Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
Follow Dark Reading:
 November 06, 2024
LATEST SECURITY NEWS & COMMENTARY
Docusign API Abused in Widescale, Novel Invoice Attack
Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
Attacker Hides Malicious Activity in Emulated Linux Environment
The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system.
Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America
Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain.
Schneider Electric Clawed by 'Hellcat' Ransomware Gang
The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up.
Canadian Authorities Arrest Attacker Who Stole Snowflake Data
The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself.
How to Win at Cyber by Influencing People
Zero trust is a mature approach that will improve your organization's security.
MORE NEWS / MORE COMMENTARY
DON'T MISS THIS UPCOMING EVENT
Know Your Enemy: Understanding Cybercriminals and Nation-State Actors
Nov. 14, 11:00 a.m. – 5:00 p.m. ET. Who are the cyberattackers behind current attack campaigns, and what is their endgame? How could their tactics and techniques be used against your organization? In this free virtual event, learn about the latest, most prolific threat actors and their methods, and how to protect your enterprise. Register now!
LISTEN TO OUR NEW PODCAST
Dark Reading Confidential: Quantum Has Landed, So Now What?
NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.
HOT TOPICS
Okta Fixes Auth Bypass Bug After 3-Month Lull
The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.

Can Automatic Updates for Critical Infrastructure Be Trusted?
The true measure of our cybersecurity prowess lies in our capacity to endure.

MORE
PRODUCTS & RELEASES
AU10TIX Q3 2024 Global Identity Fraud Report Detects Skyrocketing Social Media Attacks
SOFTSWISS Expands Bug Bounty Program
Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping
MORE PRODUCTS & RELEASES
EDITORS' CHOICE
On Election Day, Disinformation Worries Security Pros the Most
A Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate.
LATEST FROM THE EDGE

Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems
SANS recently published its 2024 State of ICS.OT Cybersecurity report, highlighting the skills of cyber professionals working in critical infrastructure, budget estimates, and emerging technologies. The report also looked at the most common types of attack vectors used against ICT/OT networks.
LATEST FROM DR TECHNOLOGY

Oh, the Humanity! How to Make Humans Part of Cybersecurity Design
Government and industry want to jump-start the conversation around "human-centric cybersecurity" to boost the usability and effectiveness of security products and services.
LATEST FROM DR GLOBAL

Iranian APT Group Targets IP Cameras, Extends Attacks Beyond Israel
The Iran-linked group Emennet Pasargad aims to undermine public confidence in Israel and Western nations by using hack-and-leak campaigns and disrupting government services, including elections.
WEBINARS
View More Dark Reading Webinars >>
WHITE PAPERS
View More White Papers >>
FEATURED REPORTS
View More Dark Reading Reports >>
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
To opt-out of any future Dark Reading Daily Newsletter emails, please respond here.
Thoughts about this newsletter? Give us feedback.
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list:
If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation.
We take your privacy very seriously. Please review our Privacy Statement.
© 2024  |  Informa Tech  |  Privacy Statement  |  Terms & Conditions  |  Contact Us