Phishing
June 9, 2025
Over 20 Malicious Apps on Google Play Target Users for Seed Phrases Full Text
Abstract
A coordinated phishing campaign has been discovered on the Google Play Store, involving over 20 malicious Android applications impersonating popular cryptocurrency wallets. These apps are designed to steal users’ 12-word mnemonic phrases.HackRead
June 9, 2025
Malware found in NPM packages with 1 million weekly downloads Full Text
Abstract
A major supply chain attack has compromised 16 popular Gluestack 'react-native-aria' packages on NPM, affecting nearly 960,000 weekly downloads. The attack involves the injection of obfuscated remote access trojan (RAT) code.Bleeping Computer
June 5, 2025
Rhadamanthys Infostealer Delivered via Copyright-Themed Phishing Campaign Targeting Europe Full Text
Abstract
Since April 2025, the campaign has been opportunistically targeting entities in Albania, Austria, Bulgaria, Germany, Greece, Hungary, Ireland, Israel, Italy, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and the United Kingdom.KnowBe4
June 5, 2025
Hive0131 Targets Colombian Users with DCRat Banking Trojan via Phishing Campaigns Full Text
Abstract
A financially motivated threat group, Hive0131, has launched a targeted phishing campaign in Colombia, impersonating the Judiciary of Colombia to distribute the DCRat banking trojan.GBHackers
June 5, 2025
Malicious GitHub Repositories Impersonate Malware Tools and Game Cheats to Distribute Backdoors Full Text
Abstract
Cybersecurity researchers have uncovered a widespread campaign involving over 130 malicious GitHub repositories created by a threat actor using the alias "ischhfd83." These repositories impersonated malware tools and game cheats to lure users.Infosecurity Magazine
June 3, 2025
Fake Docusign Pages Deliver Multi-Stage NetSupport RAT Malware Full Text
Abstract
A sophisticated malware campaign has been uncovered that leverages spoofed DocuSign CAPTCHA verification pages to deliver the NetSupport RAT. It employs clipboard poisoning to trick users into executing malicious PowerShell scripts.Infosecurity Magazine
May 30, 2025
Nifty.com Used as Phishing Infrastructure: How Raven Detected Abuse of Trusted Infrastructure Full Text
Abstract
A sophisticated phishing campaign has been uncovered leveraging the legitimate infrastructure of Japanese ISP Nifty[.]com. This multi-wave operation bypassed traditional email defenses by exploiting trusted domains and authentication protocols.Raven Mail
May 28, 2025
Phishing Campaign Spoofs Coursera to Steal Facebook Credentials via Fake Meta Certificate Offer Full Text
Abstract
A sophisticated phishing campaign has been uncovered that impersonates Coursera and offers a free Meta Social Media Marketing certificate to lure victims into a multi-stage phishing trap.Cofense
May 28, 2025
Crooks use a fake antivirus site to spread Venom RAT and a mix of malware Full Text
Abstract
A malicious campaign is distributing Venom RAT via a fake Bitdefender website (bitdefender-download[.]com), tricking users into downloading malware disguised as antivirus software.Security Affairs
May 26, 2025
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware Full Text
Abstract
Fake Zenmap and WinMRT websites are targeting IT staff with malware through SEO poisoning campaigns. These sites distribute trojanized installers for popular tools like Zenmap and WinMTR.Bleeping Computer
May 26, 2025
Fake Google Meet Page Tricks Users into Running PowerShell Malware Full Text
Abstract
A fake Google Meet page was discovered, designed to trick users into running a malicious PowerShell command under the guise of fixing a "Microphone Permission Denied" error.Sucuri
May 23, 2025
Hackers use fake Ledger apps to steal Mac users’ seed phrases Full Text
Abstract
A series of sophisticated phishing campaigns are targeting macOS users by distributing fake Ledger Live applications designed to steal 24-word seed phrases used to access cryptocurrency wallets.Bleeping Computer
May 23, 2025
Cybercriminals Using Trusted Google Domains to Spread Malicious Code Full Text
Abstract
A new malvertising campaign is leveraging trusted Google domains and outdated JSONP API calls to inject malicious scripts into legitimate e-commerce websites. These scripts redirect users to phishing pages that mimic payment portals.GBHackers
May 22, 2025
TAG-110 Targets Tajikistan: New Macro Word Documents Phishing Tactics Full Text
Abstract
A Russia-aligned threat actor, TAG-110—linked to APT28 and UAC-0063—has launched a phishing campaign targeting Tajikistan’s government, academic, and research institutions.Recorded Future
May 22, 2025
Fake CAPTCHA Attacks Deploy Infostealers and RATs in a Multistage Payload Chain Full Text
Abstract
A recent wave of phishing campaigns is exploiting fake CAPTCHA pages to trick users into executing malicious commands via the Windows Run dialog. These attacks deliver multistage payloads using obfuscated JavaScript embedded in MP3 or PDF files.Trend Micro
May 22, 2025
Another Fake Cloudflare Verification Targets WordPress Sites Full Text
Abstract
A new malware campaign is targeting WordPress sites by impersonating a Cloudflare verification page. This multistage infection uses social engineering and obfuscated PowerShell commands to deliver a malicious Windows executableSucuri
May 19, 2025
Dark Web Profile: Silent Ransom Group (LeakedData) - SOCRadar® Cyber Intelligence Inc. Full Text
Abstract
SRG employs highly tailored phishing campaigns, including callback phishing and impersonation of well-known brands like Duolingo and Masterclass. Victims are lured into calling fake support numbers and are socially engineered.Socradar
May 15, 2025
CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users Full Text
Abstract
A sophisticated phishing campaign dubbed Meta Mirage has been uncovered, targeting users of Meta's Business Suite. This campaign specifically focuses on hijacking high-value accounts.The Hacker News
May 14, 2025
GovDelivery, an email alert system used by governments, abused to send scam messages Full Text
Abstract
A phishing campaign exploited the U.S. government’s GovDelivery email system to send scam messages impersonating official toll collection notices. The emails were sent from an official Indiana government email address.Tech Crunch
May 14, 2025
Telegram Bots Used for Real-Time Credential Exfiltration in Cross-Platform Phishing Campaign Full Text
Abstract
Based on our technical analysis of the campaign, researchers believe it is sold as part of a phishing-as-a-service kit that enables different threat actors to leverage the same infrastructure.KnowBe4
May 13, 2025
Horabot Unleashed: A Stealthy Phishing Threat Full Text
Abstract
A new phishing campaign leveraging the Horabot malware has been observed targeting Spanish-speaking users in Latin America. Delivered via malicious HTML attachments in phishing emails, Horabot enables lateral propagation through Outlook.Fortinet
May 10, 2025
Hackers Weaponizing PDF Invoices to Attack Windows, Linux & macOS Systems Full Text
Abstract
A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails.Cybersecurity News
May 7, 2025
Using Blob URLs to Bypass SEGs and Evade Analysis Full Text
Abstract
Threat actors are increasingly leveraging blob URIs (Uniform Resource Identifiers) to deliver credential phishing pages that bypass Secure Email Gateways (SEGs) and evade automated analysis.Cofense
May 6, 2025
CoGUI Phish Kit Targets Japan with Millions of Messages Full Text
Abstract
Proofpoint has observed a notable increase in high-volume Japanese language campaigns targeting organizations in Japan to deliver a phishing kit named CoGUI. Most of the campaigns abuse Amazon, PayPay, Rakuten, and others.Proof Point
May 6, 2025
Smishing on a Massive Scale: “Panda Shop” Chinese Carding Syndicate Full Text
Abstract
A new smishing kit named "Panda Shop" has emerged, linked to Chinese cybercriminals and believed to be a rebranded evolution of the Smishing Triad. This kit enables large-scale phishing campaigns targeting global consumers and financial institutions.Resecurity
May 5, 2025
Venom Spider Evolves: Arctic Wolf Exposes More_eggs Campaign Targeting HR Full Text
Abstract
Venom Spider continues to use job seekers as a lure targeting HR departments and corporate recruiters in its phishing. The group spreads its infamous More_eggs backdoor with new levels of stealth and obfuscation.Security Online
May 2, 2025
200+ Fake Retail Sites Used in New Wave of Subscription Scams Full Text
Abstract
Bitdefender discovered over 200 incredibly realistic websites offering a wide range of products, including shoes, clothing, and electronics. Customers are tricked into providing credit card information and agreeing to monthly subscriptions.HackRead
May 2, 2025
Mystery Box Scams Deployed to Steal Credit Card Data Full Text
Abstract
Cybercriminals are deploying highly sophisticated subscription scams, including deceptive “mystery box” offers, to harvest credit card data and commit financial fraud. These scams are spreading across social media platforms, particularly Facebook.Infosecurity Magazine
April 29, 2025
Uyghur Diaspora Group Targeted with Remote Surveillance Malware Full Text
Abstract
A targeted spear phishing campaign has been uncovered against senior members of the World Uyghur Congress (WUC), aiming to deploy surveillance malware. The malware was delivered through a trojanized version of UyghurEditPP.InfoSecurity Magazine
April 24, 2025
Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals Full Text
Abstract
The Darcula phishing-as-a-service (PhaaS) platform has introduced generative AI (GenAI) capabilities, significantly enhancing its accessibility and effectiveness for cybercriminals.The Hacker News
April 22, 2025
Report: Microsoft Remains the Most Targeted Brand for Phishing Attacks in Q1 2025, Mastercard Makes a Comeback Full Text
Abstract
In Q1 2025, Microsoft maintained its position as the most targeted brand, accounting for 36% of all phishing attempts. Google surged to second place with 12%, while Apple remained in the top 3 with 8%.CXO Today
April 21, 2025
Cybercriminals Exploit Google OAuth Loophole to Evade Gmail Security Full Text
Abstract
A sophisticated phishing attack exploiting a loophole in Google’s OAuth infrastructure has surfaced, raising significant concerns about the security of Gmail users worldwide.GBHackers
April 19, 2025
UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants Full Text
Abstract
A spear-phishing campaign attributed to Russian-speaking threat actors targeted the UK Ministry of Defence (MOD) in late 2024. The attackers deployed a RomCom malware variant known as Damascened Peacock.Talos Intelligence
April 18, 2025
Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States Full Text
Abstract
A widespread and ongoing SMS phishing (smishing) campaign has been targeting toll road users across eight U.S. states since mid-October 2024. The campaign impersonates electronic toll systems.The Hacker News
April 16, 2025
North Korean Hackers Targeted Nearly 18,000 in Phishing Campaign During Martial Law Turmoil Full Text
Abstract
North Korean hackers sent more than 120,000 phishing emails to nearly 18,000 individuals over a three-month campaign that impersonated South Korea’s Military Counterintelligence Command’s communication during the Martial Law turmoil.The Cyber Express
April 16, 2025
Byte Bandits: How Fake PDF Converters Are Stealing More Than Just Your Documents Full Text
Abstract
A phishing campaign where threat actors mimicked the legit pdfcandy[.]com site to distribute malware. Users were tricked into running a PowerShell command, triggering the download of a ZIP payload containing ArechClient2.CloudSek
April 15, 2025
China-based SMS Phishing Triad Pivots to Banks – Krebs on Security Full Text
Abstract
China-based SMS phishing group “Smishing Triad” is now converting stolen payment card data into Apple and Google mobile wallets. Previously, they impersonated toll road and shipping firms.Kreb On Security
April 10, 2025
Sapphire Werewolf Upgrades Arsenal With Amethyst Stealer Targeting Energy Firms Full Text
Abstract
Sapphire Werewolf has introduced a potent new weapon into its cyber arsenal, unveiling the latest iteration of the Amethyst stealer in a calculated phishing attack against an energy firm.GBHackers
April 7, 2025
New Evasive Campaign Uses Fake CAPTCHAs to Deliver LegionLoader Full Text
Abstract
In this newly discovered campaign, the attackers use fake CAPTCHAs and CloudFlare Turnstile as part of their strategy to deliver the LegionLoader payload. The initial infection starts with a drive-by download when a victim searches for a document.Security Online
April 7, 2025
E-ZPass toll payment texts return in massive phishing wave Full Text
Abstract
The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information.Bleeping Computer
April 5, 2025
Threat Actors Leverage Tax Season To Deploy Tax-Themed Phishing Campaigns Full Text
Abstract
These campaigns lead to phishing pages delivered via the RaccoonO365 phishing-as-a-service (PhaaS) platform, remote access trojans (RATs) like Remcos, and other malware like Latrodectus, BruteRatel C4 (BRc4), AHKBot, and GuLoader.Microsoft
April 4, 2025
Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware Full Text
Abstract
These campaigns notably use redirection methods such as URL shorteners and QR codes contained in malicious attachments and abuse legitimate services like file-hosting services and business profile pages to avoid detection.The Hacker News
March 31, 2025
Lucid: The Rising Threat of Phishing-as-a-Service Full Text
Abstract
The end-to-end encryption in RCS and iMessage creates a blind spot, making network-level filtering ineffective. Threat actors also leverage visual trust indicators, such as blue bubbles in iMessage, to create a perception of legitimacy.Security Online
March 28, 2025
Classiscam Scams Surge in Central Asia, Leveraging Telegram Bots Full Text
Abstract
These scams, which have evolved from simple fake ads to sophisticated operations using Telegram bots, are targeting online marketplaces and deceiving users into divulging their financial information.Security Online
March 25, 2025
Phishing Emails Distribute GuLoader by Impersonating an International Shipping Company Full Text
Abstract
The emails demand users open attachments that combine VBScript with PowerShell scripts, downloading files from external sources like planachiever.au and tripplebanks.duckdns.org.AhnLab
March 24, 2025
Fake Chat Used in Meta Business Account Phishing Full Text
Abstract
This phishing email warns recipients that their ad accounts have violated EU GDPR or Meta’s ad policies. They are encouraged to click a “Check More Details” button, which leads to a fake Meta page with a support chatbot.Security Online
March 22, 2025
Fake Semrush Ads Used to Steal SEO Professionals’ Google Accounts Full Text
Abstract
In this latest case of "cascading fraud," the cybercriminals abuse the Semrush brand, a popular software-as-a-service (SaaS) platform used for SEO, online advertising, content marketing, and competitive research.Bleeping Computer
March 20, 2025
Malware Campaign ‘DollyWay’ Targeted 20,000 WordPress Sites Full Text
Abstract
According to GoDaddy researcher Denis Sinegubko, DollyWay has been functioning as a large-scale scam redirection system in its latest version (v3). However, in the past, it has distributed more harmful payloads like ransomware and banking trojans.Bleeping Computer
March 18, 2025
Large-Scale Malicious App Campaign Bypasses Android Security to Conduct Ad Fraud Full Text
Abstract
A large-scale ad fraud campaign has resulted in more than 60 million downloads of malicious Android apps from the Google Play Store, according to a new analysis by Bitdefender.Infosecurity Magazine
March 18, 2025
New Steganographic Campaign Found Distributing Multiple Malware Variants Full Text
Abstract
The campaign was found distributing Remcos and AsyncRAT via phishing emails with malicious Excel files. These exploit vulnerabilities, download disguised JPGs with encoded payloads, and use process hollowing to steal data and maintain control.Seqrite
March 18, 2025
Sophisticated Phishing Campaign Exploiting Microsoft 365 Infrastructure Full Text
Abstract
By leveraging legitimate Microsoft domains and tenant misconfigurations, attackers conduct Business Email Compromise (BEC) operations, tricking users to provide information while maintaining a high degree of legitimacy.Quardz
March 18, 2025
OctoV2 Android Banking Trojan Masquerades as Deepseek AI in Phishing Attack Full Text
Abstract
A new report from K7 Labs uncovered a sophisticated Android banking trojan campaign that is disguised as a popular AI chatbot to deceive users. The OctoV2 malware is being spread through deceptive websites that mimic Deepseek AI.Security Online
March 15, 2025
Coinbase Phishing Email Tricks Users With Fake Wallet Migration Full Text
Abstract
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers.Bleeping Computer
March 13, 2025
AI-Assisted Fake GitHub Repositories Fuel SmartLoader and Lumma Stealer Distribution Full Text
Abstract
Trend Research uncovered a campaign that uses fake GitHub repositories to distribute SmartLoader, which is then used to deliver Lumma Stealer and other malicious payloads.Trend Micro
March 12, 2025
Microsoft Copilot Spoofing Emerges as a New Phishing Vector Full Text
Abstract
A new phishing campaign exploited Microsoft Copilot's novelty by sending emails with spoofed invoices. These emails direct users to fake login pages that capture credentials, enhanced by Microsoft branding and a counterfeit MFA page.Cofense
March 10, 2025
Large-Scale Fraud Operation “PrintSteal” Generates Fake KYC Documents Through Spoofed Sites Full Text
Abstract
Operating under a network of impersonating websites, the scheme has exploited Common Service Centre (CSC) platforms to produce and distribute fake Aadhaar cards, birth certificates, PAN cards, and other identity documents.Security Online
March 10, 2025
US cities warn of wave of unpaid parking phishing texts Full Text
Abstract
US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.Bleeping Computer
March 8, 2025
Microsoft Says Malvertising Campaign Impacted One Million PCs Full Text
Abstract
After analyzing the campaign, Microsoft discovered that the attackers injected ads into videos on illegal pirated streaming websites that redirect potential victims to malicious GitHub repositories under their control.Bleeping Computer
March 6, 2025
YouTube Warns of AI-Generated Video of its CEO Used in Phishing Attacks Full Text
Abstract
YouTube warned of an AI-generated video of the company's CEO used in phishing attacks to steal creators' credentials. The scammers share it as a private video with targeted users via emails claiming a change in YouTube's monetization policy.Bleeping Computer
March 5, 2025
Dark Caracal Threat Group Likely Refreshed its Malware Arsenal in Recent Campaign Full Text
Abstract
In the latest Poco RAT campaign, the hackers used phishing emails to impersonate financial institutions and business service providers. Victims received emails warning them of overdue invoices, with attachments disguised as official documents.The Record
March 1, 2025
New PayPal Scam Tricks Users with Convincing Ads and Pages Full Text
Abstract
The scammers create ads that impersonate PayPal, often using hacked advertiser accounts. They exploit PayPal’s “no-code checkout” feature, designed for merchants to accept payments online or in person without needing a developer or coding knowledge.Security Online
February 24, 2025
Fake CS2 Tournament Streams Used to Steal Crypto, Steam Accounts Full Text
Abstract
Threat actors are exploiting major Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud gamers and steal their Steam accounts and cryptocurrency.Bleeping Computer
February 22, 2025
Amazon Prime Phishing Scam Steals Login, Payment Info Full Text
Abstract
The Cofense Phishing Defense Center (PDC) has identified a new phishing campaign that specifically targets Amazon Prime users, attempting to steal login credentials, security answers, and payment details.Security Online
February 21, 2025
The Bleeding Edge of Phishing: darcula-suite 3.0 Enables DIY Phishing of Any Brand Full Text
Abstract
A new version of the phishing-as-a-service (PhaaS) platform "Darcula" is launching, with a feature that allows anyone to spoof any brand online, with no technical skill required.NetCraft
February 18, 2025
Black-Hat SEO Campaign Lures Indian Users Into Visiting Potential Phishing Schemes Full Text
Abstract
In a recent development, analysts at CloudSEK have discovered the much maligned use of black hat Search Engine Poisoning by threat actors, to push Rummy and Investment focused websites to unsuspecting users.Cloudsek
February 17, 2025
OAuth Phishing Alert: Fake ‘Adobe Drive X’ App Abusing Microsoft Login Full Text
Abstract
Threat actors have taken phishing to the next level by weaponizing custom Microsoft 365 applications to request sensitive information from users. User is taken to a legitimate Microsoft authentication page, making the phishing attack more convincing.Confense
