Azure team” of Microsoft Office 365 and claims that the potential victim’s subscription will be disabled unless they “update their information”. Once clicking on the “Update account information” … More Irish businesses warned to avoid a Microsoft Office 365 phishing scam
The software giant takes passwords one step closer to obsolescence as it now enables users to log into their Microsoft accounts with more modern forms of authentication. Microsoft has announced that it is enabling users to log into their Microsoft accounts without usernames and passwords. Instead of passwords – which the tech behemoth has previously described … More Who needs passwords? Microsoft now lets you in with your face or security key
The recent spike in Emotet activity shows that it remains an active threat. A week after adding a new email content harvesting module, and following a period of low activity, the malicious actors behind Emotet have launched a new, large-scale spam campaign. What is Emotet? Emotet is a banking Trojan family notorious for its modular architecture, … More Emotet launches major new spam campaign
Malware from newly uncovered group PowerPool exploits zero-day vulnerability in the wild, only two days after its disclosure. On August 27, 2018, a so-called zero-day vulnerability affecting Microsoft Windows was published on GitHub and publicized via a rather acerbic tweet. It seems obvious that this was not part of a coordinated vulnerability disclosure and there was no … More PowerPool malware exploits ALPC LPE zero-day vulnerability
ESET Ireland looks at the latest scam targeting Irish users, using their passwords as bait, mentioning adult websites and trying to extort large sums of money. “It is just so unfortunate. I’m aware login123 is your password. More importantly, I know about your secret and I’ve evidence of this,” says an email received by many … More They have my password, now they’re blackmailing me!
Law enforcement and malware research join forces to take down cybercriminals. The primary purpose of malware analysis is to determine how a given piece of malware works, extract IOCs (Indicators of Compromise) and determine potential countermeasures. This work is almost purely technical in nature: it focuses on binary files and their properties. Results from malware analysis are … More Trends 2018: Doing time for cybercrime