Hackers impersonate cybersecurity firms in callback phishing attacks

By Bill Toulas July 12, 2022 03:54 PM
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.

Most phishing campaigns embed links to landing pages that steal login credentials or emails that include malicious attachments to install malware.

However, over the past year, threat actors have increasingly used “callback” phishing campaigns that impersonate well-known companies requesting you call a number to resolve a problem, cancel a subscription renewal, or discuss another issue.

When the target calls the numbers, the threat actors use social engineering to convince users to install remote access software on their devices, providing initial access to corporate networks. This access is then used to compromise the entire Windows domain.

Article (https://www.bleepingcomputer.com/news/security/hackers-impersonate-cybersecurity-firms-in-callback-phishing-attacks/)

Folks you need to head off these attacks (Barracuda Anti-Spam) at least scan before mail is delivered to your inbox

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

OpenSSL Releases Security Update

Original release date: July 06, 2022

OpenSSL has released a security update to address a vulnerability affecting OpenSSL 3.0.4. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review the OpenSSL advisory and upgrade to the appropriate version.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Bitdefender releases update BEST 7.6.1.202 (Windows) Release Notes – Slow Ring

Bitdefender has released version 7.6.1.202 of Bitdefender Endpoint Security Tools (for Windows) on slow ring.

The release notes are available here.

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Google patches new Chrome zero-day flaw exploited in attacks Attack details not revealed

he zero-day bug fixed today (tracked as CVE-2022-2294) is a high severity heap-based buffer overflow weakness in the WebRTC (Web Real-Time Communications) component, reported by Jan Vojtesek of the Avast Threat Intelligence team on Friday, July 1.

The impact of successful heap overflow exploitation can range from program crashes and arbitrary code execution to bypassing security solutions if code execution is achieved during the attack.

Although Google says this zero-day vulnerability was exploited in the wild, the company is yet to share technical details or a any info regarding these incidents.

“Access to bug details and links may be kept restricted until a majority of users are updated with a fix,” Google said.

“We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.”

With this delayed release of more info on the attacks, Chrome users should have enough time to update and prevent exploitation attempts until Google provides additional details.

Fourth ChRome zero-day fixed this year

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”

Microsoft quietly fixes ShadowCoerce Windows NTLM Relay bug

Microsoft has confirmed it fixed a previously disclosed ‘ShadowCoerce’ vulnerability as part of the June 2022 updates that enabled attackers to target Windows servers in NTLM relay attacks.

This NTLM relay attack method can be used by threat actors to force unpatched servers to authenticate against servers under the attacker’s control, leading to a takeover of the Windows domain.

As BleepingComputer was told by a Microsoft spokesperson, while there was no public announcement made regarding this issue, the “MS-FSRVP coercion abuse PoC aka ‘ShadowCoerce’ was mitigated with CVE-2022-30154, which affected the same component.”

BleepingComputer emailed Redmond after ACROS Security CEO Mitja Kolsek discovered that ShadowCoerce was silently patched while researching it with the 0Patch team to issue a micropatch.

While it is good that Microsoft has fixed this vulnerability, they have not yet provided any details publicly and is yet to assign a CVE ID.

This has prompted security firms and researchers [1, 2, 3, 4] to ask Redmond for more transparency and to include more info on what’s fixed in its security bulletins.

It would be nice if MS were more open about this. I find unbelievable that in many ways MS is more secretive about security now than in the “bad old days” unless they can throw a marketing spin on it. Material security changes should be clearly documented in security bulletins.

— James Forshaw (@tiraniddo) July 4, 2022

Article Beeping Computer

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient

“Where Service and Technical Skills Count”