article thumbnail

Breach Roundup: Microsoft's Effort to Store EU Data Locally

Data Breach Today

Also: FBI Warning About Androxgh0st; eBay Pays a $3 Million Fine for Cyberstalking This week, Microsoft expanded plans to store EU citizens' data locally, shipping-themed phishing spam is a threat, the British Library overcame a ransomware setback, the FBI warned of Androxgh0st malware, Remcos RAT targeted South Korea, and eBay was fined $3 million (..)

Libraries 297
article thumbnail

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

” The second zero day this month is CVE-2023-36033 , which is a vulnerability in the “DWM Core Library” in Microsoft Windows that was exploited in the wild as a zero day and publicly disclosed prior to patches being available.

Phishing 232
article thumbnail

Closure JavaScript Library introduced XSS issue in Google Search and potentially other services

Security Affairs

A change made months ago in an open-source JavaScript library introduced a cross-site scripting (XSS) vulnerability in Google Search. The Japanese security researcher Masato Kinugawa discovered an XSS vulnerability in Google Search that was introduced with a change made months ago in an open-source JavaScript library.

article thumbnail

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. The post Phishing campaign targets LATAM e-commerce users with Chaes Malware appeared first on Security Affairs. SecurityAffairs – hacking, malware).

Phishing 114
article thumbnail

A supply chain attack on crypto hardware wallet Ledger led to the theft of $600K

Security Affairs

Threat actors launched a phishing attack against a former employee obtaining his credentials and access to the Ledger’s NPMJS account. ledger library confirmed compromised and replaced with a drainer. The malicious npm module (2e6d5f64604be31) has been removed from the repository. that included a crypto drainer malware.

Phishing 117
article thumbnail

Library-Themed University Phishing Attack Expands to Massive Scale

Threatpost

Cobalt Dickens (a.k.a. Silent Librarian) is now actively targeting 380 universities, bent on stealing credentials and moving deeper into school networks.