When Your Calendar Becomes the Compromise


It starts innocently enough. A new meeting appears in your Google calendar and the subject seems ordinary, perhaps even urgent: “Security Update Briefing,” “Your Account Verification Meeting,” or “Important Notice Regarding Benefits.” You assume you missed this invitation in your overloaded email inbox, and click “Yes” to accept.

Unfortunately, calendar invites have become an overlooked delivery mechanism for social engineering and phishing campaigns. Attackers are increasingly abusing the .ics file format, a universally trusted, text-based standard to embed malicious links, redirect victims to fake meeting pages, or seed events directly into users’ calendars without interaction.

Read more…
Source: Rapid7


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Spectre vulnerabilities cannot be mitigated by software alone

    February 19, 2019

    A team of Google researchers has demonstrated the Spectre vulnerabilities present in many of today’s processors cannot be completely mitigated by applying software fixes, as has been assumed. Variants of the Spectre flaw discovered last year, which involves information leaking via ‘speculative execution’ or functions performed early to speed up computation, are not just software glitches ...

  • APT Adversaries Up the Ante on Speed, Target Telecom

    February 19, 2019

    Despite law-enforcement wins in the form of several high-profile arrests and indictments during 2018, nation-state adversaries have upped their games when it comes to speed. That’s according to CrowdStrike’s 2019 Global Threat Report, which found that when analyzing how long it takes to go from initial compromise to the attacker’s first lateral movement within the network, Russian-speaking APTs (such ...

  • North Korea Turns Against New Targets?!

    February 19, 2019

    Over the past few weeks, we have been monitoring suspicious activity directed against Russian-based companies that exposed a predator-prey relationship that we had not seen before. For the first time we were observing what seemed to be a coordinated North Korean attack against Russian entities. While attributing attacks to a certain threat group or another is ...

  • Hackers Use Compromised Banks as Starting Points for Phishing Attacks

    February 19, 2019

    Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber attacks describes a so called cross-border domino-effect that can lead to spreading an infection beyond the initial ...

  • When Cyberattacks Pack a Physical Punch

    February 18, 2019

    Physical security goes hand in hand with cyberdefense. What happens when – as we see all too often – the physical side is overlooked? More than one in 10 data breaches now involve “physical actions,” according to a recent report. These include leveraging physical  devices to aid an attack, but also hacks that involve breaking into hardware ...

  • Cisco’s warning: Patch this default Network Assurance Engine password bug

    February 13, 2019

    Cisco is urging customers to install an update that fixes a high-severity issue affecting its Network Assurance Engine (NAE) for managing data-center networks. The bug, tracked as CVE-2019-1688, could allow an attacker to use a flaw in the password-management system of NAE to knock out an NAE server and cause a denial of service. NAE is an ...