“Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.”
Why vishing is the new phishing and how to guard against it [Q&A]
“We’re all familiar with the menace of phishing but, particularly following the recent Twitter attack, other methods of stealing credentials have been on the rise. These include ‘smishing’ (phishing via SMS) and ‘vishing’ (phishing by voice call).”
The death of remote access VPN
“Remote Access VPN, also known as business VPN, is an important technology that has been around for decades. It allows remote workers to connect their devices to the company network over the public internet; thus allowing them to function as if they were inside the corporate network.”
Phishing scam uses Sharepoint and One Note to go after passwords
“Here’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes. From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way.”
Hackers Are Attempting to Cripple Cisco Networking Kit via New 0Day
“Hackers are actively trying to exploit several high-severity memory exhaustion weaknesses in Cisco software that runs carrier-class routers, the company has warned.”
Files by Google officially rolling out PIN-encrypted ‘Safe Folder’
“Back in June, we spotted Google’s Files app working on a password-protected “Safe Folder.” This feature is now rolling out in beta, while the company reports 150 million monthly users.”
Office 365 now opens attachments in a sandbox to prevent infections
“Microsoft today announced the launch of Application Guard for Office in public preview to protect enterprise users from threats using malicious attachments as an attack vector.”
Google Drive flaw may let attackers fool you into installing malware
“Google Drive may have a way for hackers to trick you into installing rogue code. System administrator A. Nikoci has told The Hacker News about a flaw in Drive’s “manage versions” feature that could let attackers swap a legitimate file with malware.”
Outlook “mail issues” phishing – don’t fall for this scam!
“Thanks to Michelle Farenci of the Sophos Security Team for her behind-the-scenes work on this article. Here’s a phish that our own security team received themselves.”