Stay in the loop with the recent email security update, providing insights on the newest phishing threats, email breaches, and beyond.
Innovative ‘Zero Font’ Scam Deceives Outlook with False ‘Antivirus Scans’
Threat actors are using zero-point fonts in emails to deceive Microsoft Outlook’s security tools.
The new method, known as ‘Zero Font’ phishing, was recently uncovered by ISC Sans analyst Jan Kopriva. The attackers exploit flaws in email security systems’ Artificial Intelligence (AI) and Natural Language Processing (NLP) mechanisms. By inserting hidden words or characters with a zero font size, the text remains invisible to human readers but is readable by NLP algorithms.
These concealed terms mix with visible content, confusing AI and security filters, and making spam filtering more challenging. In the recent case observed by Kopriva, malicious actors used ‘Zero Font’ to manipulate message previews in popular email clients like Outlook.
The email displayed a fake security scan message at the beginning of a phishing email. The deceptive tactic aims to trick recipients into believing the email is secure, increasing the likelihood of them engaging with malicious content. Users of other email clients should also exercise caution, as similar vulnerabilities might exist. Stay vigilant to avoid falling victim to this innovative phishing method.
Chinese Threat Actors Breach Microsoft: 60,000 Emails Stolen from the US State Department, Senate Staffer Discloses
According to Reuters, an unnamed US Senate staffer revealed that Chinese threat actors, who infiltrated Microsoft’s email system earlier this year, stole tens of thousands of emails from various State Department accounts.
During a State Department briefing, officials informed lawmakers that 60,000 emails were stolen from ten distinct State Department accounts, with the targets mainly being those who worked on East Asia and the Pacific. While the victims’ names were not disclosed, one was not associated with this region.
The breach, allegedly conducted by China, has strained US-China relations, with Beijing vehemently denying any involvement. The incident prompted Senator Eric Schmitt to call for heightened cybersecurity measures. Schmitt emphasized the necessity to reevaluate the government’s reliance on a single vendor, Microsoft, recognizing it as a potential vulnerability.
Image sourced from gitnux.com
Microsoft previously stated that the breach, affecting senior US officials like Commerce Secretary Gina Raimondo and US Ambassador to China Nicholas Burns, originated from compromising a Microsoft engineer’s corporate account by the malicious group Storm-0558.
AtlasCross Malicious Actors Exploit American Red Cross as Bait in Latest Phishing Scheme
AtlasCross, a recently surfaced malicious group, is posing as the American Red Cross to infiltrate organizations and distribute backdoor malware.
Cybersecurity enterprise NSFocus uncovered two previously unknown trojans, DangerAds and AtlasAgent, linked to this group’s attacks. Unlike known cyber attackers, AtlasCross demonstrates a unique approach, displaying advanced technical skills and meticulous movements, making them difficult to trace.
Their attacks initiate with phishing emails, purportedly from the American Red Cross, inviting recipients to join a “September 2023 Blood Drive.” The message contains a macro-enabled Word document as an attachment, which, when activated, deploys malicious macros infecting Windows devices with DangerAds and AtlasAgent malware.
DangerAds, acting as a loader, assesses the host environment, running specific shell codes based on predefined criteria. Subsequently, it launches AtlasAgent, a custom C++ trojan, enabling the extraction of crucial host and process details and facilitating remote command execution.
Despite NSFocus’s comprehensive report providing insight into AtlasCross, much about this group remains shrouded, allowing them to operate mysteriously.
Massive Online Data Leak: Billions of Passwords and Email Addresses Exposed – Secure Your Accounts Immediately
A staggering number of compromised user records, featuring combinations of usernames and passwords from past data breaches, were exposed on an online database.
Cybernews, citing CEO Bob Diachenko of SecurityDiscovery, reported that a digital risk protection enterprise named DarkBeam had been gathering credentials stolen in both reported and unreported data breaches to inform the affected users.
However, the database was shockingly easy to access due to an unprotected interface of Elasticsearch and Kibana, two specialized search and data exploration engines. Diachenko discovered a database housing over 3.8 billion records and promptly alerted DarkBeam, who swiftly secured the database.
It remains uncertain if any malicious actors accessed the data before the researchers. This repository, meticulously organized into 16 collections such as “email 0-9” and “email A-F,” contained nearly 240 million records each. Had adversaries gained access, it would have provided a goldmine for identity theft, phishing attacks, and other cybercrimes.
Such breaches typically stem from human errors. Fortunately, cybersecurity experts from Wiz discovered the oversight before any malicious exploitation could occur.