February 17, 2025
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication Full Text
Abstract
Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing.Volexity
February 15, 2025
Russian-Linked Hackers Found Using ‘Device Code Phishing’ to Hijack Accounts Full Text
Abstract
The Storm-2372 actors use a phishing technique called 'device code phishing.' Users are lured to log in to productivity apps while the actors capture the information from the authentication codes to hijack their accounts.The Hacker News
February 14, 2025
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners Full Text
Abstract
A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud.The Hacker News
February 13, 2025
North Korean Hackers Dupe Targets Into Typing Powershell Commands as Admin Full Text
Abstract
North Korean state actor ‘Kimsuky’ (aka ‘Emerald Sleet’ or ‘Velvet Chollima’) has been observed using a new tactic involving deceptive error messages or prompts that direct victims to execute malicious code themselves, often via PowerShell commands.Bleeping Computer
February 12, 2025
University Site Cloned to Evade Ad Detection and Distribute Fake Cisco AnyConnect Installer Full Text
Abstract
The attackers are using a clever technique to evade detection by security systems. They have cloned the website of a German university that uses Cisco AnyConnect and are using it as a “white page” to fool ad detection systems.MalwareBytes
February 11, 2025
Scammers Use Fake Facebook Copyright Notices to Hijack Accounts Full Text
Abstract
This campaign, which began around December 20th, 2024, primarily focuses on companies within the EU, the US, and Australia. Still, some instances have also been detected in Chinese and Arabic languages, indicating a global reach.HackRead
February 10, 2025
Scalable Vector Graphics Files Pose a Novel Phishing Threat Full Text
Abstract
Attackers have been observed using the graphics file format scalable vector graphics (SVG) for this purpose. SVGs contain Extensible Markup Language (XML)-like text instructions to draw resizable, vector-based images on a computer.Sophos
February 8, 2025
Hackers Spoof Microsoft ADFS Login Pages to Steal Credentials Full Text
Abstract
A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.Bleeping Computer
February 5, 2025
State-Linked Hackers Deploy New FlexibleFerret macOS Malware in Fake Job Interview Campaign Full Text
Abstract
Apple addressed several variants of the macOS malware family in a signature update for XProtect last week. However, the North Korean threat actors adapted to the update by deploying FlexibleFerret, which is not detected by XProtect.Cybersecurity Dive
February 3, 2025
Hackers Use Fake Wedding Invitations to Spread Android Malware in Southeast Asia Full Text
Abstract
The primary goal of the attackers appears to be gaining full control of victims’ WhatsApp and Telegram accounts, allowing them to spread malware further or send fraudulent money requests to contacts.The Record
January 22, 2025
Homebrew Phishing Site Appears in Google Search, Raising Concerns Full Text
Abstract
The phishing website was designed to look identical to the official Homebrew website (brew.sh). However, when users clicked on the ad, they were redirected to a malicious website that contained installation code for a backdoor.Security Online
January 18, 2025
New ‘Sneaky 2FA’ Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass Full Text
Abstract
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024.The Hacker News
January 14, 2025
Cyberattackers Hide Infostealers in YouTube Comments Full Text
Abstract
Attackers are targeting people interested in pirated and cracked software downloads by abusing YouTube and Google search results. Threat actors are posing as "guides" offering legitimate software installation tutorials to lure viewers.Dark Reading
January 14, 2025
Fancy Bear spotted using real Kazak government documents in spearpishing campaign Full Text
Abstract
A hacking group linked to Russian intelligence has been observed leveraging seemingly legitimate documents from the Kazakhstan government as phishing lures to infect and spy on government officials in Central Asia.CyberScoop
January 13, 2025
Phishing Trend Exploiting YouTube URLs Through Microsoft Office 365 Expiry Themes Full Text
Abstract
Researchers at Cyderes warned of a recent wave of phishing campaigns leveraging cleverly disguised URLs and Microsoft 365 password expiry lures to trick users into divulging sensitive credentials.Cyderes
January 13, 2025
Phishing Texts Trick Apple iMessage Users Into Disabling Protection Full Text
Abstract
Apple iMessage automatically disables links in messages from unknown senders for protection. However, if users reply to these messages or save the sender's contact information, the links get re-enabled, which can be abused by scammers.Bleeping Computer
January 10, 2025
Security Professionals Baited by Fake Windows LDAP Exploits Full Text
Abstract
Trend Micro spotted what appears to be a fork of the legitimate LDAPNightmare PoC exploit, initially published by SafeBreach Labs on January 1. But the "forked" exploit PoC actually leads to the download and execution of information-stealing malware.The Register
January 10, 2025
Phishing Scam Targets Job Seekers with XMRig Cryptominer Full Text
Abstract
CrowdStrike researchers warned of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process.The Hacker News
January 9, 2025
“Butcher Shop” Phishing Campaign Targets Legal, Government and Construction Firms Full Text
Abstract
Obsidian uncovered a new phishing campaign targeting Microsoft 365 accounts. The campaign uses a mix of email redirects and open redirect vulnerabilities, which makes it hard for traditional phishing solutions to detect and block.Obsidian
January 6, 2025
Hackers Exploit Social Security Administration Branding to Deliver ConnectWise RAT Full Text
Abstract
Earlier iterations of this campaign relied on ConnectWise’s infrastructure for command-and-control (C2) operations, but later versions use dynamic DNS services and attacker-hosted domains.Security Online
January 4, 2025
Fake Game Sites Lead to Information Stealers Full Text
Abstract
The new malware campaign targets users by sending direct messages on platforms like Discord, asking if they want to beta test a new video game. These messages often appear to come from the game’s developer.Malware Bytes
December 28, 2024
Cybersecurity Expert Reveals Alarming Tactics Used in Google Impersonation Scams Full Text
Abstract
Cybersecurity expert Brian Krebs uncovered alarming new stories of two victims, Adam Griffin and Tony, who together lost millions of dollars in cryptocurrency to social engineering attacks that combined technical precision and emotional manipulation.Cyware
December 24, 2024
WikiKit AiTM Phishing Kit: Where Links Tell Lies Full Text
Abstract
The WikiKit-powered phishing campaign began in early October 2024, targeting the automotive, manufacturing, medical, construction, consulting, and entertainment industries.TRAC Labs
December 17, 2024
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide Full Text
Abstract
"The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest their personal information," ESET noted in its H2 2024 Threat Report shared with The Hacker News.The Hacker News
December 17, 2024
Malicious Ads Distribute SocGholish Malware to Kaiser Permanente Employees Full Text
Abstract
The ads pretended to be the company's HR portal for benefits and paystub access. The threat was aimed at stealing employee login details, but instead of phishing, it led victims to a compromised website that asked them to update their browser.MalwareBytes
December 4, 2024
Why Phishers Love New TLDs Like .shop, .top, and .xyz Full Text
Abstract
A study by Interisle Consulting found that new gTLDs introduced in the last few years command just 11% of the market for new domains, but accounted for roughly 37% of cybercrime domains reported between September 2023 and August 2024.Krebs On Security
December 3, 2024
People Facing Printer Problems Scammed via Fake Driver Downloads Full Text
Abstract
Victims clicking malicious Google ads are redirected to fake sites mimicking official printer brands, where scammers lure them into calling for support by offering printer drivers that fail to install.Malware Bytes
December 2, 2024
Novel Phishing Campaign Uses Corrupted Word Documents To Evade Security Full Text
Abstract
A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application.Bleeping Computer
November 30, 2024
New Rockstar 2FA phishing service targets Microsoft 365 accounts Full Text
Abstract
Like other AiTM platforms, Rockstar 2FA enables attackers to bypass multifactor authentication (MFA) protections on targeted accounts by intercepting valid session cookies.Bleeping Computer
November 28, 2024
Return of ANEL Backdoor in the Recent Earth Kasha Spear-Phishing Campaign in 2024 Full Text
Abstract
The campaign’s primary intrusion vector involved carefully crafted spear-phishing emails. These messages, often sent from compromised or free email accounts, contained links to malicious OneDrive-hosted ZIP files.Trend Micro
November 28, 2024
Scammers use you’re fired lures in phishing campaign Full Text
Abstract
The attack begins with an email that appears to be a legal notice informing recipients their employment has been terminated. In one of these scams, the email uses the subject line "Action Required: Tribunal Proceedings Against You".The Register
November 26, 2024
Three-Quarters of Black Friday Spam Emails Identified as Scams Full Text
Abstract
Bitdefender said the growing prevalence of Black Friday scams “underscores the greed and daring of cybercriminals, who increasingly leverage fake offers and phishing tactics to exploit consumer shopping behaviors and trends.”Infosecurity Magazine
November 26, 2024
Government IDs and Facial Recognition: A New Phishing Threat Full Text
Abstract
A recent report by Harsh Patel and Brandon Cook from the Cofense Phishing Defense Center highlights a dangerous new tactic aimed at exploiting online users by combining phishing for government IDs with facial recognition video capture.Security Online
November 23, 2024
APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware Full Text
Abstract
The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file.The Hacker News
November 22, 2024
Meta says it has removed 2 million accounts linked to pig butchering scams Full Text
Abstract
Meta has taken down more than 2 million accounts this year connected to pig butchering scams conducted from Southeast Asia and the United Arab Emirates, the company said Thursday.The Record
November 21, 2024
Now BlueSky hit with crypto scams as it crosses 20 million users Full Text
Abstract
A BlueSky post from last week featured an AI-generated image of Mark Zuckerberg and promoted crypto assets like "MetaChain" and "MetaCoin." The post misleads viewers into associating the advertised products with Meta.Bleeping Computer
November 20, 2024
“Sad announcement” email leads to tech support scam Full Text
Abstract
Tech support scammers are again stooping low with their email campaigns. This one hints that one of your contacts may have met an untimely end. It all starts with an email titled “Sad announcement” followed by a full name of someone you know.Malware Bytes
November 20, 2024
Amazon and Audible flooded with ‘forex trading’ and warez listings Full Text
Abstract
Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software.Bleeping Computer
November 20, 2024
AiTM Phishing, Hold the Gabagool: Analyzing the Gabagool Phishing Kit Full Text
Abstract
The threat actor would initially compromise the user’s mailbox and begin sending phishing emails to other employees. These emails prompt recipients to view an image attached to the email.Medium
November 19, 2024
Spotify abused to promote pirated software and game cheats Full Text
Abstract
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO.Bleeping Computer
November 16, 2024
Fraud Network Uses 4,700 Fake Shopping Sites to Steal Credit Cards Full Text
Abstract
A threat group known as SilkSpecter, speculated to be from China, is using thousands of fake online stores to steal credit card information from shoppers in the U.S. and Europe.Bleeping Computer
November 12, 2024
Microsoft Visio Files Used in Sophisticated Phishing Attacks Full Text
Abstract
Security researchers have noticed a rise in complex phishing attacks using Microsoft Visio files. These attacks use the . vsdx format of Visio, a file type commonly used for business diagrams, to hide malicious URLs and slip past security scans.Infosecurity Magazine
November 9, 2024
Fake Copyright Infringement Emails Spread Rhadamanthys Full Text
Abstract
The emails are automated, and they look like they come from legal representatives of real companies. Many of these companies are in the technology, media, and entertainment industries.Dark Reading
November 6, 2024
GPT-4o can be Used for Autonomous Voice-based Scams Full Text
Abstract
Researchers have discovered that OpenAI's real-time voice API for OpenAI's GPT-4o can be exploited for financial scams with moderate success rates. GPT-4o is a new AI model from OpenAI that integrates text, voice, and vision inputs and outputs.Bleeping Computer
November 6, 2024
LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store Full Text
Abstract
LastPass warns users of a social engineering campaign through deceptive reviews on its Chrome Web Store app page. Threat actors post fake reviews to lead users to a fake support number, aiming to collect sensitive information.Security Online
November 4, 2024
Xiū Gǒu Phishing Kit Targets the U.S., U.K, Spain, Australia and Japan Full Text
Abstract
The new phishing kit called "Xiu Gou" has been targeting users in the US, UK, Spain, Australia, and Japan since at least September 2024. Discovered by Netcraft, it features a cartoon mascot and over 2000 phishing websites targeting various sectors.Cyware
October 31, 2024
Chenlun’s Evolving Phishing Tactics Target Trusted Brands Full Text
Abstract
The newest wave of phishing, observed on October 18, 2024, involves messages alarming users about suspicious account activity and directing them to verify accounts through malicious links.Infosecurity Magazine
October 29, 2024
Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials Full Text
Abstract
Netskope Threat Labs reported a ten-fold increase in traffic to phishing pages created with Webflow between April and September 2024, affecting over 120 organizations worldwide.The Hacker News
October 28, 2024
Ukraine Warns of Mass Phishing Campaign Targeting Citizens Data Full Text
Abstract
The attackers, identified as UAC-0218, send phishing links disguised as bills or payment details, which actually contain malware designed to steal data from victims' devices.Cyware
October 22, 2024
Bored BeaverTail Yacht Club – A Lazarus Lure Full Text
Abstract
eSentire’s Threat Response Unit (TRU) has uncovered a phishing campaign targeting software developers using a fake NFT project called “Bored BeaverTail Yacht Club” to distribute malware known as BeaverTail.Cyware
October 15, 2024
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware Full Text
Abstract
The malicious emails contain ZIP files with harmful attachments that use mshta. exe to execute obfuscated JavaScript commands and establish connections to a command and control (C&C) server.Trend Micro
October 15, 2024
Gmail Scam Alert: Hackers Spoof Google to Steal Credentials Full Text
Abstract
Security expert Sam Mitrovic recently warned about an advanced AI-driven phishing scheme aimed at Gmail users, including himself. The scheme began with a fake email from Google requesting an account recovery, followed by a fraudulent login page.Security Online
October 14, 2024
Two Updated Malware Strains Used in North Korean Fake Recruiter Scams Full Text
Abstract
Researchers from Palo Alto Networks Unit 42 discovered that these threat actors are posing as recruiters on platforms like LinkedIn to trick victims into downloading malware disguised as job-related tools.The Record
October 12, 2024
Telekopye Transitions to Targeting Tourists via Hotel Booking Scam Full Text
Abstract
ESET researchers revealed that the Telekopye scam toolkit, previously known for targeting online marketplace users, has now turned its focus towards exploiting tourists via accommodation booking platforms like Booking.com and Airbnb.WeLiveSecurity
October 11, 2024
Tax Extension Malware Campaign Exploits Trusted GitHub Repositories to Deliver Remcos RAT Full Text
Abstract
A recent phishing campaign exploited GitHub links, targeting victims with promises of tax extension assistance. The emails urged recipients to download a password-protected archive from trusted repositories associated with tax organizations.Security Online
October 10, 2024
Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files Full Text
Abstract
Phishing campaigns are using newly registered domains related to hurricane relief efforts to trick victims into revealing sensitive information. Some are posing as FEMA assistance providers on forums like BlackBones to steal personal data and funds.HackRead
October 8, 2024
Mamba 2FA Phishing Kit Bypasses 2FA with AitM Tactics Full Text
Abstract
Mamba 2FA has gained popularity in the phishing-as-a-service market, allowing attackers to bypass non-phishing-resistant MFA methods like one-time codes and app notifications.Security Online
September 4, 2024
Travelers Targeted in New Booking.com Phishing Scam Full Text
Abstract
The attack involves compromising hotel managers' accounts to access customer reservation systems, ultimately tricking hotel guests via the Booking.com app. The scheme utilizes a fake domain to deceive users and harvest sensitive data.Security Online
September 3, 2024
Novel Attack on Windows Spotted in Chinese Phishing Campaign Full Text
Abstract
The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary "runonce.exe," giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.The Register
September 2, 2024
Fake Palo Alto GlobalProtect Tool Used as Lure to Backdoor Enterprises Full Text
Abstract
A fake Palo Alto GlobalProtect VPN access tool is being used as bait by threat actors targeting Middle Eastern organizations. The malware, disguised as a legitimate tool, can steal data and execute remote commands to infiltrate networks further.Bleeping Computer
August 29, 2024
New Unicode QR Code Phishing Scam Bypasses Traditional Security Full Text
Abstract
Cybercriminals are using Unicode QR codes in a new type of phishing attack that can bypass traditional security measures, putting users at risk of visiting malicious websites and having their data stolen.HackRead
August 28, 2024
Microsoft’s Sway Serves as Launchpad for ‘Quishing’ Campaign Full Text
Abstract
A new QR code phishing campaign is using Microsoft Sway to steal credentials. The attacks primarily target users in Asia and North America, particularly in the technology, manufacturing, and finance sectors.Dark Reading
August 21, 2024
Novel Phishing Method Used in Android and iOS Financial Fraud Campaigns Full Text
Abstract
This method was first disclosed by CSIRT KNF in Poland in July 2023 and later observed in Czechia by ESET analysts. Similar campaigns were also observed targeting banks in Hungary and Georgia.Infosecurity Magazine
August 15, 2024
New Phishing Attack Uses Sophisticated Infostealer Malware Full Text
Abstract
A new phishing attack with advanced infostealer malware has been discovered by analysts. The malware collects sensitive data like passwords, cookies, credit card info, and browsing history.Infosecurity Magazine
August 13, 2024
Fake X Content Warnings on Ukraine War, Earthquakes Used as Clickbait Full Text
Abstract
Scammers are using fake content warnings related to the Ukraine war and earthquakes to lure users into clicking on links that lead to adult sites, malicious browser extensions, and affiliate scams on X.Bleeping Computer
August 2, 2024
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft Full Text
Abstract
A recent malvertising campaign has been exposed, where threat actors take over social media pages, rebranding them as popular AI photo editors and posting malicious links to fake websites.Trend Micro
July 30, 2024
Crafty ClickFix-Style Phishing Campaign Targets Microsoft OneDrive Users Full Text
Abstract
The attackers use social engineering tactics to get users to run a PowerShell script, compromising their systems. The scam starts with an email containing an HTML file that tricks the recipient into clicking on a button to fix a fake DNS issue.Security Affairs
July 30, 2024
Massive Phishing Campaign Exploiting Proofpoint’s Email Protection to Dispatch Millions of Perfectly Spoofed Emails Full Text
Abstract
The campaign began in January 2024 and peaked at 14 million emails in June. The emails were designed to steal sensitive information and included authentic-looking signatures to bypass security measures.Guard
July 27, 2024
Phishing Campaign Targeting Mobile Users in India Using India Post Lures Full Text
