Social Engineering














             Warning As Iranian State Hackers Target LinkedIn Users With Dangerous New Malware - The
             multidimensional cyber warfare playing out in the Middle East has taken a shape we have not seen
             at this scale before—a mix of military offensive and defensive capabilities with state-sponsored
             attacks on civilian targets. With cyber warfare becoming "an interchangeable battlefield tool," an
             attack in one domain can lead to retaliation in another. And the catalyst has been the continuing
             escalation of tensions between the U.S. (and its allies) and Iran. Now, U.S. cybersecurity firm FireEye
             has warned of a malicious phishing campaign that it has attributed to the Iranian-linked APT34—
             whose activity has been reported elsewhere as OilRig and Greenbug. The campaign has been
             targeting LinkedIn users with plausible but bogus invitations to join a professional network and
             emailed attachments laced with malware that seeks to infect systems with a hidden backdoor and
             steal data and credentials.
                    Source: https://www.forbes.com/sites/zakdoffman/2019/07/22/critical-linkedin-warning-as-
                    irans-hackers-send-fake-invites-laced-with-malware/#558c009d6ac1



             Microsoft Office 365 Users Targeted by Malware Disguised as Browser Update - malware campaign
             whose purpose is to eventually infect devices with the TrickBot password-stealing Trojan. A fake
             Office 365 page which looks just like Microsoft’s serves a fake browser update that is used to deploy
             the malicious payload. Discovered by the experts at MalwareHunterTeam, the page was specifically
             designed to look as legitimate as possible, so it even includes links that point to Microsoft domains.
             However, a few seconds after landing on the page, users are provided with a warning that is adapted
             to their browser and which recommends downloads and installing an update. Both Google Chrome
             and Mozilla Firefox appear to be targeted with such custom warnings.
                    Source: https://news.softpedia.com/news/microsoft-office-365-users-targeted-by-malware-
                    disguised-as-browser-update-526775.shtml



             40% of enterprises experienced Office 365 credential theft, report finds - While 80% of
             organizations use more than the default security provided by Office 365, additional measures are
             needed to secure enterprise email. Despite the promise of increased security cloud-hosted email
             solutions are thought to provide, an eye-watering 40% of enterprise respondents indicated that
             Office 365 login credentials have been compromised, according to a survey of 300 companies with
             more than 5,000 employees in the US and UK conducted by Cyren and Osterman Research,
             published Monday. On average—across all organizations surveyed—Office 365 credentials were
             compromised 3.7 times, with incidents more likely (54%) in the UK than in the US (34%).
                    Source: https://www.techrepublic.com/article/40-of-enterprises-experienced-office-365-
                    credential-theft-report-finds/









                                                    www.accumepartners.com                                            9