Phishing attack adds pressure with countdown clock

Plus, two high-severity patches are released and privacy advocates warn about the ADPPA.

A new phishing attack tries to panic users into entering their company email login credentials by displaying a countdown clock that supposedly shows how much time remains before their account is deleted. When the time runs out, nothing actually happens, but the attackers hope the ruse, taken straight from the ransomware handbook, will pressure victims into acting without thinking. The attack begins with a message falsely telling the user that access to their account had been attempted from a location not used before. The message includes a malicious link the user is told to click to “verify their email.” Read more details about the attack at ZDNet

“Fearmongering has always been a central theme in phishing schemes,” commented Avast Security Evangelist Luis Corrons. “I am afraid this countdown may effectively increase the number of victims. That rush to make a decision could cause us to make a fatal mistake. However, phishing messages always follow the same structure – urging users to take action to prevent something awful (account suspended, etc.) from happening. We can use this to identify them. In case of any doubt, go to the site in question without clicking on any link. You'll find out if there is a real problem or if it’s just another phishing attack.”

Atlassian patches high-severity bugs in Jira

Collaboration software company Atlassian has patched its Jira Server and Data Center products against exploitable, high-severity bugs in the products’ email templates. Left unpatched, attackers with system administration permissions could remotely execute arbitrary code via Template Injection to remote code execution in the Email Templates feature. The patched versions of the products are Jira Server and Data Center 8.13.19, 8.20.7, 8.22.1, and 9.0.0. For more, see ITNews

VMware ships urgent patch

Visualization tech company VMware shipped a high-priority patch this week to address an authentication bypass vulnerability in its Workspace ONE Access, Identity Manager, and vRealize Automation products. In an advisory, the company informed customers that the vulnerability carries the highest severity rating and should be remediated without delay. Otherwise, “a malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate,” the company warned. See SecurityWeek to learn more.

U.S. privacy bill strips FCC of telecom oversight

The American Data Privacy Protection Act (ADPPA), currently being considered by Congress, includes the stipulation that the Federal Communications Commission (FCC) would no longer have the authority to enforce privacy regulations for common telecom carriers such as AT&T and Verizon, worrying privacy advocates that those companies will then have free rein to mishandle consumer data. Under the ADPPA, privacy enforcement falls to the Federal Trade Commission (FTC), but critics argue that the bill does not set up the FTC to have the same powers and jurisdiction the FCC had. For more on this story, see Cyberscoop

Office macro-related attacks are down 66%

Researchers have seen a 66% decline in the use of macro-enabled attachments by threat actors ever since Microsoft made the move to turn off macros by default in October 2021. By the same token, researchers have noted a 1,600% increase in attacks using tactics other than malicious macros. Experts warn that container file formats, such as LNK files, can bypass Microsoft’s macro-blocking protections and facilitate the distribution of malicious executables. For more on this major shift in the email threat landscape, see CSO

This week’s must-read on the Avast blog 

The online world has made it possible for more people to express their opinions and have them be heard, but it also opens up a whole new world of cyberbullying. 

--> -->