Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws
New ransomware now being deployed in Log4Shell attacks
Microsoft fixes Windows AppX Installer zero-day used by Emotet
Log4j vulnerability now used by state-backed hackers, access brokers
Log4j attackers switch to injecting Monero miners via RMI
Facebook disrupts operations of seven surveillance-for-hire firms
McMenamins breweries hit by a Conti ransomware attack
Cloudflare is experiencing widespread latency and timeouts
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Google Calendar now lets you block invitation phishing attempts
Google now makes it easy to block unwanted calendar invitations, commonly used by threat actors in phishing and malicious campaigns, from being added to your Google Calendar.
This was achieved by improving the “Automatically add invitations” setting which now allows you to choose between having invitations automatically added to your calendar or only having them added if you have responded (RSVP’d) to the email event invitation.
“These additional controls can help you manage your calendar with less manual work by ensuring unwanted events don’t appear, and you see only the events that are important to you,” Google explained.
“This feature will be OFF by default and can be turned on by the user by going to Open Google Calendar > Go to settings > Scroll to event settings > Add invitations to my calendar.”
The new feature started gradually rolling out at a Rapid Release pace to Google Workspace customers, G Suite Basic and Business customers, and users with personal Google Accounts.
As we previously reported more than two years ago, Google has been working on a solution to block spammers from automatically spamming Google Calendar users with malicious invitations.
While, for many, this seemed to be an innocuous problem at first, some of these spam events were redirecting potential victims to phishing landing pages via malicious URLs, according to user reports.
The end goal of these attacks is to harvest the targets’ credentials or infect them with malware via malicious sites.
At the time, the company said it was “aware of the spam occurring in Calendar” and was “working diligently to resolve this issue,” while sharing info on how to report and remove spam calendar invitations.
Given that Google Calendar is available on all desktop platforms as a web app and for mobile platforms via Android and iOS mobile apps, the spammers can potentially reach an enormous number of potential victims.
To have an idea of the scale, the Google Calendar Android app alone has been downloaded 1,000,000,000 times, according to its Play Store entry.
Microsoft, Google OAuth flaws can be abused in phishing attacks
Google, Apple fined by Italian authority for aggressive data collection
Windows 10 App Installer abused in BazarLoader malware attacks
Phishing emails deliver spooky zombie-themed MirCop ransomware
Emotet starts dropping Cobalt Strike again for faster attacks
Not a member yet? Register Now
Log4j: List of vulnerable products and vendor advisories
Hackers steal Microsoft Exchange credentials using IIS module
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

7 million Robinhood user email addresses for sale on hacker forum

New Microsoft emergency updates fix Windows Server auth issues7 million Robinhood user…

CISA releases cybersecurity response plans for federal agencies

Windows 10 21H2 is released, here are the new featuresNew Rowhammer technique…

Google will kill Chrome sync support on Chrome 48 and earlier

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…

Microsoft starts rolling out redesigned Notepad for Windows 11

Microsoft offers 50% subscription discounts to Office piratesRussian hacking group uses new…