Abstract
FortiGuard Labs Threat Research team has identified a fraud campaign targeting India Post users on social media, specifically iPhone users through smishing attacks. The Smishing Triad, a Chinese threat actor, is believed to be behind this campaign.Fortinet
July 25, 2024
TransparentTribe’s Spear-Phishing Targeting Indian Government Departments Full Text
Abstract
The malicious file, disguised as “Recommendation for the award of President’s.docm,” contained a VBA script that executed the CrimsonRAT remote control program, capable of stealing sensitive information.NSFOCUS
July 22, 2024
Fake Grand Theft Auto VI Beta Download Spreads Malware Full Text
Abstract
Bitdefender researchers found suspicious Facebook ads promoting fake beta versions for free download on PC. These ads promise early access to a non-existent GTA VI beta with attractive features and release dates, using stolen gameplay footage.Hack Read
July 17, 2024
“Konfety” Mobile Ad Fraud Campaign Found Using Unique Obfuscation Method Full Text
Abstract
A massive ad fraud operation known as Konfety is using over 250 Google Play decoy apps to hide malicious twins. The campaign leverages a mobile advertising SDK linked to a Russia-based ad network named CaramelAds.Human Security
July 16, 2024
HR-Themed Phishing Campaign Targets Employees to Steal Microsoft Credentials Full Text
Abstract
In a recent phishing attempt, Cofense researchers spotted an email disguised as a communication from a company's HR department, prompting recipients to review an updated employee handbook.Cyware
July 16, 2024
Facebook Ads for Windows Desktop Themes Push Info-Stealing Malware Full Text
Abstract
The threat actors take out ads for Windows themes, free game downloads, and software cracks for apps like Photoshop and Microsoft Office. These ads are shared through new or hijacked Facebook business pages.Cyware
July 16, 2024
Attackers Exploit URL Protections to Disguise Phishing Links Full Text
Abstract
Phishing campaigns are utilizing three different URL protection services to disguise phishing URLs and trick victims into giving up their credentials. These attacks have targeted numerous companies already.Cyware
July 10, 2024
Regional Transport Office Themed Phishing Campaign Targets Android Users In India Full Text
Abstract
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named "VAHAN PARIVAHAN.apk".Cyble As CISOs Grapple with the C-Suite, Job Satisfaction Takes a Hit Full Text
Abstract
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.Cybersecurity Dive
July 10, 2024
`
Ticket Heist Network of 700 Domains Sells Fake Olympic Games Tickets Full Text
Abstract
QuoIntelligence discovered the operation called Ticket Heist, with convincing websites selling fake Olympic tickets. The prices on these websites are much higher than the official ones.Bleeping Computer
July 9, 2024
Scammers Double-Dip by Offering Prior Victims Help to Recover Stolen Funds Full Text
Abstract
The scammers identify previous scam victims and pose as trusted entities such as government agencies, cybersecurity firms, or fund recovery services, asking for upfront fees or personal information to supposedly help with the recovery process.The Register
July 2, 2024
How Hacked YouTube Channels Spread Scams and Malware Full Text
Abstract
The most common attack methods against YouTube channels involve phishing attacks to steal login credentials, exploiting weak or reused passwords, and even bypassing two-factor authentication by stealing session cookies.WeLiveSecurity
July 1, 2024
Fake IT Support Sites Push Malicious PowerShell Scripts as Windows Fixes Full Text
Abstract
These sites are promoted through compromised YouTube channels, lending them credibility. One particular error, the 0x80070643 error, which appeared after a Microsoft security update, has been exploited by threat actors.Bleeping Computer
June 22, 2024
Military-themed Email Scam Spreads Malware to Infect Pakistani Users Full Text
Abstract
Researchers have uncovered a new phishing campaign, named PHANTOM#SPIKE, targeting individuals in Pakistan. The campaign utilizes military-themed phishing documents to initiate the infection process.The Hacker News
June 18, 2024
Fake Google Chrome Errors Trick Users Into Running Malicious PowerShell Scripts Full Text
Abstract
A new malware campaign has been found tricking users into running malicious PowerShell "fixes" by displaying fake Google Chrome, Word, and OneDrive errors. The campaign has been linked to multiple actors, including ClearFake, ClickFix, and TA571.Bleeping Computer
June 17, 2024
Malicious Emails Trick Consumers Into False Election Contributions Full Text
Abstract
The last six months have seen a surge in cyber threat activities, driven by major global events such as elections and military exercises, according to cybersecurity firm Trellix.Help Net Security
June 15, 2024
North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics Full Text
Abstract
Google's Mandiant and Threat Analysis Group (TAG) divisions reported that Brazilian governmental organizations, as well as the aerospace, technology, and financial services sectors, have been targeted by North Korean-backed actors.The Hacker News
June 13, 2024
Search & Spoof: Abuse of Windows Search to Redirect to Malware Full Text
Abstract
The campaign begins with a phishing email that contains an HTML attachment disguised as a routine document in a ZIP archive. The HTML file uses obfuscation techniques to evade detection and exploit vulnerabilities in Windows system functionalities.Trustwave
June 13, 2024
Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites Full Text
Abstract
Proofpoint has discovered a fraudulent website, paris24tickets[.]com, claiming to sell tickets for the Paris 2024 Summer Olympic Games. The site appeared as the second sponsored search result on Google, but Proofpoint confirmed its fraudulent nature.Proofpoint
June 13, 2024
New Phishing Toolkit Uses PWAs to Steal Login Credentials Full Text
Abstract
The phishing kit, created by security researcher mr.d0x, demonstrates how to create PWAs that display corporate login forms with a fake address bar showing the normal login URL. This makes the phishing attempt more convincing.Bleeping Computer
June 11, 2024
More_eggs Activity Persists via Fake Job Applicant Lures Full Text
Abstract
Cybersecurity researchers have discovered a phishing attack that utilizes the More_eggs malware by disguising it as a resume, a tactic that was first detected over two years ago.Esentire
June 10, 2024
Feds Seize Domains Linked to Crypto Investment Scam Preying on New York’s Russian Diaspora Full Text
Abstract
The scam involved fraudulent cryptocurrency investments and a shared narrative that enticed victims through Facebook advertisements featuring a deepfake video of Elon Musk.The Record
June 10, 2024
Malicious AutoIt Script Delivers Vidar Stealer via Drive-by Downloads Full Text
Abstract
The attack utilized Java dependencies and a malicious AutoIt script to disable Windows Defender and decrypt the Vidar payload. The user was lured to a website claiming to offer a Windows activator but was in fact hosting the malware.Esentire
June 5, 2024
V3B Phishing Kit Targets Over 50 European Banks, Bypasses MFA Full Text
Abstract
The V3B phishing kit is designed to evade detection and supports real-time interaction to bypass MFA. In addition to traditional tokens such as SMS codes, it handles QR Codes and PhotoTAN authentication methods.Bank Info Security
June 4, 2024
Malicious Excel File Deploys Cobalt Strike in Advanced Attack on Ukraine Full Text
Abstract
The DLL downloader is obfuscated with ConfuserEx and carries out various tasks, such as terminating processes associated with analysis tools or antivirus software and downloading the next stage payload from a specific URL.Fortinet
June 4, 2024
WhatsApp Cryptocurrency Scam Goes for the Cash Prize Full Text
Abstract
Any unsolicited WhatsApp message from an unknown person is suspect. No matter how harmless or friendly it may seem. Most pig butchering scams start with what seems a misdirected message.MalwareBytes
June 1, 2024
Fake Browser Updates Delivering BitRAT and Lumma Stealer Full Text
Abstract
The infection chain began with a user visiting an infected webpage, which triggered the download of a ZIP archive containing malicious JavaScript code. This code acted as an initial downloader, retrieving payloads from a known BitRAT C2 address.Esentire
June 1, 2024
Shady ‘Merry-Go-Round’ Ad Fraud Network Leaves Orgs Hemorrhaging Cash Full Text
Abstract
Merry-Go-Round is most sophisticated in its anti-detection techniques, using a number of measures to keep away advertisers, cyber analysts, and others who would stand in its way.Dark Reading
May 30, 2024
Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered Full Text
Abstract
In a recent six-month analysis, cybersecurity firm Bitdefender has uncovered a troubling trend: cybercriminals are using Discord, a popular communication platform, to distribute malware and execute phishing campaigns.HackRead
May 28, 2024
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling Full Text
Abstract
One campaign uses HTML smuggling to hide the phishing content from network inspection. The other uses a method called transparent phishing, where the attacker uses Cloudflare Workers to act as a reverse proxy server for a legitimate login page.NetSkop
May 27, 2024
Hackers Phish Finance Organizations in the US and Europe Using Trojanized Minesweeper Clone Full Text
Abstract
CERT-UA reports that research following the initial discovery of this attack revealed at least five potential breaches by the same files in financial and insurance institutions across Europe and the United States.Bleeping Computer
May 27, 2024
Fake Antivirus Websites Used to Distribute Info-Stealer Malware Full Text
Abstract
Researchers at Trellix Advanced Research Center spotted fake AV sites used to distribute info-stealers. The malicious websites hosted sophisticated malicious files such as APK, EXE, and Inno setup installer, including spying and stealer capabilities.Security Affairs
May 27, 2024 – Government
EU Wants Universities to Work with Intelligence Agencies to Protect Their Research Full Text
Abstract
Europe’s leading research universities should work more closely with the continent’s intelligence agencies to help secure their research from being stolen by hostile states, EU member states recommended this week.The Record
May 27, 2024
Arc Browser’s Windows Launch Targeted by Google Ads Malvertising Full Text
Abstract
According to a report by Malwarebytes, cybercriminals prepared for the product launch, setting up malicious advertisements on Google Search to lure users looking to download the new web browser.Bleeping Computerr
May 25, 2024
Cybercriminals Exploit Cloud Storage for SMS Phishing Scams Full Text
Abstract
Security researchers have revealed a series of criminal campaigns that exploit cloud storage services such as Amazon S3, Google Cloud Storage, Backblaze B2 and IBM Cloud Object Storage.Infosecurity Magazine
May 25, 2024
Beware of HTML Masquerading as PDF Viewer Login Pages Full Text
Abstract
Forcepoint X-Labs has recently observed a significant number of phishing email instances in their telemetry targeting various government departments in APAC that masquerade as PDF viewer login pages.Forcepoint
May 21, 2024
North Korea-Linked Kimsuky APT Attack Targets Victims via Messenger Full Text
Abstract
Researchers at Genians Security Center (GSC) identified the North Korea-linked Kimsuky APT group targeting victims via Facebook Messenger, using fake accounts posing as South Korean officials to deliver malware.Security Affairs
May 16, 2024
Scammers Fake DocuSign Templates to Blackmail & Steal From Companies Full Text
Abstract
Cybercriminals are exploiting the popularity of DocuSign by creating and selling fake email templates and login credentials to enable phishing attacks, blackmail, and business email compromise against targeted companies.Dark Reading
May 14, 2024
Leveraging DNS Tunneling for Tracking and Scanning Full Text
Abstract
Threat actors are using DNS tunneling as a means to scan for network vulnerabilities and check the success of phishing campaigns, according to new research from Palo Alto Networks.Palo Alto Networks
May 14, 2024
Southeast Asian Scam Syndicates Stealing $64 Billion Annually, Researchers Find Full Text
Abstract
Researchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar.The Record
May 10, 2024
Monday.com Removes “Share Update” Feature Abused for Phishing Attacks Full Text
Abstract
The phishing emails pretended to come from a "Human Resources" department, asking users to either acknowledge the "organization's workplace sex policy" or submit feedback as part of a "2024 Employee Evaluation."Bleeping Computer
May 3, 2024
North Korean Hackers Spoofing Journalist Emails to Spy on Experts Full Text
Abstract
North Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs.Infosecurity Magazine
April 29, 2024
Japanese police create fake support scam payment cards to warn victims Full Text
Abstract
The cards are labeled "Virus Trojan Horse Removal Payment Card" and "Unpaid Bill Late Fee Payment Card," and were created by the Echizen Police in the Fukui prefecture in Japan as an alert mechanism.Bleeping Computer
April 27, 2024
FBI: Fraudsters Using Fake Online Dating Verification Apps to Scam Lovers Full Text
Abstract
The FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years.The Record
April 27, 2024
Bogus npm Packages Used to Trick Software Developers into Installing Malware Full Text
Abstract
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.The Hacker News
April 26, 2024
North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures Full Text
Abstract
The Lazarus Group's use of job offer lures to infiltrate targets is not new. Dubbed Operation Dream Job, the long-running campaign has a track record of using various social media and instant messaging platforms to deliver malware.The Hacker News
April 26, 2024
Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks Full Text
Abstract
Researchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk's file sharing platform to steal Microsoft login credentials from victims.Net Craft
April 25, 2024
Attackers Leverage Black Hat SEO Techniques to Distribute Info-Stealer Malware Full Text
Abstract
Threat actors utilize fraudulent websites hosted on popular legitimate platforms to spread malware and steal data. To evade detection, attackers employ obfuscation methods and checks on referral URLs.ZScaler
April 24, 2024
Google Ad for Facebook Redirects to Scam Full Text
Abstract
Researchers observed a malicious ad campaign targeting Facebook users via Google search. The ad, which appears at the top of Google search results for the keyword "Facebook," redirects users to a scam page.Malwarebytes
April 23, 2024
Fraudsters Exploit Telegram’s Popularity for Toncoin Scam Full Text
Abstract
The perpetrators attract unsuspecting Telegram users through a referral system, enticing them with promises of an “exclusive earning program” shared via contacts in their network.Infosecurity Magazine
April 23, 2024
Nespresso Domain Serves Up Steamy Cup of Phish, No Cream or Sugar Full Text
Abstract
A phishing campaign exploiting a bug in Nespresso's website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links.Dark Reading
April 22, 2024
From Water to Wine: An Analysis of WINELOADER Full Text
Abstract
A recent malware campaign used weaponized ZIP files to distribute the WINELOADER malware. The attackers send phishing emails with ZIP attachments that, when extracted, execute a PowerShell script to download and install the malware.Splunk
April 22, 2024
Researchers Find Dozens of Fake E-Zpass Toll Websites After FBI Warning Full Text
Abstract
Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.”The Record
April 18, 2024
Malvertising Campaign Targeting IT Teams with MadMxShell Backdoor Full Text
Abstract
The backdoor uses techniques such as multiple stages of DLL sideloading and DNS tunneling for command-and-control (C2) communication as a means to evade endpoint and network security solutions, respectively.ZScalar
April 16, 2024
Report: Microsoft Most Impersonated Brand in Phishing Scams Full Text
Abstract
Microsoft was impersonated in 38% of all brand phishing attacks in Q1 2024, according to new data from Check Point. Google was the second most impersonated brand in Q1 2024, making up 11% of attempts.Infosecurity Magazine
April 9, 2024
Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region Full Text
Abstract
The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice. The email header has an email address format that uses the domain ‘temporary[.]link’.Trustwave
April 9, 2024
Microsoft Two-Step Phishing Campaign Targets LinkedIn Users Full Text
Abstract
A new LinkedIn threat combines breached users’ accounts and an evasive 2-step phishing attack. A recent Python-based infostealer called Snake targets Facebook users with malicious messages.Perception Point
April 9, 2024
ScrubCrypt Deploys VenomRAT with an Arsenal of Plugins Full Text
Abstract
Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.Fortinet
April 6, 2024
Phishing Attacks Targeting Political Parties, Germany Warns Full Text
Abstract
"An increase of attacks can currently be assumed, particularly in light of the upcoming European elections. These may include phishing attacks to publish stolen data or documents," a BSI spokesperson told Information Security Media Group.Healthcare Info Security
April 5, 2024
Fake Lawsuit Threat Exposes Privnote Phishing Sites Full Text
Abstract
A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company.Kreb son Security
April 4, 2024
Targeted Phishing Linked to ‘The Com’ Surges in the US, the UK, and Canada Full Text
Abstract
A persistent social engineering threat faced by enterprises involves attackers trying to obtain login credentials for identity and access management (IAM), cloud resources, or single sign-on (SSO)-enabled systems.Intel 471
March 28, 2024
‘Darcula’ Phishing-as-a-Service Operation Bleeds Victims Across 100 More Than Countries Full Text
Abstract
The Chinese-language, phishing-as-a-service platform "Darcula" has created 19,000 phishing domains in cyberattacks against more than 100 countries, Netcraft researchers say.Dark Reading
March 26, 2024
Agent Tesla’s New Ride: The Rise of a Novel Loader Full Text
Abstract
Recently, SpiderLabs identified a phishing email with an attached archive that included a Windows executable disguised as a fraudulent bank payment. This action initiated an infection chain culminating in the deployment of Agent Tesla.Trustwave
March 26, 2024
New Tycoon 2FA Phishing Kit Raises Cybersecurity Concerns Full Text
Abstract
An analysis by Sekoia revealed that the kit has emerged as one of the most prevalent AiTM phishing kits, with over 1,100 domain names detected between October 2023 and February 2024.Infosecurity Magazine
March 25, 2024
Google’s New AI Search Results Promotes Sites Pushing Malware, Scams Full Text
Abstract
Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams.Bleeping Computer
March 25, 2024
Scammers Steal Millions From FTX, BlockFi Claimants Full Text
Abstract
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds.Help Net Security
March 23, 2024
Iranian TA450 Group Tries Out New Tactics on Israelis Full Text
Abstract
Iran-aligned threat actor TA450 is using fake salary, compensation and financial incentive emails to trick Israeli employees at multi-national organizations into clicking malicious links, according to researchers at security firm Proofpoint.Bank Info Security
March 22, 2024
Large-Scale StrelaStealer Campaign in Early 2024 Full Text
Abstract
Recently, Unit 42 researchers have identified a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and U.S. These campaigns deliver spam emails with attachments that eventually launch the DLL payload.Palo Alto Networks
March 21, 2024
Fake Obituary Sites Send Grievers to Adult Sites and Scareware Pages Full Text
Abstract
Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.Infosecurity Magazine
March 21, 2024
Tax Hackers Blitz Small Business With Phishing Emails Full Text
Abstract
Worryingly, the social engineering scammers are likely operating with little more than a cheap email list of self-employed US residents, according to the latest advisory from Malwarebytes Labs.Threat Intelligence
March 21, 2024
Microsoft Warns of New Tax Returns Phishing Scams Targeting You Full Text
Abstract
These attachments, as per Microsoft Threat Intelligence’s blog post, contain malware that steals your login credentials, or they might redirect you to a fake website that looks like a legitimate tax platform designed to capture your information.Hack Read
March 14, 2024
Threat Actors Leverage Document Publishing Sites for Ongoing Credential and Session Token Theft Full Text
Abstract
Threat actors are exploiting legitimate digital document publishing (DDP) sites to host phishing lures, making it harder for traditional security controls to detect and block these attacks.Talo Intelligence
March 13, 2024
