Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
Deceptive Microsoft Office Maneuver Unleashes NetSupport RAT in Latest Phishing Scheme

A recent phishing campaign targets U.S. organizations, aiming to deploy the NetSupport RAT, a remote access trojan. Tracked by Israeli cybersecurity firm Perception Point as Operation PhantomBlu, this campaign employs a sophisticated method by exploiting Microsoft Office's Object Linking and Embedding (OLE) template manipulation to execute malicious code, avoiding detection. NetSupport RAT, derived from the legitimate tool NetSupport Manager, enables threat actors to conduct various data-gathering actions on compromised devices.

The attack begins with a phishing email themed around salary reports, urging recipients to open a Microsoft Word document attached to the email. Analysis of email headers reveals the use of the legitimate email marketing platform Brevo (formerly Sendinblue). Upon opening the Word document and following instructions to view a salary graph, victims unwittingly download a ZIP archive containing a PowerShell dropper, ultimately retrieving and executing the NetSupport RAT binary from a remote server.

This new approach showcases the attackers' innovation in blending evasion tactics with social engineering, departing from conventional methods associated with NetSupport RAT deployments.

Simultaneously, threat actors are increasingly exploiting public cloud services like Dropbox and GitHub, alongside Web 3.0 platforms like Pinata, to create undetectable phishing URLs. These URLs, offered by underground vendors on Telegram, are secured behind antibot barriers to evade detection. Tools like HeartSender facilitate the distribution of these URLs at scale. Furthermore, attackers repurpose reputable infrastructure, such as Google Maps and Google Images, to host malicious URLs, making them less conspicuous and more likely to ensnare victims.


Source: https://thehackernews.com/2024/03/new-phishing-attack-uses-clever.html


Caitlin Joyce (CaitlinG) Galanza | News
Created: March 25 2024 | Updated: on 3/25/24
Comments


  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi