Hot Topics

USENIX Security ’23 - Token Spammers, Rug Pulls, and Sniper Bots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB)
USENIX Security ’23 - Token Spammers, Rug Pulls, and Sniper Bots: An Analysis of the Ecosystem of Tokens in Ethereum and in the Binance Smart Chain (BNB)
CoralRaider Group Delivers Three Infostealers via CDN Cache
Daniel Stori's ‘New Job’
DirectDefense Report Sees Shifts in Cyberattack Patterns

Home » Security Bloggers Network » Weekly Email Security News Recap #1 [September 2022]

Weekly Email Security News Recap #1 [September 2022]

by Knarik Petrosyan on September 12, 2022

September represents a change of season, with Fall officially starting. But in the cyberworld, things are always changing. Threats evolve, cybercriminals multiply, and new attacks are always on the horizon.

From a phishing toolkit for sale on the Dark Web to a serious Google Chrome vulnerability, here are some of September’s latest cybersecurity news headlines.

EvilProxy Phishing Toolkit For Sale on the Dark Web

As the cybersecurity company Resecurity states, a new Phishing-as-a-Service (PhaaS) named EvilProxy (or Moloch) was detected on the dark web for sale.

EvilProxy hackers use cookie injection methods and reverse proxy to bypass two-factor authentication while proxying a victim’s session. Methods like these have been previously used in targeted campaigns of advanced persistent threats and cyber-espionage groups.

Sponsorships Available

Resecurity acquired significant data about EvilProxy’s functions, modules, structure, and network infrastructure during its investigations.

Earlier cyberattacks using EvilProxy were initially identified as being related to attacks on Google and MSFT customers who have MFA enabled.

The phishing kit can deliver sophisticated phishing links, which could cause customer account compromises to Apple, Meta, Google, Microsoft, and Twitter users.

It’s likely EvilProxy hackers target software developers and IT engineers to hack downstream targets in the end.

In this way, cybercriminals make end users think they’re downloading software packages from secure resources but eventually get compromised.

Russian Yandex Taxi App Hacked byAnonymous and the IT Army of Ukraine

Yandex Taxi, owned by Russia’s leading IT company, Yandex and known as the Russian Google, recently suffered a cyberattack.

After breaching the Yandex Taxi app, hackers caused a massive traffic jam that lasted three hours in the Russian capital’s western area.

The incident happened when the attackers ordered all available taxis to a particular address, causing a massive traffic jam as dozens of Yandex drivers were stuck on their way to the same location.

All the cabs were directed to one of the main avenues in Moscow, Kutuzovsky Prospekt, known for the Stalinist-era building called ”Hotel Ukraina.’”

Yandex’s security team announced that it’d improve the algorithm to prevent such incidents in the future.

In an exclusive statement to Hackread.com, the IT Army of Ukraine confirmed that they were behind this attack.

Anonymous TV also tweeted that the Russian taxi service hack was by the Anonymous collective.

Google Chrome Zero-Day Flaw that Users Urged to Install

To finalize our email security news and cybersecurity news recap, let’s talk about the new security update that Google released for the Chrome browser on Windows, Mac, and Linux.

The update was to fix a newly discovered zero-day vulnerability actively used by cybercriminals, and users are urged to apply the update quickly.

The release updates Google Chrome to version 105.0.5195.102 and fixes (CVE-2022-307), an extreme security issue.

The security patch will be introduced to users over the coming days, and users are advised to apply the update when Chrome requests them to.

Specifics on the vulnerability are yet to be made public, likely to prevent threat actors from benefiting from it.

An unknown cybersecurity researcher who will receive a bug bounty presented the vulnerability anonymously to Google.

Google thanked all security researchers that worked with them during the development cycle to prevent security bugs.

Final Thoughts

One area that your business should be focused on is email security.

In 2021, over 319.6 billion emails were sent and received daily. While more and more emails are sent, there’s also an increase in cyberattacks.

That’s why investing in secure email services and cybersecurity training is crucial for your business.

Don’t waste your time, and secure your email today!

The post Weekly Email Security News Recap #1 [September 2022] appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Knarik Petrosyan. Read the original post at: https://easydmarc.com/blog/weekly-email-security-news-recap-1-september-2022/

September 12, 2022September 12, 2022 Knarik Petrosyan SBN News

Weekly Email Security News Recap #1 [September 2022]

EvilProxy Phishing Toolkit For Sale on the Dark Web

Russian Yandex Taxi App Hacked byAnonymous and the IT Army of Ukraine

Google Chrome Zero-Day Flaw that Users Urged to Install

Final Thoughts

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Daniel Stori’s ‘New Job’

Secure Guardrails Definition: