Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate.
| | | LATEST SECURITY NEWS & COMMENTARY | | Docusign API Abused in Widescale, Novel Invoice Attack Attackers are exploiting the "Envelopes: create API" of the enormously popular document-signing service to flood corporate inboxes with convincing phishing emails aimed at defrauding organizations. It's an unusual attack vector with a high success rate. Attacker Hides Malicious Activity in Emulated Linux Environment The CRON#TRAP campaign involves a novel technique for executing malicious commands on a compromised system. Android Botnet 'ToxicPanda' Bashes Banks Across Europe, Latin America Chinese-speaking adversaries are using a fresh Android banking Trojan to take over devices and initiate fraudulent money transfers from financial institutions across Latin America, Italy, Portugal, and Spain. Schneider Electric Clawed by 'Hellcat' Ransomware Gang The cybercriminal group holding the stolen information is demanding the vendor admit to the breach and pay up. Canadian Authorities Arrest Attacker Who Stole Snowflake Data The suspect, tracked as UNC5537, allegedly bragged about hacking several Snowflake victims on Telegram, drawing attention to himself. How to Win at Cyber by Influencing People Zero trust is a mature approach that will improve your organization's security. MORE NEWS / MORE COMMENTARY | | | | | DON'T MISS THIS UPCOMING EVENT | Know Your Enemy: Understanding Cybercriminals and Nation-State ActorsNov. 14, 11:00 a.m. – 5:00 p.m. ET. Who are the cyberattackers behind current attack campaigns, and what is their endgame? How could their tactics and techniques be used against your organization? In this free virtual event, learn about the latest, most prolific threat actors and their methods, and how to protect your enterprise. Register now!LISTEN TO OUR NEW PODCAST Dark Reading Confidential: Quantum Has Landed, So Now What? NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.HOT TOPICS Okta Fixes Auth Bypass Bug After 3-Month Lull
The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.
Can Automatic Updates for Critical Infrastructure Be Trusted?
The true measure of our cybersecurity prowess lies in our capacity to endure.
MORE |
| | | | PRODUCTS & RELEASES | | AU10TIX Q3 2024 Global Identity Fraud Report Detects Skyrocketing Social Media Attacks SOFTSWISS Expands Bug Bounty Program Norton Report Reveals Nearly Half of US Consumers Were Targeted by a Scam While Online Shopping MORE PRODUCTS & RELEASES |
|
Dark Reading Daily
-- Published By Dark Reading
Informa Tech Holdings LLC | Registered in the United States
with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA
| | To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. | | Thoughts about this newsletter? Give us feedback. |
Keep This Newsletter Out Of Your SPAM Folder
Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: | | If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. | | We take your privacy very seriously. Please review our Privacy Statement. |
|
| |
