There is an ongoing phishing campaign that has started abusing legitimate services to bypass secure email gateways to send phishing emails disguised as notifications from video conferencing services, security solutions, or productivity tools. Scammers are using compromised SendGrid and MailGun email accounts to take advantage of their trusted domains. They’re also abusing Amazon Simple Email Service to send these phishing emails, while the URLs used in these scams are being generated on Appspot. Microsoft is advising organizations to review their mail flow rules to catch any broad exceptions that could let these phishing emails through.
Windows 10 vulnerability using SAM registry entries allows local elevation privileges
The FBI has issued a warning to companies about scammers impersonating construction companies to target critical US infrastructure sectors.