Blueliv Intelligence Briefing

Your cybersecurity news summary

Monday,   September 7th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Phishing adds overlay screens on legitimate sites to steal credentials

A phishing campaign deployed recently at various businesses uses the company's home page to disguise the attack and trick potential victims into providing login credentials. This is a new tactic, researchers say, that loads the legitimate page of the business and applies a fake login box on top of it. The attack starts with an email purporting to be from the company technical support team informing that some messages were blocked from reaching the inbox because they were quarantined. To create a sense of urgency, the message from the attacker states that the emails are scheduled for deletion unless the recipient reviews them and takes action to recover them. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Monday,   August 24th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Phishing campaing of Grandoreiro banking trojan impersonating Spain’s Agencia Tributaria

The campaign began on August 11th, 2020, when many many Spanish people receiving messages claiming to be from the Agencia Tributaria. The emails attempted to trick users into believing they were a communication from the tax agency, the messages used sender info like “Servicio de Administración Tributaria” and come from the email address contato@acessofinanceiro[.]com. The message includes a link that points to a ZIP archive that claims to contain a digital tax receipt and inform the users that they have to fill a document to be submitted to the Agencia Tributaria along with a fee to pay. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Wednesday,   August 19th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Small Business Owners in the US Hit with Phishing Campaign Impersonating SBA Officials

The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for malicious re-directs and credential stealing. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Monday,   August 17th,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

SANS shares the Indicators of Compromise for phishing attack that led to data breach

Some of the forwarded emails contained a total of approximately 28,000 records of personal information (PII) for SANS members. When disclosing the attack, SANS stated that they would release information that they discover about the attack to benefit the cybersecurity community. Yesterday, SANS released the indicators of compromise (IOCs) for their phishing attack so that other organizations can make sure they were not affected. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Wednesday,   July 22nd,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

Phishing campaing uses Google Cloud Services to steal credentials

Researchers describe in a report that the attackers relied on Google Drive to host a malicious PDF document and Google’s “storage.googleapis[.]com” to host the phishing page. The spotted PDF was made to look like a gateway to content available through SharePoint web-based collaborative platform. Once the potential victim takes the bait and follows the Access Document link, the phishing page hosted in Google Cloud Platform loads asking to log in using Office 365 credentials or an organization’s ID. Learn more >

Blueliv Intelligence Briefing

Your cybersecurity news summary

Tuesday,   July 21st,   2020

Welcome to today’s intelligence briefing, covering noteworthy items on the cybersecurity news agenda.

Find these stories on the Blueliv Threat Exchange Network, a global community of thousands of cybersecurity experts, IT professionals and academics. Membership is free.

Read the latest research blogs from the Blueliv Labs team.

New phishing campaing to steal login credentials from cloud services

The email imitates a “quarantined mail” notification frequently sent out in workplaces by email security products and spam filters, asking the user to “release” messages stuck in the queue. The “From:” (envelope) address in the email is listed as “noreply@servicedesk.com,” and while sender domains can easily be spoofed, the mail headers for this phishing campaign show that the email was sent through this domain. Learn more >