Tweaks Stealer Targets Roblox Users Through YouTube and Discord Full Text
Abstract
The attackers leverage YouTube by enticing users to watch videos on "How to increase FPS" that contain links to their Discord groups. Once they join, the attackers provide them with links to malicious files disguised as game tweaks and modifications.Cyware
March 13, 2024
FakeBat Delivered via Several Active Malvertising Campaigns Full Text
Abstract
The malvertising campaigns employed a new redirection chain, abusing legitimate websites to evade detection, with several campaigns impersonating brands such as OneNote, Epic Games, and the Braavos smart wallet application.Cyware
March 12, 2024
Tax-Related Scams Escalate as Filing Deadline Approaches Full Text
Abstract
Scammers are taking advantage of the rush to file personal federal income tax returns, using tactics such as impersonation, phone calls, tax identity theft, phishing scams, and unethical tax return preparers.Cyware
March 4, 2024
Malicious Meeting Invite Fix Targets Mac Users Full Text
Abstract
Scammers impersonating cryptocurrency investors on Telegram are luring targets into fake partnership meetings, using AppleScripts to compromise Mac users and gain administrator permissions.Cyware
March 2, 2024
CryptoChameleon: New Phishing Tactics Exhibited in FCC-Targeted Attack Full Text
Abstract
A sophisticated phishing kit with novel tactics targets cryptocurrency platforms and the FCC through a combination of email, SMS, and voice phishing, successfully stealing high-quality data from mobile device users in the United States.Cyware
February 28, 2024
LabHost Cybercrime Service Lets Anyone Phish Canadian Bank Users Full Text
Abstract
LabHost offers three membership tiers targeting banks and online services, along with a real-time phishing management tool called LabRat that enables cybercriminals to steal 2FA protection.Cyware
February 28, 2024
TimbreStealer Campaign Targets Mexican Users with Financial Lures Full Text
Abstract
The malware comes with embedded modules for orchestration, decryption, and protection, while also conducting checks to avoid sandbox environments and targeting specific industries like manufacturing and transportation sectors.Cyware
February 16, 2024
Hackers Exploit EU Agenda in Spear Phishing Campaigns Full Text
Abstract
Organizations based in the EU are being targeted by spear phishing campaigns leveraging EU political and diplomatic events, according to the bloc’s Computer Emergency Response Team (CERT-EU).Cyware
February 15, 2024
Corporate Users Getting Tricked into Downloading AnyDesk Full Text
Abstract
Hackers are tricking victims into downloading an outdated but legitimate AnyDesk executable by directing them to fake websites posing as financial institutions. Once the program is run, attackers can gain control of the victim's machine.Cyware
February 12, 2024
Ongoing Azure Compromises Target Senior Executives, Microsoft 365 Apps Full Text
Abstract
Threat actors are targeting Microsoft Azure corporate clouds with sophisticated and tailored phishing attacks, compromising a wide range of user accounts for activities such as data exfiltration and financial fraud.Cyware
February 10, 2024
Over 800 Phony Temu Domains Lure Shoppers into Credential Theft Full Text
Abstract
Temu is the latest brand chosen by scammers for their phishing scams. Hackers are using Temu’s giveaway rewards to entice users to give away their credentials, with over 800 new domains registered as “Temu” in the last three months.Cyware
February 8, 2024
Facebook Fatal Accident Scam Still Rages On Full Text
Abstract
Cybercriminals are using legitimate services like googleapis.com to fingerprint users and redirect them to specific types of scams based on their analysis of the user's IP address, machine type, and VPN usage.Cyware
February 06, 2024
Beware: Fake Facebook Job Ads Spreading ‘Ov3r_Stealer’ to Steal Crypto and Credentials Full Text
Abstract
Threat actors are leveraging bogus Facebook job advertisements as a lure to trick prospective targets into installing a new Windows-based stealer malware codenamed Ov3r_Stealer . "This malware is designed to steal credentials and crypto wallets and send those to a Telegram channel that the threat actor monitors," Trustwave SpiderLabs said in a report shared with The Hacker News. Ov3r_Stealer is capable of siphoning IP address-based location, hardware info, passwords, cookies, credit card information, auto-fills, browser extensions, crypto wallets, Microsoft Office documents, and a list of antivirus products installed on the compromised host. While the exact end goal of the campaign is unknown, it's likely that the stolen information is offered for sale to other threat actors. Another possibility is that Ov3r_Stealer could be updated over time to act as a QakBot-like loader for additional payloads, including ransomware. The starting point of the attack is a weapoThe Hacker News
February 5, 2024
Over 25$ Million Lost in Deepfake Conference Call Scam at Hong Kong Office of Multinational Firm Full Text
Abstract
The scammers digitally recreated the company's chief financial officer and other employees in a convincing video conference call to trick the victim into making money transfers.Cyware
February 5, 2024
Detecting and Mitigating the “Greatness” Phishing Kit Threat Full Text
Abstract
The "Greatness" phishing tool poses a significant threat to Microsoft 365 accounts and has the capability to outmaneuver multi-factor authentication, increasing the potential for cybercrime.Cyware
February 3, 2024
Fake Voicemail as Credential Harvesting Lure Full Text
Abstract
The attackers disguise the email to appear as if it's from a legitimate brand, using social engineering techniques to lure recipients into clicking on what seems to be an embedded voicemail but is actually a credential harvesting page.Cyware
January 31, 2024
New Evasive Large-Scale Scareware and PUP Delivery Campaign Spotted Full Text
Abstract
Unit 42 researchers discovered a large-scale campaign dubbed ApateWeb, which uses over 130,000 domains to distribute scareware, potentially unwanted programs (PUPs), and other scam pages.Cyware
January 31, 2024
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware Full Text
Abstract
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims' data," Guardio Labs researchers Oleg Zaytsev and Nati Tal said in a new report. "Free samples, tutorials, kits, even hackers-for-hire – everything needed to construct a complete end-to-end malicious campaign." The company also described Telegram as a "scammers paradise" and a "breeding ground for modern phishing operations." This is not the first time the popular messaging platform has come under the radar for facilitating malicious activities, which are in part driven by its lenient moderaThe Hacker News
January 30, 2024
Exploring Telegram’s Dark Markets, Breeding Ground for Modern Phishing Operations Full Text
Abstract
The phishing ecosystem has shifted from exclusive Dark web forums to public Telegram channels, making illicit tools and stolen data easily accessible to both seasoned cybercriminals and newcomers.Cyware
January 26, 2024
Malicious Ads on Google Target Chinese Users with Fake Messaging Apps Full Text
Abstract
Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a Thursday report. "Such programs give an attacker full control of a victim's machine and the ability to drop additional malware." It's worth noting that the activity, codenamed FakeAPP , is a continuation of a prior attack wave that targeted Hong Kong users searching for messaging apps like WhatsApp and Telegram on search engines in late October 2023. The latest iteration of the campaign also adds messaging app LINE to the list of messaging apps, redirecting users to bogus websites hosted on Google Docs or Google Sites. The Google infrastructure is used to embed linkThe Hacker News
January 26, 2024
Abu Dhabi Investment Firm Warns About Scam Efforts Full Text
Abstract
The National Investor in Abu Dhabi has issued a warning about fraudulent investment schemes misusing its name, logo, and employees' identities to solicit personal and financial information.Cyware
January 20, 2024
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware Full Text
Abstract
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. "The PDFs contained OneDrive URLs that, if clicked, initiated a multi-step infection chain eventually leading to the malware payload, a variant of the WasabiSeed and Screenshotter custom toolset," the enterprise security firm said . TA866 was first documented by the company in February 2023, attributing it to a campaign named Screentime that distributed WasabiSeed, a Visual Basic script dropper that's used to download Screenshotter, which is capable of taking screenshots of the victim's desktop at regular intervals of time and exfiltrating that data to an actor-controlled domain. ThereThe Hacker News
January 18, 2024
TA866 Returns with a Large Email Campaign Full Text
Abstract
The new campaign by TA866 involved a large volume of emails with attached PDFs containing OneDrive URLs that initiated a multi-step infection chain leading to malware payload.Cyware
January 18, 2024
Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware Full Text
Abstract
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are sent from impersonation accounts. COLDRIVER, also known by the names Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Gossamer Bear, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is known to be active since 2019, targeting a wide range of sectors. This includes academia, defense, governmental organizations, NGOs, think tanks, political outfits, and, recently, defense-industrial targets and energy facilities. "Targets in the U.K. and U.S. appear to have been most affected by Star Blizzard activity, however activity has also been observeThe Hacker News
January 18, 2024
Iranian Hackers Masquerade as Journalists to Spy on Israel-Hamas War Experts Full Text
Abstract
High-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the U.K., and the U.S. have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023. The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the Microsoft Threat Intelligence team said in a Wednesday analysis, describing it as a "technically and operationally mature subgroup of Mint Sandstorm." The attacks, in select cases, involve the use of a previously undocumented backdoor dubbed MediaPl, indicating ongoing endeavors by Iranian threat actors to refine their post-intrusion tradecraft. Mint Sandstorm, also known as APT35, Charming Kitten, TA453, and Yellow Garuda, is known for its adept social engineering campaigns , even resorting to legitimate but compromised accounts to send bespoke phishing emails to prospectiveThe Hacker News
January 17, 2024
Cheap .cloud Domains and Shark Tank Impersonation Fuels Unhealthy Scams Full Text
Abstract
Scammers are using fake news campaigns and cheaply acquired domain names to sell dubious health products, often claiming endorsements from popular entrepreneurial reality shows like Shark Tank and Dragons' Den.Cyware
January 16, 2024
Flipping the BEC Funnel: Phishing in the Age of GenAI Full Text
Abstract
The evolution of phishing techniques, including the use of advanced AI-driven tools, has led to a surge in highly personalized and convincing phishing attacks, posing a significant challenge to traditional email security solutions.Cyware
January 11, 2024
Black Basta-Affiliate Spreads Pikabot Full Text
Abstract
Threat group Water Curupira, known for its Cobalt Strike backdoors, recently transitioned to using Pikabot malware in phishing campaigns. Pikabot witnessed a surge in activity in Q4 2023, potentially serving as a replacement for Qakbot after its takedown. Users must exercise caution with email atta ... Read MoreCyware
January 10, 2024
Meet Ika & Sal: The Bulletproof Hosting Duo from Hell Full Text
Abstract
Two Russian men, known as Icamis and Salomon, co-ran the top spam forum Spamdot and worked closely with dangerous cybercriminals, controlling botnets and harvesting passwords.Cyware
January 09, 2024
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer Full Text
Abstract
Threat actors are resorting to YouTube videos featuring content related to cracked software in order to entice users into downloading an information stealer malware called Lumma. "These YouTube videos typically feature content related to cracked applications, presenting users with similar installation guides and incorporating malicious URLs often shortened using services like TinyURL and Cuttly," Fortinet FortiGuard Labs researcher Cara Lin said in a Monday analysis. This is not the first time pirated software videos on YouTube have emerged as an effective bait for stealer malware. Previously similar attack chains were observed delivering stealers, clippers, and crypto miner malware. In doing so, threat actors can leverage the compromised machines for not only information and cryptocurrency theft, but also abuse the resources for illicit mining. In the latest attack sequence documented by Fortinet, users searching for cracked versions of legitimate video editing tools likeThe Hacker News
January 04, 2024
UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT Full Text
Abstract
The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthickkumar Kathiresan and Shilpesh Trivedi said in a Wednesday report. "However, in their latest operational twist, the UAC-0050 group has integrated a pipe method for interprocess communication , showcasing their advanced adaptability." UAC-0050, active since 2020, has a history of targeting Ukrainian and Polish entities via social engineering campaigns that impersonate legitimate organizations to trick recipients into opening malicious attachments. In February 2023, the Computer Emergency Response Team of Ukraine (CERT-UA) attributed the adversary to a phishing campaign designed to deliver Remcos RAT. Over tThe Hacker News
December 30, 2023
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks Full Text
Abstract
Cybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets. "These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique," Check Point researchers Oded Vanunu, Dikla Barda, and Roman Zaikin said . A prominent contributor to this troubling trend is a notorious phishing group called Angel Drainer, which advertises a "scam-as-a-service" offering by charging a percentage of the stolen amount, typically 20% or 30% , from its collaborators in return for providing wallet-draining scripts and other services. In late November 2023, a similar wallet-draining service known as Inferno Drainer announced that it was shutting down its operations for good after helping scammers plunder over $70 million worth of crypto from 103,676 victims sincThe Hacker News
December 29, 2023
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks Full Text
Abstract
Nation-state actors affiliated to North Korea have been observed using spear-phishing attacks to deliver an assortment of backdoors and tools such as AppleSeed, Meterpreter, and TinyNuke to seize control of compromised machines. South Korea-based cybersecurity company AhnLab attributed the activity to an advanced persistent threat group known as Kimsuky . "A notable point about attacks that use AppleSeed is that similar methods of attack have been used for many years with no significant changes to the malware that are used together," the AhnLab Security Emergency Response Center (ASEC) said in an analysis published Thursday. Kimsuky , active for over a decade, is known for its targeting of a wide range of entities in South Korea, before expanding its focus to include other geographies in 2017. It was sanctioned by the U.S. government late last month for amassing intelligence to support North Korea's strategic objectives. The threat actor's espionage campaigns are realized thThe Hacker News
December 26, 2023
The Rising Threat of Phishing Attacks with Crypto Drainers Full Text
Abstract
The "Angel Drainer" phishing group is notorious for draining cryptocurrency wallets through sophisticated schemes, charging a percentage of the stolen amount from hackers.Cyware
December 25, 2023
Cloud Atlas’ Spear-Phishing Attacks Target Russian Agro and Research Companies Full Text
Abstract
The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia earlier this year. Cloud Atlas, active since at least 2014, is a cyber espionage group of unknown origin. Also called Clean Ursa, Inception, Oxygen, and Red October, the threat actor is known for its persistent campaigns targeting Russia, Belarus, Azerbaijan, Turkey, and Slovenia. In December 2022, Check Point and Positive Technologies detailed multi-stage attack sequences that led to the deployment of a PowerShell-based backdoor referred to as PowerShower as well as DLL payloads capable of communicating with an actor-controlled server. The starting point is a phishing message bearing a lure document that exploits CVE-2017-11882 , a six-year-olThe Hacker News
December 23, 2023
Cyber-Espionage Group Cloud Atlas Targets Russian Companies With War-Related Phishing Attacks Full Text
Abstract
The hacker group known as Cloud Atlas has recently targeted a Russian agro-industrial enterprise and a state-owned research company in an espionage campaign. The group, believed to be state-backed, primarily attacks Russia and surrounding countries.Cyware
December 22, 2023
Decoy Microsoft Word Documents Used to Deliver Nim-Based Malware Full Text
Abstract
A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language . "Malware written in uncommon programming languages puts the security community at a disadvantage as researchers and reverse engineers' unfamiliarity can hamper their investigation," Netskope researchers Ghanashyam Satpathy and Jan Michael Alcantara said . Nim-based malware has been a rarity in the threat landscape, although that has been slowly changing in recent years as attackers continue to either develop custom tools from scratch using the language or port existing versions of their nefarious programs to it. This has been demonstrated in the case of loaders such as NimzaLoader , Nimbda , IceXLoader , as well as ransomware families tracked under the names Dark Power and Kanti . The attack chain documented by Netskope begins with a phishing email containing a Word document attachment that, when opened, urges the recipiThe Hacker News
December 21, 2023
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware Full Text
Abstract
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla . The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the exploitation of CVE-2017-11882 (CVSS score: 7.8), a memory corruption vulnerability in Office's Equation Editor that could result in code execution with the privileges of the user. The findings, which come from Zscaler ThreatLabz, build on prior reports from Fortinet FortiGuard Labs, which detailed a similar phishing campaign that exploited the security flaw to deliver the malware. "Once a user downloads a malicious attachment and opens it, if their version of Microsoft Excel is vulnerable, the Excel file initiates communication with a malicious destination and proceeds to download additional files without requiring any further user interaction," security researcher KaivaThe Hacker News
December 21, 2023
Fake F5 Vulnerability ‘Update’ Delivers Data Wiper to Israeli Victims Full Text
Abstract
The attacker takes advantage of a vulnerability in F5's BIG-IP and tricks recipients into downloading a file that is supposed to be an update for the vulnerability. However, the file actually contains a wiper that deletes F5 servers.Cyware
December 20, 2023
Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave Full Text
Abstract
The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or iMessage and use URL-shortening services like Bit.ly to randomize the links they send," Resecurity said in a report published this week. "This helps them protect the fake website's domain and hosting location." Smishing Triad was first documented by the cybersecurity company in September 2023, highlighting the group's use of compromised Apple iCloud accounts to send smishing messages for carrying out identity theft and financial fraud. The threat actor is also known to offer ready-to-use smishing kits for sale to other cybercriminals for $200 a month, alongside engThe Hacker News
December 20, 2023
Global Malspam Targets Hotels, Spreading Redline and Vidar Stealers Full Text
Abstract
The hospitality industry is being targeted by a sophisticated malspam campaign that uses social engineering tactics to trick hotel representatives into opening password-protected archives containing malware.Cyware
December 19, 2023
New Scam Involving Remote Jobs on Social Media Platforms Full Text
Abstract
Researchers at Bitdefender Labs have uncovered a new scam involving remote jobs on social media platforms. Scammers are promising payment for simply liking YouTube videos.Cyware
December 19, 2023
Novel SMTP Smuggling Technique Slips Past DMARC, Email Protections Full Text
Abstract
