At a glance.
- Phishing campaign impersonates DHL.
- Norton LifeLock advises customers that their accounts may have been compromised.
- Trends in data protection.
- Orca describes, and Microsoft fixes, four Azure SSRF issues.
- Veracode's report on the state of software application security.
- Conscription and mobilization provide criminals with phishbait for Russian victims.
- Ukraine calls for a "digital United Nations."
Phishing campaign impersonates DHL.
Armorblox describes a phishing campaign that’s using phony shipping invoices that purport to come from DHL. The campaign targeted an organization in the education sector with more than 100,000 emails: The phish hook in the email is contained in an Excel document which, when opened, will display a blurred out preview of an invoice. The user will be asked to enter their Microsoft account login credentials in order to view the invoice. The researchers note that the emails were able to bypass email security filters since they didn’t contain any malicious links. For more on the credential phishing campaign, see CyberWire Pro.