AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 05/26/2023

Microsoft 365 phishing attacks use encrypted RPMSG messages 

Attackers are now using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts to steal Microsoft credentials in targeted phishing attacks designed to evade detection by email security gateways. RPMSG files (also known as restricted permission message files) are encrypted email message attachments created using Microsoft’s Rights Management Services (RMS) and offer an extra layer of protection to sensitive info by restricting access to authorized recipients. Recipients who want to read them must authenticate using their Microsoft account or obtain a one-time passcode to decrypt the contents.  


BlackByte ransomware crew lists city of Augusta after cyber ‘incident’ 

BlackByte ransomware crew has claimed Augusta, Georgia, as its latest victim, following what the US city’s mayor has, so far, only called a cyber “incident.” In a Wednesday statement about the “network outage” posted on the city’s website, Augusta Mayor Garnett Johnson said the “technical difficulties” – which disrupted some of the city’s computer systems – started on Sunday, May 21. “We began an investigation and determined that we were the victim of unauthorized access to our system,” the statement read. “Our Information Technology Department is working diligently to investigate the incident, to confirm its impact on our systems, and to restore full functionality to our systems as soon as possible.” 


Zero-day exploited to breach Barracuda email gateways 

BleepingComputer reports that some Barracuda Email Security Gateway instances have been compromised in attacks exploiting a zero-day vulnerability, which has already been patched in security updates issued over the weekend. No other Barracuda products have been impacted by the security flaw, according to Barracuda Networks, which has already informed users whose appliances may have been breached. Organizations using Barracuda ESG have been urged to conduct a review of their environments to ensure the safety of other network devices. “If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take,” said Barracuda.  


Phishers use encrypted file attachments to steal Microsoft 365 account credentials 

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers Phil Hay and Rodel Mendrez. “The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar.” 


Captcha Is Asking Users to Identify Objects That Don’t Exist 

People trying to use Discord are being asked to identify an object that does not exist. The object in question is a “Yoko,” which appears to be a kind of mix between a snail and a yoyo. Multiple people have reported seeing a prompt to identify a Yoko when asked to solve a simple captcha prompt while trying to use Discord. The picture of the Yoko, as well as the other images in the captcha, appear generated by AI. Another user complained on Twitter that they’d failed to pass a captcha to log into Discord when it asked him to identify images of a puzzle cube. Again, the pictures appeared to be AI generated.  

Related Posts