Attackers can exploit SMTP smuggling to send spoofed emails with fake sender addresses, bypassing email security checks and putting organizations and individuals at risk for targeted phishing attacks.Cyware
December 19, 2023
New Malvertising Campaign Distributing PikaBot Disguised as Popular Software Full Text
Abstract
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' Jérôme Segura said . The malware family, which first appeared in early 2023, consists of a loader and a core module that allows it to operate as a backdoor as well as a distributor for other payloads. This enables the threat actors to gain unauthorized remote access to compromised systems and transmit commands from a command-and-control (C2) server, ranging from arbitrary shellcode, DLLs, or executable files, to other malicious tools such as Cobalt Strike. One of the threat actors leveraging PikaBot in its attacks is TA577 , a prolific cybercrime threat actor that has, in the past, delivered QakBot, IcedID, SystemBC, SmokeLoadThe Hacker News
December 16, 2023
PikaBot Distributed via Malicious Search Ads Full Text
Abstract
Threat actors are bypassing Google's security measures and using fingerprinting techniques to ensure successful execution of malicious downloads, pointing to a potential "malvertising as a service" model.Cyware
December 13, 2023
BazaCall Phishing Scammers Now Leveraging Google Forms for Deception Full Text
Abstract
The threat actors behind the BazaCall call back phishing attacks have been observed leveraging Google Forms to lend the scheme a veneer of credibility. The method is an "attempt to elevate the perceived authenticity of the initial malicious emails," cybersecurity firm Abnormal Security said in a report published today. BazaCall (aka BazarCall), which was first observed in 2020, refers to a series of phishing attacks in which email messages impersonating legitimate subscription notices are sent to targets, urging them to contact a support desk to dispute or cancel the plan, or risk getting charged anywhere between $50 to $500. By inducing a false sense of urgency, the attacker convinces the target over a phone call to grant them remote access capabilities using remote desktop software and ultimately establish persistence on the host under the guise of offering help to cancel the supposed subscription. Some of the popular services that are impersonated include NetflThe Hacker News
December 12, 2023
Fake LinkedIn Profiles Target Saudi Workers for Information Leakage and Financial Fraud Full Text
Abstract
Researchers have discovered nearly a thousand fake profiles created with the intention of reaching out to companies in the Middle East. These profiles, often difficult to distinguish from real ones, have been successful in their campaigns.Cyware
December 12, 2023
New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam Full Text
Abstract
A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs researcher Cara Lin said . "MrAnon Stealer steals its victims' credentials, system information, browser sessions, and cryptocurrency extensions." There is evidence to suggest that Germany is the primary target of the attack as of November 2023, owing to the number of times the downloader URL hosting the payload has been queried. Masquerading as a company looking to book hotel rooms, the phishing email bears a PDF file that, upon opening, activates the infection by prompting the recipient to download an updated version of Adobe Flash. Doing so results in the execution of .NET executables and PowerShell scripts to ultimately run a pernicious Python script, which iThe Hacker News
December 5, 2023
Hershey phishes! Crooks snarf chocolate lovers’ creds Full Text
Abstract
The phishing emails were sent to employees in early September and allowed the criminals to steal a range of personal data, including names, health and medical information, credit card numbers, and online account credentials.Cyware
December 04, 2023
Microsoft Warns of Malvertising Scheme Spreading CACTUS Ransomware Full Text
Abstract
Microsoft has warned of a new wave of CACTUS ransomware attacks that leverage malvertising lures to deploy DanaBot as an initial access vector. The DanaBot infections led to "hands-on-keyboard activity by ransomware operator Storm-0216 (Twisted Spider, UNC2198), culminating in the deployment of CACTUS ransomware," the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter). DanaBot , tracked by the tech giant as Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a point of entry for next-stage payloads. UNC2198, for its part, has been previously observed infecting endpoints with IcedID to deploy ransomware families such as Maze and Egregor, as detailed by Google-owned Mandiant in February 2021. Per Microsoft, the threat actor has also taken advantage of initial access provided by QakBot infections. The shift to DanaBot, therefore, is likely the resuThe Hacker News
November 30, 2023
Hackers Using Weaponized Invoice To Deliver LUMMA Malware Full Text
Abstract
Cybersecurity analysts identified that the attacker, posing as a financial services company in this campaign, tricks the target with a fake invoice email. The attacker dodges detection using a fake page and a real link.Cyware
November 28, 2023
How Hackers Phish for Your Users’ Credentials and Sell Them Full Text
Abstract
Account credentials, a popular initial access vector, have become a valuable commodity in cybercrime. As a result, a single set of stolen credentials can put your organization's entire network at risk. According to the 2023 Verizon Data Breach Investigation Report , external parties were responsible for 83 percent of breaches that occurred between November 2021 and October 2022. Forty-nine percent of those breaches involved stolen credentials. How are threat actors compromising credentials? Social engineering is one of the top five cybersecurity threats in 2023. Phishing, which accounts for %of social engineering attempts, is the go-to method for stealing credentials. It's a relatively cheap tactic that yields results. As phishing and social engineering techniques become more sophisticated and the tools become more readily available, credential theft should become a top security concern for all organizations if it already isn't one. Phishing has evolved With phishing and sThe Hacker News
November 24, 2023
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale Full Text
Abstract
More details have emerged about a malicious Telegram bot called Telekopye that's used by threat actors to pull off large-scale phishing scams. "Telekopye can craft phishing websites, emails, SMS messages, and more," ESET security researcher Radek Jizba said in a new analysis. The threat actors behind the operation – codenamed Neanderthals – are known to run the criminal enterprise as a legitimate company, spawning a hierarchical structure that encompasses different members who take on various roles. Once aspiring Neanderthals are recruited via advertisements on underground forums, they are invited to join designated Telegram channels that are used for communicating with other Neanderthals and keeping track of transaction logs. The ultimate goal of the operation is to pull off one of the three types of scams: seller, buyer, or refund. In the case of the former, Neanderthals pose as sellers and try to lure unwary Mammoths into purchasing a non-existent item. BuThe Hacker News
November 23, 2023
Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks Full Text
Abstract
A new phishing attack has been observed leveraging a Russian-language Microsoft Word document to deliver malware capable of harvesting sensitive information from compromised Windows hosts. The activity has been attributed to a threat actor called Konni , which is assessed to share overlaps with a North Korean cluster tracked as Kimsuky (aka APT43). "This campaign relies on a remote access trojan (RAT) capable of extracting information and executing commands on compromised devices," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published this week. The cyber espionage group is notable for its targeting of Russia , with the modus operandi involving the use of spear-phishing emails and malicious documents as entry points for their attacks. Recent attacks documented by Knowsec and ThreatMon have leveraged the WinRAR vulnerability (CVE-2023-38831) as well as obfuscated Visual Basic scripts to drop Konni RAT and a Windows Batch script capable ofThe Hacker News
November 21, 2023
How Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography Full Text
Abstract
Phishing attacks are steadily becoming more sophisticated, with cybercriminals investing in new ways of deceiving victims into revealing sensitive information or installing malicious software. One of the latest trends in phishing is the use of QR codes, CAPTCHAs, and steganography. See how they are carried out and learn to detect them. Quishing Quishing, a phishing technique resulting from the combination of "QR" and "phishing," has become a popular weapon for cybercriminals in 2023. By concealing malicious links within QR codes, attackers can evade traditional spam filters, which are primarily geared towards identifying text-based phishing attempts. The inability of many security tools to decipher the content of QR codes further makes this method a go-to choice for cybercriminals. An email containing a QR code with a malicious link Analyzing a QR code with an embedded malicious link in a safe environment is easy with ANY.RUN : Simply open this task in thThe Hacker News
November 21, 2023
Malicious Apps Disguised as Banks and Government Agencies Targeting Indian Android Users Full Text
Abstract
Android smartphone users in India are the target of a new malware campaign that employs social engineering lures to install fraudulent apps that are capable of harvesting sensitive data. "Using social media platforms like WhatsApp and Telegram, attackers are sending messages designed to lure users into installing a malicious app on their mobile device by impersonating legitimate organizations, such as banks, government services, and utilities," Microsoft threat intelligence researchers Abhishek Pustakala, Harshita Tripathi, and Shivang Desai said in a Monday analysis. The ultimate goal of the operation is to capture banking details, payment card information, account credentials, and other personal data. The attack chains involve sharing malicious APK files via social media messages sent on WhatsApp and Telegram by falsely presenting them as banking apps and inducing a sense of urgency by claiming that the targets' bank accounts will be blocked unless they update their permanent aThe Hacker News
November 20, 2023
DarkGate and PikaBot Malware Resurrect QakBot’s Tactics in New Phishing Attacks Full Text
Abstract
Phishing campaigns delivering malware families such as DarkGate and PikaBot are following the same tactics previously used in attacks leveraging the now-defunct QakBot trojan. "These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery," Cofense said in a report shared with The Hacker News. "The malware families used also follow suit to what we would expect QakBot affiliates to use." QakBot, also called QBot and Pinkslipbot, was shut down as part of a coordinated law enforcement effort codenamed Operation Duck Hunt earlier this August. The use of DarkGate and PikaBot in these campaigns is not surprising as they can both act as conduits to deliver additional payloads to compromised hosts, making them both an attractive option for cybercriminals. PikaBot's parallels to QakBot were previously highlighted by Zscaler in its analysis of the malwThe Hacker News
November 20, 2023
Konni Campaign Distributed via Malicious Document Full Text
Abstract
FortiGuard Labs has identified a Russian-language Word document with a malicious macro in the ongoing Konni campaign. The campaign uses a remote access trojan (RAT) to gain control of infected systems.Cyware
November 20, 2023
Are DarkGate and PikaBot the New QakBot? Full Text
Abstract
Phishing campaigns are using tactics previously seen in attacks involving the QakBot trojan to deliver malware families such as DarkGate and PikaBot. These campaigns utilize hijacked email threads, unique URL patterns, and a similar infection chain.Cyware
November 17, 2023
Beware: Malicious Google Ads Trick WinSCP Users into Installing Malware Full Text
Abstract
Threat actors are leveraging manipulated search results and bogus Google ads that trick users who are looking to download legitimate software such as WinSCP into installing malware instead. Cybersecurity company Securonix is tracking the ongoing activity under the name SEO#LURKER . "The malicious advertisement directs the user to a compromised WordPress website gameeweb[.]com, which redirects the user to an attacker-controlled phishing site," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News. The threat actors are believed to leverage Google's Dynamic Search Ads ( DSAs ), which automatically generates ads based on a site's content to serve the malicious ads that take the victims to the infected site. The ultimate goal of the complex multi-stage attack chain is to entice users into clicking on the fake, lookalike WinSCP website, winccp[.]net, and download the malware. "Traffic from the gaweeweb[.]com website to the fakeThe Hacker News
November 16, 2023
Hundreds of Websites Cloned to Run Ads for Chinese Gambling Full Text
Abstract
The motive behind these cloned sites is likely to generate traffic for gambling operators, as they can serve third-party ads that publishers may be reluctant to carry on their own sites.Cyware
November 16, 2023
BlackCat Ransomware Gang is Attacking Organizations Using Google Ads Laced with Malware Full Text
Abstract
Russian-speaking affiliates of the ALPHV/BlackCat ransomware gang are using malvertising for popular software to distribute the Nitrogen malware and infect organizations with ransomware.Cyware
November 14, 2023
New Campaign Targets Middle East Governments with IronWind Malware Full Text
Abstract
Government entities in the Middle East are the target of new phishing campaigns that are designed to deliver a new initial access downloader dubbed IronWind . The activity, detected between July and October 2023, has been attributed by Proofpoint to a threat actor it tracks under the name TA402 , which is also known as Molerats, Gaza Cyber Gang, and shares tactical overlaps with a pro-Hamas hacking crew known as APT-C-23 (aka Arid Viper). "When it comes to state-aligned threat actors, North Korea, Russia, China, and Iran generally reap the lion's share of attention," Joshua Miller, senior threat researcher at Proofpoint, said in a statement shared with The Hacker News. "But TA402, a Middle Eastern advanced persistent threat (APT) group that historically has operated in the interests of the Palestinian Territories, has consistently proven to be an intriguing threat actor capable of highly sophisticated cyber espionage with a focus on intelligence collectionThe Hacker News
November 13, 2023
Major Phishing-as-a-Service Syndicate ‘BulletProofLink’ Dismantled by Malaysian Authorities Full Text
Abstract
Malaysian law enforcement authorities have announced the takedown of a phishing-as-a-service (PhaaS) operation called BulletProofLink . The Royal Malaysia Police said the effort, which was carried out with assistance from the Australian Federal Police (AFP) and the U.S. Federal Bureau of Investigation (FBI) on November 6, 2023, was based on information that the threat actors behind the platform were based out of the country. To that end, eight individuals aged between 29 and 56, including the syndicate's mastermind, have been arrested across different locations in Sabah, Selangor, Perak, and Kuala Lumpur, New Straits Times reported . Along with the arrests, authorities confiscated servers, computers, jewelry, vehicles, and cryptocurrency wallets containing approximately $213,000. BulletProofLink , also called BulletProftLink, is known for offering ready-to-use phishing templates on a subscription basis to other actors for conducting credential harvesting campaigns. TheseThe Hacker News
November 11, 2023
Microsoft Warns of Fake Skills Assessment Portals Targeting IT Job Seekers Full Text
Abstract
A sub-cluster within the infamous Lazarus Group has established new infrastructure that impersonates skills assessment portals as part of its social engineering campaigns. Microsoft attributed the activity to a threat actor it calls Sapphire Sleet , describing it as a "shift in the persistent actor's tactics." Sapphire Sleet, also called APT38, BlueNoroff, CageyChameleon, and CryptoCore, has a track record of orchestrating cryptocurrency theft via social engineering. Earlier this week, Jamf Threat Labs implicated the threat actor to a new macOS malware family called ObjCShellz that's assessed to be a late-stage payload delivered in connection with another macOS malware known as RustBucket. "Sapphire Sleet typically finds targets on platforms like LinkedIn and uses lures related to skills assessment," the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter). "The threat actor then moves successful communicationThe Hacker News
November 11, 2023
Spammers Abuse Google Forms Quizzes to Perform Scams Full Text
Abstract
Cisco's Talos Intelligence blog reveals a sophisticated spam exploit using Google Forms' quiz results feature, collecting email addresses subtly via a quiz template. The spammer leverages Google's infrastructure to send phishing emails, bypassing spam blockers until Google addresses this method, ul ... Read MoreCyware
November 9, 2023
Threat Actors Impersonate Windows News Portal to Distribute RedLine Stealer Full Text
Abstract
A new malvertising campaign has been observed wherein threat actors are copying a legitimate Windows news portal to promote a malicious installer for the popular processor tool CPU-Z. Based on the infrastructure, domain names, and cloaking templates used, researchers believe the incident is part o ... Read MoreCyware
November 02, 2023
Iran’s MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign Full Text
Abstract
The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent . Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign "exhibits updated TTPs to previously reported MuddyWater activity," which has, in the past, used similar attack chains to distribute other remote access tools like ScreenConnect, RemoteUtilities, Syncro , and SimpleHelp . While the latest development marks the first time MuddyWater has been observed using N-able's remote monitoring software, it also underscores the fact that the largely unchanged modus operandi continues to yield some level of success for the threat actor. The findings have also been separately confirmed by cybersecurity company Group-IB in a post shared on X (formerly Twitter). The state-sponsored group is a cyberThe Hacker News
November 2, 2023
Threat Actors Deploy Malvertising Campaigns to Hijack Facebook Users’ Accounts Full Text
Abstract
The attackers use hijacked Facebook accounts and create multiple profiles featuring photos of young women to entice users to click on infected links. Clicking on the ads downloads a malicious file that steals browser cookies and passwords.Cyware
October 31, 2023
Trojanized PyCharm Software Version Delivered via Google Search Ads Full Text
Abstract
A new malvertising campaign has been observed capitalizing on a compromised website to promote spurious versions of PyCharm on Google search results by leveraging Dynamic Search Ads. "Unbeknownst to the site owner, one of their ads was automatically created to promote a popular program for Python developers, and visible to people doing a Google search for it," Jérôme Segura, director of threat intelligence at Malwarebytes, said in a report. "Victims who clicked on the ad were taken to a hacked web page with a link to download the application, which turned out to install over a dozen different pieces of malware instead." The infected website in question is an unnamed online portal that specializes in wedding planning, which had been injected with malware to serve bogus links to the PyCharm software. Per Malwarebytes, targets are directed to the website using Dynamic Search Ads, an ad offering from Google that programmatically uses the site's content toThe Hacker News
October 30, 2023
Remcos RAT Disguises as Payslip to Infect Users Full Text
Abstract
Researchers uncovered a phishing campaign distributing the Remcos remote access trojan. Cybercriminals disguised the malware as a payslip in a deceptive email. Remcos RAT can perform a range of malicious activities, including keylogging, capturing screenshots, controlling webcams and microphones, a ... Read MoreCyware
October 30, 2023
Malvertising via Dynamic Search Ads Delivers Malware Bonanza Full Text
Abstract
The compromised website injected malicious content, including overlays promoting software serial keys, which resulted in misleading ads being automatically generated by Google Ads.Cyware
October 20, 2023
Malvertisers Using Google Ads to Target Users Searching for Popular Software Full Text
Abstract
Details have emerged about a malvertising campaign that leverages Google Ads to direct users searching for popular software to fictitious landing pages and distribute next-stage payloads. Malwarebytes, which discovered the activity, said it's "unique in its way to fingerprint users and distribute time sensitive payloads." The attack singles out users searching for Notepad++ and PDF converters to serve bogus ads on the Google search results page that, when clicked, filters out bots and other unintended IP addresses by showing a decoy site. Should the visitor be deemed of interest to the threat actor, the victim is redirected to a replica website advertising the software, while silently fingerprinting the system to determine if the request is originating from a virtual machine. Users who fail the check are taken to the legitimate Notepad++ website, while a potential target is assigned a unique ID for "tracking purposes but also to make each download unique and tThe Hacker News
October 14, 2023
Voice Phishing Campaigns Using Access Keys Full Text
Abstract
The phishing attack starts with an HTML file disguised as a voice message, which leads to the download of a file hosted on a disguised AWS URL. The attackers initially impersonate Zoom but later switch to spoofing Outlook and Teams login pages.Cyware
October 12, 2023
Phishing Campaigns Affecting Italy Witness a Surge Full Text
Abstract
The Italian Postal Police and CERT-AgID have recently reported numerous phishing campaigns impersonating popular brands such as Poste Italiane, Intesa Sanpaolo, and Zimbra.Cyware
October 09, 2023
Cybercriminals Using EvilProxy Phishing Kit to Target Senior Executives in U.S. Firms Full Text
Abstract
Senior executives working in U.S.-based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Menlo Security said the activity started in July 2023, primarily singling out banking and financial services, insurance, property management and real estate, and manufacturing sectors. "The threat actors leveraged an open redirection vulnerability on the job search platform 'indeed.com,'redirecting victims to malicious phishing pages impersonating Microsoft," security researcher Ravisankar Ramprasad said in a report published last week. EvilProxy , first documented by Resecurity in September 2022, functions as a reverse proxy that's set up between the target and a legitimate login page to intercept credentials, two-factor authentication (2FA) codes, and session cookies to hijack accounts of interest. The thThe Hacker News
October 5, 2023
Stream-Jacking Attacks on YouTube Steal From Victims via Cryptocurrency Scams Full Text
Abstract
Attackers redirect victims to scams that involve QR codes and phishing websites promising to double their cryptocurrency investments, often using deep fake videos of Elon Musk to add credibility.Cyware
October 3, 2023
US Executives Targeted in Phishing Attacks Exploiting Flaw in Indeed Job Platform Full Text
Abstract
A recent phishing campaign has exploited an open redirection vulnerability in the popular job search platform Indeed, targeting executives in senior roles to steal their Microsoft credentials.Cyware
October 2, 2023
“Phantom Hacker” Scams Target Senior Citizens and Result in Victims Losing their Life Savings Full Text
Abstract
The FBI warned about a new scam called the "Phantom Hacker" scam, which is specifically targeting senior citizens. It involves imposters posing as tech support, financial institutions, and government representatives to gain the trust of victims.Cyware
September 30, 2023
APT34 Deploys Phishing Attack With New Menorah Malware Full Text
Abstract
The Menorah malware is designed for cyberespionage and possesses capabilities such as machine identification, file reading and uploading, shell command execution, and file downloading.Cyware
September 29, 2023
City of Fort Lauderdale, Florida, Taken for $1.2m in Email Scam Full Text
Abstract
The payment, intended for a new police headquarters building, was made to a scammer who posed as the legitimate contractor, Moss Construction. The incident underscores the need for increased cybersecurity measures against business email compromise.Cyware
September 29, 2023
Lazarus APT Lures Employees of Spanish Aerospace Company with Trojanized Coding Challenges Full Text
Abstract
The attack involved the deployment of a sophisticated backdoor called LightlessCan, which mimics native Windows commands and implements techniques to avoid detection by security monitoring software.Cyware
September 27, 2023
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors Full Text
Abstract
A new threat actor known as AtlasCross has been observed leveraging Red Cross-themed phishing lures to deliver two previously undocumented backdoors named DangerAds and AtlasAgent. NSFOCUS Security Labs described the adversary as having a "high technical level and cautious attack attitude," adding that "the phishing attack activity captured this time is part of the attacker's targeted strike on specific targets and is its main means to achieve in-domain penetration." The attack chains start with a macro-laced Microsoft document that purports to be about a blood donation drive from the American Red Cross that, when launched, runs the malicious macro to set up persistence, exfiltrate system metadata to a remote server (data.vectorse[.]com) that's a sub-domain of a legitimate website belonging to a structural and engineering firm based in the U.S. It also extracts a file named KB4495667.pkg (codenamed DangerAds), which, subsequently acts as a loader toThe Hacker News
September 25, 2023
Ukrainian Military Targeted in Phishing Campaign Leveraging Drone Manuals Full Text
Abstract
Ukrainian military entities are the target of a phishing campaign that leverages drone manuals as lures to deliver a Go-based open-source post-exploitation toolkit called Merlin. "Since drones or Unmanned Aerial Vehicles (UAVs) have been an integral tool used by the Ukrainian military, malware-laced lure files themed as UAVs service manuals have begun to surface," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News. The cybersecurity company is tracking the campaign under the name STARK#VORTEX . The starting point of the attack is a Microsoft Compiled HTML Help (CHM) file that, when opened, runs malicious JavaScript embedded inside one of the HTML pages to execute PowerShell code designed to contact a remote server to fetch an obfuscated binary. The Windows-based payload is decoded to extract the Merlin Agent , which, in turn, is configured to communicate with a command-and-control (C2) server for post-exploitaThe Hacker News
September 22, 2023
BBTok Banking Trojan Impersonates Over 40 Banks to Hijack Victim Accounts Full Text
Abstract
The campaign uses advanced obfuscation techniques, phishing links, and geofencing to ensure victims are located only in Brazil and Mexico, demonstrating an evolution in the attackers' tactics.Cyware
September 21, 2023
Singapore Police Warn of New Scam Campaign Spreading Android Malware Full Text
Abstract
The Singapore police, on Wednesday, issued an advisory about a new variant of Android malware scams, where scammers would initiate a factory reset on infected devices after the malware executes unauthorized transactions on the phone’s i-banking app.Cyware
September 20, 2023
Sophisticated Phishing Campaign Targeting Chinese Users with ValleyRAT and Gh0st RAT Full Text
Abstract
Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new trojan called ValleyRAT. "Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity," enterprise security firm Proofpoint said in a report shared with The Hacker News. The activity, observed since early 2023, entails sending email messages containing URLs pointing to compressed executables that are responsible for installing the malware. Other infection chains have been found to leverage Microsoft Excel and PDF attachments that embed these URLs to trigger malicious activity. These campaigns demonstrate variation in the use of infrastructure, sender domains, email content, targeting, and payloads, indicating that different threat clusters are mounting the attacks. Over 30 such campaigns have been detected in 2023 that employ malwaThe Hacker News
September 15, 2023
Cybercriminals Combine Phishing and EV Certificates to Deliver Ransomware Payloads Full Text
Abstract
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation ( EV ) code signing certificates. "This suggests that the threat actors are streamlining operations by making their techniques multipurpose," Trend Micro researchers said in a new analysis published this week. In the incident investigated by the cybersecurity company, an unnamed victim is said to have first received a piece of info stealer malware with EV code signing certificates, followed by ransomware using the same delivery technique. In the past, QakBot infections have leveraged samples signed with valid code signing certificates to bypass security protections. The attacks start with phishing emails that employ well-worn lures to trick victims into running malicious attachments that masquerade as PDF or JPG images but are actually executables that jump-start the compromThe Hacker News
September 14, 2023
BatLoader Unleashed in Ongoing Webex Malvertising Campaign Full Text
Abstract
A new malvertising campaign has surfaced, targeting corporate users downloading popular web conferencing software Cisco Webex with BatLoader. Webex itself has not been compromised; rather, threat actors are exploiting brand impersonation to distribute the malware. The malicious ad impersonating it ... Read MoreCyware
September 13, 2023
Microsoft Warns of New Phishing Campaign Targeting Corporations via Teams Messages Full Text
Abstract
Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. The tech giant's Threat Intelligence team is tracking the cluster under the name Storm-0324 , which is also known by the monikers TA543 and Sagrid. "Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said , adding the development marks a shift from using email-based initial infection vectors for initial access. Storm-0324 operates in the cybercriminal economy as a payload distributor, offering a service that allows for the propagation of various payloads using evasive infection chains. This includes a mix of downloaders, banking trojans, ransomware, and modular toolkits such as Nymaim, Gozi, TrickBot, IcedID, Gootkit, Dridex, Sage, GandCrab, and JSSLoader. Attack sequences mounted by the aThe Hacker News
September 12, 2023
Sophisticated Phishing Campaign Deploying Agent Tesla, OriginBotnet, and RedLine Clipper Full Text
Abstract
A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and OriginBotnet, to gather a wide range of information from compromised Windows machines. "A phishing email delivers the Word document as an attachment, presenting a deliberately blurred image and a counterfeit reCAPTCHA to lure the recipient into clicking on it," Fortinet FortiGuard Labs researcher Cara Lin said . Clicking on the image leads to the delivery of a loader from a remote server that, in turn, is designed to distribute OriginBotnet for keylogging and password recovery, RedLine Clipper for cryptocurrency theft, and Agent Tesla for harvesting sensitive information. The loader, written in .NET, employs a technique called binary padding by adding null bytes to increase the file's size to 400 MB in an attempt to evade detection by security software. The activation of the loader triggers a multi-stage process to estThe Hacker News
September 11, 2023
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger Full Text
Abstract
A new phishing attack is leveraging Facebook Messenger to propagate messages with malicious attachments from a "swarm of fake and hijacked personal accounts" with the ultimate goal of taking over the targets' accounts. "Originating yet again from a Vietnamese-based group, this campaign uses a tiny compressed file attachment that packs a powerful Python-based stealer dropped in a multi-stage process full of simple yet effective obfuscation methods," Guardio Labs researcher Oleg Zaytsev said in an analysis published over the weekend. In these attacks, dubbed MrTonyScam, potential victims are sent messages that entice them into clicking on the RAR and ZIP archive attachments, leading to the deployment of a dropper that fetches the next-stage from a GitHub or GitLab repository. This payload is another archive file that contains a CMD file, which, in turn, harbors an obfuscated Python-based stealer to exfiltrate all cookies and login credentials from differentThe Hacker News
September 9, 2023
New Phishing Campaign Launched via Google Looker Studio Full Text
Abstract
As part of the observed attacks, threat actors are using Google Looker Studio to create fake crypto pages that are then delivered to the intended victims in emails sent from the legitimate tool itself.Cyware
September 07, 2023
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware Full Text
Abstract
A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it's being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering features were detected in the wild, targeting gamers and cryptocurrency users. Malvertising via Google Ads has been observed as the primary distribution vector in which users searching for popular software, legitimate or cracked, on search engines are shown bogus ads that direct to websites hosting rogue installers. The latest campaign involves the use of a fraudulent website for TradingView, prominently featuring three buttons to download the software for Windows, macOS, and Linux operating systems. "Both the Windows and Linux buttons point to an MSIX installer hosted on Discord that dropsThe Hacker News
September 06, 2023
Alert: Phishing Campaigns Deliver New SideTwist Backdoor and Agent Tesla Variant Full Text
Abstract
The Iranian threat actor tracked as APT34 has been linked to a new phishing attack that leads to the deployment of a variant of a backdoor called SideTwist . "APT34 has a high level of attack technology, can design different intrusion methods for different types of targets, and has supply chain attack capability," NSFOCUS Security Labs said in a report published last week. APT34, also known by the names Cobalt Gypsy, Hazel Sandstorm (formerly Europium), Helix Kitten, and OilRig, has a track record of targeting telecommunications, government, defense, oil and financial services verticals in the Middle East since at least 2014 via spear-phishing lures that culminate in the deployment of various backdoors. One of the key traits of the hacking outfit is its ability to create new and updated tools to minimize the odds of detection and gain a foothold on compromised hosts for extended periods of time. SideTwist was first documented as used by APT34 in April 2021, with Check PoinThe Hacker News
September 06, 2023
W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts Full Text
Abstract
A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks," Group-IB said in a report shared with The Hacker News. The phishing infrastructure is estimated to have targeted more than 56,000 corporate Microsoft 365 accounts and compromised at least 8,000 of them, primarily in the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy between October 2022 and July 2023, netting its operators $500,000 in illicit profits. Some of the prominent sectors infiltrated using the phishing solution include manufacturing, IT, consultinThe Hacker News
September 1, 2023 – Breach
Data Breach Could Affect More Than 100,000 in Pima County Full Text
Abstract
More than 100,000 Pima County residents could be affected by a nationwide data breach that affected the company that handled COVID-19 case investigations and contact tracing here, officials say.Cyware
September 01, 2023
New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists Full Text
Abstract
A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear . The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonating a member of the organization, non-profit entity Interlabs said in a new report. The LNK file, upon execution, launches a PowerShell command to execute a Visual Basic script that, in turn, fetches the next-stage payloads from a legitimate but compromised WordPress website. This includes the Autoit3.exe binary ("solmir.pdb") and an AutoIt script ("solmir_1.pdb") that's launched using the former. The AutoIt script, for its part, performs process injection using a process hollowing technique , in which malicious code is inserted into a process that's in a suspended state. In this case, an instance of Explorer.exe is spawned to inject a never-before-seen RAT referred to as SuperBear thThe Hacker News
September 01, 2023
Classiscam Scam-as-a-Service Raked $64.5 Million During the COVID-19 Pandemic Full Text
Abstract
The Classiscam scam-as-a-service program has reaped the criminal actors $64.5 million in illicit earnings since its emergence in 2019. "Classiscam campaigns initially started out on classified sites, on which scammers placed fake advertisements and used social engineering techniques to convince users to pay for goods by transferring money to bank cards," Group-IB said in a new report. "Since then, Classiscam campaigns have become highly automated, and can be run on a host of other services, such as online marketplaces and carpooling sites." A majority of victims are based in Europe (62.2%), followed by the Middle East and Africa (18.2%), and the Asia-Pacific (13%). Germany, Poland, Spain, Italy, and Romania accounted for the highest number of fraudulent transactions registered in Classiscam chats. First discovered in 2019, Classiscam is an umbrella term for an operation that encompasses 1,366 distinct groups on Telegram. The activities first targeted RussiThe Hacker News
August 30, 2023
AiTM Attacks Evolve: Warns Microsoft Full Text
Abstract
Microsoft is alerting about a rise in AiTM phishing methods within the PhaaS cybercrime model, enabling widespread large-scale phishing campaigns. The primary aim of these attacks is to steal session cookies, allowing malicious actors to gain entry to privileged systems without needing to authentic ... Read MoreCyware
August 29, 2023
Phishing-as-a-Service Gets Smarter: Microsoft Sounds Alarm on AiTM Attacks Full Text
Abstract
Microsoft is warning of an increase in adversary-in-the-middle ( AiTM ) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model. In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities. "This development in the PhaaS ecosystem enables attackers to conduct high-volume phishing campaigns that attempt to circumvent MFA protections at scale," the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter). Phishing kits with AiTM capabilities work in two ways, one of which concerns the use of reverse proxy servers (i.e., the phishing page) to relay traffic to and from the client and legitimate website and stealthily capture user credentials, two-factor authentication codes, and session cookies. A second method involves synchronous relay servers. "In AiTM through synchronous relay sThe Hacker News
August 28, 2023
Spain warns of LockBit Locker ransomware phishing attacks Full Text
Abstract
The National Police of Spain is warning of an ongoing 'LockBit Locker' ransomware campaign targeting architecture companies in the country through phishing emails.BleepingComputer
August 24, 2023
New Telegram Bot “Telekopye” Powering Large-scale Phishing Scams from Russia Full Text
Abstract
A new financially motivated operation is leveraging a malicious Telegram bot to help threat actors scam their victims. Dubbed Telekopye , a portmanteau of Telegram and kopye (meaning "spear" in Russian), the toolkit functions as an automated means to create a phishing web page from a premade template and send the URL to potential victims, codenamed Mammoths by the criminals. "This toolkit is implemented as a Telegram bot that, when activated, provides several easy-to-navigate menus in the form of clickable buttons that can accommodate many scammers at once," ESET researcher Radek Jizba said in a report shared with The Hacker News. The exact origins of the threat actors, dubbed Neanderthals, are unclear, but evidence points to Russia as the country of origin of the toolkit's authors and users, owing to the use of Russian SMS templates and the fact that a majority of the targeted online marketplaces are popular in the country. Multiple versions of TelekoThe Hacker News
August 21, 2023
Researchers Spoof an Apple Device and Trick Users Into Sharing Sensitive Data Full Text
Abstract
The spoofed Apple device prompts users to connect their Apple ID or share a password with a nearby Apple TV, allowing threat actors to collect data such as phone numbers and Apple ID emails.Cyware
August 18, 2023
Cloaked Malvertising: Unmasking Complex Fingerprinting and Evading Detection Full Text
Abstract
Malwarebytes Labs identified a new trend in malvertising campaigns that use advanced cloaking techniques to evade detection. Threat actors are targeting the users of popular IT programs by creating malicious ads displayed on Google search results. To safeguard against ever-evolving malvertising tac ... Read MoreCyware
August 18, 2023
Ongoing Phishing Campaign Targets Zimbra Credentials Full Text
Abstract
ESET uncovered an ongoing phishing campaign targeting Zimbra Collaboration users, aiming to harvest their Zimbra account credentials. The phishing emails lure victims by posing as email server updates, account deactivations, or similar issues, and directing them to click on an attached HTML file. S ... Read MoreCyware
August 18, 2023
Behind WoofLocker: Long-running Traffic Diversion Scheme Full Text
Abstract
The long-standing WoofLocker tech support scam campaign, initiated in 2017, remains active with enhanced resilience as it employs a unique traffic redirection approach on compromised websites. Redirecting targeted users to a fake virus warning browser locker screen, WoofLocker has exhibited stabili ... Read MoreCyware
August 18, 2023
Massive phishing campaign targets users of the Zimbra Collaboration email server Full Text
Abstract
A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials. ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server...Security Affairs
August 18, 2023
Catching up With Wooflocker, the Most Elaborate Traffic Redirection Scheme to Tech Support Scams Full Text
Abstract
The WoofLocker tech support scam campaign, which was first discovered in 2020, is still active and has evolved to become more sophisticated. The campaign relies on compromised websites to distribute its malicious code, with a focus on adult websites.Cyware
August 17, 2023
A massive campaign delivered a proxy server application to 400,000 Windows systems Full Text
Abstract
Researchers discovered a massive campaign that delivered a proxy server application to at least 400,000 Windows systems. AT&T Alien Labs researchers uncovered a massive campaign that delivered a proxy server application to at least 400,000 Windows...Security Affairs
August 17, 2023
Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks Full Text
Abstract
An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke , which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock, Midnight Blizzard, and The Dukes). "The threat actor used Zulip – an open-source chat application – for command-and-control, to evade and hide its activities behind legitimate web traffic," Dutch cybersecurity company EclecticIQ said in an analysis last week. The infection sequence is as follows: The PDF attachment, named "Farewell to Ambassador of Germany," comes embedded with JavaScript code that initiates a multi-stage process to leave a persistent backdoor on compromised networks. APT29's use of invitation themes has been previously reported by Lab52, which docThe Hacker News
August 17, 2023
Malvertisers up Their Game Against Researchers Full Text
Abstract
Threat actors are using advanced cloaking techniques in malvertising campaigns to remain undetected and drop malware, making it more challenging for defenders to identify and report these incidents.Cyware
August 16, 2023
A massive phishing campaign using QR codes targets the energy sector Full Text
Abstract
A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing...Security Affairs
August 10, 2023
Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives Full Text
Abstract
Threat actors are increasingly using a phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies. According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations worldwide between March and June 2023. Nearly 39% of the hundreds of compromised users are said to be C-level executives, including CEOs (9%) and CFOs (17%). The attacks have also singled out personnel with access to financial assets or sensitive information. At least 35% of all compromised users had additional account protections enabled. The campaigns are seen as a response to the increased adoption of multi-factor authentication (MFA) in enterprises, prompting threat actors to evolve their tactics to bypass new security layers by incorporating adversary-in-the-middle ( AitM ) phishing kits toThe Hacker News
August 9, 2023
EvilProxy used in massive cloud account takeover scheme Full Text
Abstract
Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed...Security Affairs
August 8, 2023
Massive Phishing Campaign Impersonates 340 Companies Using Over 800 Scam Domains Full Text
Abstract
The phishing operation, originating from Russia but pretending to be Ukrainian, utilized a high-quality single-page application to create convincing websites and steal credit card and bank details.Cyware
August 8, 2023
Teach a Man to Phish and He’s Set for Life – Krebs on Security Full Text
Abstract
A recent phishing scam has been using an old trick to fool Microsoft Windows users. The scam involves sending an email with an attachment that appears to be a PDF file, but is actually an .eml file disguised as a .pdf.Cyware
August 03, 2023
Microsoft Exposes Russian Hackers’ Sneaky Phishing Tactics via Microsoft Teams Chats Full Text
Abstract
Microsoft on Wednesday disclosed that it identified a set of highly targeted social engineering attacks mounted by a Russian nation-state threat actor using credential theft phishing lures sent as Microsoft Teams chats. The tech giant attributed the attacks to a group it tracks as Midnight Blizzard (previously Nobelium). It's also called APT29, BlueBravo, Cozy Bear, Iron Hemlock, and The Dukes. "In this latest activity, the threat actor uses previously compromised Microsoft 365 tenants owned by small businesses to create new domains that appear as technical support entities," the company said . "Using these domains from compromised tenants, Midnight Blizzard leverages Teams messages to send lures that attempt to steal credentials from a targeted organization by engaging a user and eliciting approval of multi-factor authentication (MFA) prompts." Microsoft said the campaign, observed since at least late May 2023, affected less than 40 organizations globalThe Hacker News
August 2, 2023
Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign Full Text
Abstract
Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email...Security Affairs
August 02, 2023
Phishers Exploit Salesforce’s Email Services Zero-Day in Targeted Facebook Campaign Full Text
Abstract
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook's Web Games platform," Guardio Labs researchers Oleg Zaytsev and Nati Tal said in a report shared with The Hacker News. The email messages masquerade as coming from Meta, while being sent from an email address with a "@salesforce.com" domain. They seek to trick recipients into clicking on a link by claiming that their Facebook accounts are undergoing a "comprehensive investigation" due to "suspicions of engaging in impersonation." The goal is to direct users to a rogue landing page that's designed to capture the victim's account credentials and two-factor autThe Hacker News
August 1, 2023
Iranian Hackers Posed as Israelis in Targeted LinkedIn Phishing Attack Full Text
Abstract
During the conversation, the malicious actors would send seemingly harmless attachments, such as invitations to conferences or files related to the targets’ professional interests, such as studies or articles.Cyware
July 28, 2023
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures Full Text
Abstract
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARK#MULE . "Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North Korean groups such as APT37 as South Korea has historically been a primary target of the group, especially its government officials," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News. APT37, also known by the names Nickel Foxcroft, Reaper, Ricochet Chollima, and ScarCruft, is a North Korean nation-state actor that's known to exclusively focus on targets in its southern counterpart, specifically those involved in reporting on North Korea and supporting defectors. Attack chains mounted by the group have historically reliThe Hacker News
July 28, 2023
Nitrogen Malvertising - Sneaky Malware in Search Ads Full Text
Abstract
A recently detected malvertising campaign, known as Nitrogen, has been discovered exploiting Google Search and Bing ads to target users searching for IT tools. The Nitrogen campaign predominantly focuses on technology and non-profit organizations in North America. It operates by posing as inst ... Read MoreCyware
July 27, 2023
New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads Full Text
Abstract
A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future ransomware attacks. Dubbed Nitrogen , the "opportunistic" activity is designed to deploy second-stage attack tools such as Cobalt Strike, Sophos said in a Wednesday analysis. Nitrogen was first documented by eSentire in June 2023, detailing an infection chain that redirects users to compromised WordPress sites hosting malicious ISO image files that ultimately culminate in the delivery of Python scripts and Cobalt Strike Beacons onto the targeted system. Then earlier this month, Trend Micro uncovered a similar attack sequence in which a fraudulent WinSCP application functioned as a stepping stone for a BlackCat ransomware attack. "Throughout the infection chain, the threatThe Hacker News
July 20, 2023
Phishing via Google Ads Full Text
Abstract
Hackers are using URL redirects within Google ads to lead users to malicious sites, leveraging the trust and legitimacy of Google Ads. This technique, known as BEC 3.0, involves referencing legitimate sites instead of spoofed ones.Cyware
July 17, 2023
Meta’s Threads App Used as a Lure Full Text
Abstract
Researchers with Veriti are warning about “over 700 domains related to Threads being registered daily” in recent weeks, offering an Android version of the app for download outside of Google’s official app store.Cyware
July 17, 2023
Hackers Exploit WebAPK to Deceive Android Users into Installing Malicious Apps Full Text
Abstract
Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The link contained in the message led to a site that used WebAPK technology to install a malicious application on the victim's device." The application impersonates PKO Bank Polski, a multinational banking and financial services company headquartered in Warsaw. Details of the campaign were first shared by Polish cybersecurity firm RIFFSEC. WebAPK allows users to install progressive web apps (PWAs) to their home screen on Android devices without having to use the Google Play Store. "When a user installs a PWA from Google Chrome and a WebAPK is used, the mintiThe Hacker News
July 10, 2023
RomCom hackers target NATO Summit attendees in phishing attacks Full Text
Abstract
A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania.BleepingComputer
July 10, 2023
New Phishing Attack Spoofs Microsoft 365 Authentication System Full Text
Abstract
According to researchers at Vade, the attack email includes a harmful HTML attachment with JavaScript code. This code is designed to gather the recipient’s email address and modify the page using data from a callback function’s variable.Cyware
July 07, 2023
Vishing Goes High-Tech: New ‘Letscall’ Malware Employs Voice Traffic Routing Full Text
Abstract
Researchers have issued a warning about an emerging and advanced form of voice phishing ( vishing ) known as " Letscall ." This technique is currently targeting individuals in South Korea. The criminals behind "Letscall" employ a multi-step attack to deceive victims into downloading malicious apps from a counterfeit Google Play Store website. Once the malicious software is installed, it redirects incoming calls to a call center under the control of the criminals. Trained operators posing as bank employees then extract sensitive information from unsuspecting victims. To facilitate the routing of voice traffic, "Letscall" utilizes cutting-edge technologies such as voice over IP (VOIP) and WebRTC. It also makes use of Session Traversal Utilities for NAT (STUN) and Traversal Using Relays around NAT (TURN) protocols, including Google STUN servers, to ensure high-quality phone or video calls and bypass NAT and firewall restrictions. The "Letscall&quoThe Hacker News
July 4, 2023
U.S. Law Firms Targeted in New GuLoader Campaign Full Text
Abstract
GuLoader is increasingly prevalent as a malware loader within phishing campaigns. Morphisec Labs uncovered a GuLoader campaign that has been targeting law firms (46.4%), alongside investment (17.9%) and healthcare (21.4%) firms, in the U.S. The campaign has been ongoing since April.Cyware
July 3, 2023
Torrent of image-based phishing emails are harder to detect and more convincing Full Text
Abstract
Phishing mongers have released a torrent of image-based junk emails that embed QR codes into their bodies to successfully bypass security protections and provide a level of customization to more easily fool recipients, researchers said.Cyware
July 1, 2023
Malvertising Used as Entry Vector for BlackCat, Actors Also Leverage SpyBoy Terminator Full Text
Abstract
The infection chain started with a malicious ad for the WinSCP application displayed in search engine results. Users who clicked on the ad were redirected to a cloned download webpage where they unknowingly downloaded a malware-infected ISO file.Cyware
June 28, 2023
Ukraine Cracks Down on Investment Scams, Raids Call Centers Full Text
Abstract
Ukrainian cyber police raided and closed over a dozen fraudulent call centers last week, saying the operations were running fake investment scams that involved stealing cryptocurrency and payment card details from European and Central Asian citizens.Cyware
June 22, 2023
MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans Full Text
Abstract
A new phishing campaign codenamed MULTI#STORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT (remote access trojan) malware instances, such as Warzone RAT and Quasar RAT," Securonix researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said . "Both are used for command-and-control during different stages of the infection chain." The multi-stage attack chain commences when an email recipient clicks the embedded link pointing to a password-protected ZIP file ("REQUEST.zip") hosted on Microsoft OneDrive with the password "12345." Extracting the archive file reveals a heavily obfuscated JavaScript file ("REQUEST.js") that, when double clicked, activates the infection by executing two PowerShell commands that are responsible for retrieving two separate payloads from OneDriThe Hacker News
June 20, 2023
Phishing scam takes $950k from DoorDash drivers Full Text
Abstract
The scam involved placing bogus orders, contacting drivers claiming to be from the DoorDash support team, and convincing them to hand over banking details or log in to a fake portal.Cyware
June 15, 2023
North Korea created evil twin of South Korea’s Naver.com Full Text
Abstract
North Korea has created a fake version of South Korea's largest internet portal, Naver, in a large-scale phishing attempt, Seoul's National Intelligence Service (NIS) said on Wednesday.Cyware
June 13, 2023
New Phishing Scam Spoofs German Media, Broadband Conference Anga Full Text
Abstract
Hackers have devised an intricate phishing attack by leveraging the reputation of Germany’s renowned Anga Com conference to send spoofed emails and create deceptive web pages, deceiving unsuspecting users into divulging their login credentials.Cyware
June 11, 2023
Microsoft warns of multi-stage AiTM phishing and BEC attacks Full Text
Abstract
Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC)...Security Affairs
June 09, 2023
Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants Full Text
Abstract
Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle ( AitM ) phishing and business email compromise (BEC) attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations," the tech giant disclosed in a Thursday report. Microsoft, which is tracking the cluster under its emerging moniker Storm-1167 , called out the group's use of indirect proxy to pull off the attack. This enabled the attackers to flexibly tailor the phishing pages to their targets and carry out session cookie theft, underscoring the continued sophistication of AitM attacks. The modus operandi is unlike other AitM campaigns where the decoy pages act as a reverse proxy to harvest credentials and time-based one-time passwords (TOTPs) entered by the victims. "The attacker presented targets with a website that miThe Hacker News
June 06, 2023
Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices Full Text
Abstract
Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular apps to redirect users to serve unwanted ads to users as part of a campaign ongoing since October 2022. "The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue," Bitdefender said in a technical report shared with The Hacker News. "However, the threat actors involved can easily switch tactics to redirect users to other types of malware such as banking Trojans to steal credentials and financial information or ransomware." The Romanian cybersecurity company said it has discovered 60,000 unique apps carrying the adware, with a majority of the detections located in the U.S., South Korea, Brazil, Germany, the U.K., France, Kazakhstan, Romania, and Italy. It's worth pointing out that none of the apps are distributed through the official Google Play Store. Instead, users searching for apps like Netflix, PDFThe Hacker News
June 06, 2023
Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme Full Text
Abstract
A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that's targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB. The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. The messages also contain a shortened URL to conceal the actual phishing link. Clicking on the link directs the unsuspecting recipients to a fake landing page that's designed to capture payment credentials and personal data. The campaign is estimated to be active as of April 15, 2023. "The URLs from the texts lead to fake branded payment pages that ask for personal details, such as name, address, and credit card information," Group-IB said . "The phishing pages appropriate the official name and logo of the impersonated postal service provider." The exact scale of the attacks is currently unknown. What's known is that the texThe Hacker News
May 30, 2023
Beware of the new phishing technique “file archiver in the browser” that exploits zip domains Full Text
Abstract
"file archiver in the browser" is a new phishing technique that can be exploited by phishers when victims visit a .ZIP domain. A new phishing technique called "file archiver in the browser" can be used by phishers to "emulate" a file archiver software...Security Affairs
May 29, 2023
Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks Full Text
Abstract
Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and .rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts...Security Affairs
May 29, 2023
Don’t Click That ZIP File! Phishers Weaponizing .ZIP Domains to Trick Victims Full Text
Abstract
A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain. "With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate," security researcher mr.d0x disclosed last week. Threat actors, in a nutshell, could create a realistic-looking phishing landing page using HTML and CSS that mimics legitimate file archive software, and host it on a .zip domain, thus elevating social engineering campaigns . In a potential attack scenario, a miscreant could resort to such trickery to redirect users to a credential harvesting page when a file "contained" within the fake ZIP archive is clicked. "Another interesting use case is listing a non-executable file and when the user clicks to initiate a download, it downloads an executable file," mr.d0xThe Hacker News
May 24, 2023
Scammers Use Residential IP Addresses to Launch BEC Attacks Full Text
Abstract
The Cyber Signals report revealed that Microsoft detected 35 million BEC attempts with an average of 156,000 attempts daily between April 2022 and April 2023. Microsoft also noticed a pattern in which attackers used a phishing-as-a-service platform, BulletProftLink, to obtain login credentials. To ... Read MoreCyware
May 23, 2023
Fake CapCut Websites Spread Information Stealers Full Text
Abstract
Cybercriminals are distributing a fake version of CapCut, ByteDance's official video editor tool, to infect users with different malware. In most cases, they employ SEO poisoning techniques, utilize search ads, and leverage social media platforms to promote the tool via malicious websites created b ... Read MoreCyware
May 22, 2023
Malicious links and misaddressed emails slip past security controls Full Text
Abstract
The majority of organizations use six or more communication tools, across channels, with email remaining the channel seen as the most vulnerable to attacks (38%), according to Armorblox.Cyware
May 22, 2023
BatLoader campaign impersonates ChatGPT and Midjourney to deliver Redline Stealer Full Text
Abstract
Researchers identified an ongoing BatLoader campaign relying on Google Search Ads to deliver rogue web pages for ChatGPT and Midjourney. In early May, researchers at eSentire Threat Response Unit (TRU) spotted an ongoing BatLoader campaign using Google...Security Affairs
May 20, 2023
Phishing Vendor Sells IP Addresses to Duck Anomaly Detection Full Text
Abstract
BulletProofLink, also referred to as BulletProftLink or Anthrax, sells access to phishing kits, email templates, hosting, and automated series "at a relatively low cost".Cyware
May 18, 2023
Leveraging Dropbox to Soar Into Inbox Full Text
Abstract
The new way that hackers originate BEC 3.0 attacks is through legitimate services. In this attack, hackers create free Dropbox accounts and leverage their domain legitimacy to create pages with phishing embedded within them.Cyware
May 13, 2023
New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages Full Text
Abstract
A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages," Cisco Talos researcher Tiago Pereira said . "It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page." Campaigns involving Greatness have mainly manufacturing, health care, and technology entities located in the U.S., the U.K., Australia, South Africa, and Canada, with a spike in activity detected in December 2022 and March 2023. Phishing kits like Greatness offer thThe Hacker News
May 3, 2023
Phishing Campaign Targets Romanian Telecom Users Full Text
Abstract
Heimdal Security's SOC team has discovered an ongoing phishing campaign that seems to be aimed at customers of Romanian telecom providers. The fraudulent page requests the victims to submit their credit card information to cover a tax related to changing a delivery address. Experts recommend avoidi ... Read MoreCyware
May 2, 2023
Can Better Training Reduce the Success Rate of Phishing Attacks? Full Text
Abstract
A review of Arun Vishwanath, “The Weakest Link: How to Diagnose, Detect, and Defend Users From Phishing Attacks” (MIT Press, 2022)Lawfare
April 27, 2023
TA505 Allegedly Behind New Malware Deployed Using Fake Websites and Malvertising Full Text
Abstract
To trick unsuspecting users into downloading malware onto their systems, threat actors often used the Google advertisements platform to promote fake websites on legit software and application updates.Cyware
April 27, 2023
CryptoRom: OkCupid scam cost Florida man $480k – we followed the money to Binance Full Text
Abstract
CyberNews analyzed a classic cryptocurrency romance scam, also known as CryptoRom, explaining how scammers hid the money CryptoRom scammers hid the money with several layers of obfuscation, but the Cybernews research team discovered that the stolen...Security Affairs
April 27, 2023
OkCupid scam cost Florida man $480k – researchers followed the money to Binance Full Text
Abstract
Scammers had lured a victim from Florida into parting with $480,000 after cultivating a long-term relationship, eventually coaxing him into making cryptocurrency investments.Cyware
April 26, 2023
Scammers Use Over 3,000 Fake Facebook Profiles to Lure Victims Full Text
Abstract
Group-IB spotted a new phishing campaign targeting Facebook users, leveraging 3,200 fake profiles, in an attempt to steal account credentials from public figures, businesses, celebs, and others. The profiles were either created by the actors or were genuinely hacked accounts of users. Of these fake ... Read MoreCyware
April 21, 2023
Massive MitID SMS Phishing Campaign Tries to Phish Nordea Bank Customers Full Text
Abstract
The data analyzed so far suggests that the threat actor takes advantage of the MitID authentication mechanism in order to redirect the customer to a fake webpage for various malicious actions on target.Cyware
April 20, 2023
Phishing Scams Abusing Microsoft Teams and More Full Text
Abstract
Cybercriminals have become increasingly adept at designing new phishing tactics. Lately, a scam was found camouflaging as the legitimate Microsoft Teams login with the goal of tricking users into entering their login credentials.Cyware
April 20, 2023
Tax-Themed Phishing Attacks Proliferate During Tax Filing Season Full Text
Abstract
With the tax reason around, the frequency of campaigns related to taxes and accounting has increased with threats like Remcos RAT, Emotet, and GuLoader hovering to scam users. The IRS issued an advisory, urging taxpayers to be wary and vigilant of new tax-related scams.Cyware
April 19, 2023
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine Full Text
Abstract
Elite hackers associated with Russia's military intelligence service have been linked to large-volume phishing campaigns aimed at hundreds of users in Ukraine to extract intelligence and influence public discourse related to the war. Google's Threat Analysis Group (TAG), which is monitoring the activities of the actor under the name FROZENLAKE , said the attacks continue the "group's 2022 focus on targeting webmail users in Eastern Europe." The state-sponsored cyber actor, also tracked as APT28, Fancy Bear, Forest Blizzard, Iron Twilight, Sednit, and Sofacy, is both highly active and proficient. It has been active since at least 2009, targeting media, governments, and military entities for espionage. The latest intrusion set, starting in early February 2023, involved the use of reflected cross-site scripting ( XSS ) attacks in various Ukrainian government websites to redirect users to phishing domains and capture their credentials. The disclosure coThe Hacker News
April 19, 2023
Ukraine Facing Phishing Attacks, Information Operations Full Text
Abstract
The Russian government continues to use an array of phishing attacks and information operations, including hack-and-leak efforts, to support its invasion of Ukraine, researchers reported.Cyware
April 17, 2023
New QBot campaign delivered hijacking business correspondence Full Text
Abstract
Kaspersky researchers warn of a new QBot campaign leveraging hijacked business emails to deliver malware. In early April, Kaspersky experts observed a surge in attacks that QBot malware attacks (aka Qakbot, QuackBot, and Pinkslipbot). QBot has been...Security Affairs
April 17, 2023
New Captcha Protected Phishing Attack Targets Access to Payroll Files Full Text
Abstract
The phishing attack is hosted on a landing page at payroll-microsoft365-access-panel-2023[.]softr[.]app/ which redirects to azaleastays[.]com/devr365web2023/ once a button is clicked.Cyware
April 15, 2023
Massive malvertising campaign targets seniors via fake Weebly sites Full Text
Abstract
The malvertising campaign is run via Google ads aimed at seniors. The threat actor is creating hundreds of fake websites via Weebly to host decoy content to fool search engines and crawlers while redirecting victims to a fake computer alert.Cyware
April 13, 2023
Zelle Phishing Campaign Sends Spoofed Emails Full Text
Abstract
Zelle, the widely used and highly acclaimed money-transfer service, is now a prime target for cybercriminals. The simplicity of sending funds to friends or businesses through Zelle has made it appealing for hackers looking to cash in.Cyware
April 9, 2023
New Scam Alerts Users About YouTube Altering Policy Full Text
Abstract
A phishing scam has come to light that uses YouTube's genuine no-reply@youtube[.]com email address to trick users into revealing their login details. The phishing email write-up contains a YouTube video and text informing users about YouTube’s new monetization policy and new rules. Meanwhile, YouTu ... Read MoreCyware
April 07, 2023
Researchers Uncover Thriving Phishing Kit Market on Telegram Channels Full Text
Abstract
In yet another sign that Telegram is increasingly becoming a thriving hub for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns. "To promote their 'goods,' phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, 'What type of personal data do you prefer?'," Kaspersky web content analyst Olga Svistunova said in a report published this week. The links to these Telegram channels are distributed via YouTube, GitHub, and the phishing kits that are developed by the crooks themselves. The Russian cybersecurity firm said it detected over 2.5 million malicious URLs generated using phishing kits in the past six months. One of the prominent services offered is to provide threat actors with Telegram bots that automate the process of generating phishing pages and collecting user data. AlthoughThe Hacker News
April 6, 2023
Phishers migrate to Telegram Full Text
Abstract
Experts warn that Telegram is becoming a privileged platform for phishers that use it to automate their activities and for providing various services. Kaspersky researchers have published an analysis of phishers’ Telegram channels used to promote...Security Affairs
April 6, 2023
Beware of New YouTube Phishing Scam Using Authentic Email Address Full Text
Abstract
The phishing email content is similar to those seen in previous phishing scams, containing a YouTube video and a message informing users about YouTube’s new monetization policy and new rules.Cyware
March 30, 2023
AI chatbots making it harder to spot phishing emails, say experts Full Text
Abstract
AI allows you to craft very believable ‘spear-phishing’ emails and other written communication with very little effort, especially compared to what you have to do before.Cyware
March 28, 2023
Nigerian BEC Scammer Sentenced to Prison in US Full Text
Abstract
The man from Lagos participated in multiple BEC, credit card, work-from-home, check-cashing, and romance scams targeting banks, businesses, and individuals in the US and abroad, including First American Holding Company and MidFirst Bank.Cyware
March 25, 2023
New Instagram scam uses fake SHEIN gift cards as lure Full Text
Abstract
This social media scam begins with a comment from a random account on a user’s post, which congratulates the victim saying they’re one of the 2023 lucky ones selected to receive a SHEIN gift card.Cyware
March 24, 2023
Fake IRS tax email delivers Emotet malware Full Text
Abstract
In this case, Form W-9 is being used as a lure for people to download something sinister. The attachment, W-9 form.zip, is 709 KB in size. Opening the attachment reveals a Word document called W-9 form.doc that is over 500MB in size.Cyware
March 21, 2023
Threat actors are experimenting with QR codes Full Text
Abstract
Data collected by the HP Threat Research team shows that from Q2 2022, attackers have been diversifying their techniques to find new ways to breach devices and steal data using QR code scam campaigns.Cyware
March 17, 2023
FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps Full Text
Abstract
An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said . FakeCalls was previously documented by Kaspersky in April 2022, describing the malware's capabilities to imitate phone conversations with a bank customer support agent. In the observed attacks, users who install the rogue banking app are enticed into calling the financial institution by offering a fake low-interest loan. At the point where the phone call actually happens, a pre-recorded audio with instructions from the real bank is played. Simultaneously, the malware conceals the phone number with the bank's legitimate number to give the impression that a conversationThe Hacker News
March 17, 2023
SVB account holders targeted with phishing, scams Full Text
Abstract
After news broke late last week about Silicon Valley Bank’s bank run and collapse, security researchers started warning SVB account holders about incoming SVB-related scams and phishing attempts.Cyware
March 17, 2023
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware Full Text
Abstract
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware . "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis. While the first instance of clipper malware on the Google Play Store dates back to 2019, the development marks the first time Android-based clipper malware has been built into instant messaging apps. "Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware," the Slovak cybersecurity firm added. The attack chain begins with unsuspecting users clicking on fraudulent ads on Google search results that lead to hundreds of sketchy YouTube channels, which then direct themThe Hacker News
March 14, 2023
DEV-1101 Offers Phishing Kit for High-Volume AiTM Campaigns Full Text
Abstract
Microsoft Threat Intelligence stumbled across an open source adversary-in-the-middle (AiTM) phishing kit that furthers the ability of hackers to launch organized attacks and also scale it. The threat actor behind the kit is being tracked under the moniker DEV-1101. The kit’s features include settin ... Read MoreCyware
March 14, 2023
Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily Full Text
Abstract
An open source adversary-in-the-middle ( AiTM ) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging moniker DEV-1101 . An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's password and session cookies by deploying a proxy server between the user and the website. Such attacks are more effective owing to their ability to circumvent multi-factor authentication (MFA) protections. DEV-1101, per the tech giant, is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign. "The availability of such phishing kits for purchase by attackers is part of the industrialization of the cybercriminal economy and lowers the barrier ofThe Hacker News
March 14, 2023
DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns Full Text
Abstract
Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime...Security Affairs
March 12, 2023
New Email Threats by Exotic Lily Full Text
Abstract
ReliaQuest has laid bare the detail of a phishing campaign by IAB Exotic Lily wherein its members pretend to be a potential business opportunity. The attackers follow a well-established procedure that typically commences with initiating an open conversation with the victim. ReliaQuest adv ... Read MoreCyware
March 10, 2023
AI is taking phishing attacks to a whole new level of sophistication Full Text
Abstract
About 92% of organizations have fallen victim to successful phishing attacks in the last 12 months, while 91% of organizations have admitted to experiencing email data loss, according to Egress.Cyware
March 6, 2023
Digital Smoke: Massive Investment Fraud Scam Full Text
Abstract
Resecurity identified Digital Smoke, one of the largest investment scam networks, that has been defrauding netizens mostly from Europe, Asia, and Australia. The attackers impersonate Fortune 100 firms from the U.S. and the U.K. Most of the fraudulent schemes pertained to financial services, EV and ... Read MoreCyware
March 6, 2023
Multi-Year Spearphihing Campaign Against Maritime Industry Full Text
Abstract
EclecticIQ has revealed that a single connected threat cluster is most likely behind an attack campaign targeting the maritime industry with spearphishing emails to distribute different malware threats. In July 2022, the campaign shifted from Agent Tesla to Formbook using CAB file attachments. Howe ... Read MoreCyware
March 2, 2023
Cambodia-Based “Sour Grapes” Pig Butchering Scam Targets Southeast Asia Full Text
Abstract
The teams running these scams include a young man or woman acting as the face of the scam, keyboarders who keep the victim engaged, and a team generating and repurposing media content with fabricated proof of their backstory.Cyware
February 28, 2023
Resecurity identified the investment scam network ‘Digital Smoke’ Full Text
Abstract
Resecurity identified one of the largest investment fraud networks, tracked as Digital Smoke, by size and volume of operations. Resecurity identified one of the largest investment fraud networks by size and volume of operations created to defraud...Security Affairs
February 28, 2023
Investment Scam Network ‘Digital Smoke’ Impersonates Fortune 100 Corporations Full Text
Abstract
Resecurity identified one of the largest investment fraud networks by size and volume of operations defrauding users from Australia, Canada, China, Colombia, the EU, India, Singapore, Malaysia, UAE, Saudi Arabia, Mexico, the US, and other regions.Cyware
February 27, 2023
Fake Amazon Prime email abuses LinkedIn’s URL shortener Full Text
Abstract
Over the last few days, scammers have been sending out phishing emails that disguise bogus URLs with something called Slinks—shortened Linkedin URLs. Now, they're being used in a scam based on Amazon's popular Prime membership.Cyware
February 27, 2023
ChromeLoader campaign uses VHD files disguised as cracked games and pirated software Full Text
Abstract
Threat actors behind the ChromeLoader malware campaign are using VHD files disguised as popular games, experts warn. Researchers from Ahnlab Security Emergency Response Center (ASEC) recently uncovered a malware campaign distributing the ChromeLoader...Security Affairs
February 22, 2023
Attackers Flood NPM Repository with Over 15,000 Spam Packages Containing Phishing Links Full Text
Abstract
In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report. "The attackers referred to retail websites using referral IDs, thus profiting from the referral rewards they earned." The modus operandi involves poisoning the registry with rogue packages that include links to phishing campaigns in their README.md files, evocative of a similar campaign the software supply chain security firm exposed in December 2022. The fake modules masqueraded as cheats and free resources, with some packages named as "free-tiktok-followers," "free-xbox-codes," and "instagram-followers-free." The ultimate goal of the operation is to entice userThe Hacker News
February 19, 2023
Scammers Found Exploiting YouTube to Launch Crypto Scams Full Text
Abstract
Researchers discovered a massive network of fake YouTube videos that cybercriminals are using to launch crypto scams. These fake videos advertise fraudulent web-based apps for USDT. To make the channels look legitimate, threat actors automated copy-pasting comments to videos. Many of these vid ... Read MoreCyware
February 16, 2023
Hackers Using Google Ads to Spread FatalRAT Malware Disguised as Popular Apps Full Text
Abstract
Chinese-speaking individuals in Southeast and East Asia are the targets of a new rogue Google Ads campaign that delivers remote access trojans such as FatalRAT to compromised machines. The attacks involve purchasing ad slots to appear in Google search results that direct users searching for popular applications to rogue websites hosting trojanized installers, ESET said in a report published today. The ads have since been taken down. Some of the spoofed applications include Google Chrome, Mozilla Firefox, Telegram, WhatsApp, LINE, Signal, Skype, Electrum, Sogou Pinyin Method, Youdao, and WPS Office. "The websites and installers downloaded from them are mostly in Chinese and in some cases falsely offer Chinese language versions of software that is not available in China," the Slovak cybersecurity firm said , adding it observed the attacks between August 2022 and January 2023. A majority of the victims are located in Taiwan, China, and Hong Kong, followed by Malaysia, JapaThe Hacker News
February 8, 2023
Crypto Drainer Scam Lures Unwitting Users into Giving Away their Funds Full Text
Abstract
Threat actors are providing pre-made, counterfeit cryptocurrency webpages that are being used as phishing baits under a malicious campaign dubbed Crypto Drainer to steal assets from wallets. These phishing pages purport to mint non-fungible tokens (NFTs) and use third-party services and application ... Read MoreCyware
January 23,2023
Massive Ad Fraud Scheme Targeted Over 11 Million Devices with 1,700 Spoofed Apps Full Text
Abstract
Researchers have shut down an "expansive" ad fraud scheme that spoofed more than 1,700 applications from 120 publishers and impacted roughly 11 million devices. "VASTFLUX was a malvertising attack that injected malicious JavaScript code into digital ad creatives, allowing the fraudsters to stack numerous invisible video ad players behind one another and register ad views," fraud prevention firm HUMAN said . The operation gets its name from the use of a DNS evasion technique called Fast Flux and VAST , a Digital Video Ad Serving Template that's employed to serve ads to video players. The sophisticated operation particularly exploited the restricted in-app environments that run ads on iOS to place bids for displaying ad banners. Should the auction be won, the hijacked ad slot is leveraged to inject rogue JavaScript that establishes contact with a remote server to retrieve the list of apps to be targeted. This includes the bundle IDs that belong to legThe Hacker News
January 23, 2023
Massive Ad fraud scheme VASTFLUX targeted over 11 million devices Full Text
Abstract
Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The...Security Affairs
January 17, 2023
Hackers use fear of mobilization to target Russians with phishing attacks Full Text
Abstract
In a phishing campaign described by the Russian cybersecurity channel In2security on Telegram and confirmed by researchers from Kaspersky Lab, attackers used a phishing website and Telegram bot to collect personal data from Russian users.Cyware
January 16, 2023
Address Poisoning Scam Hits MetaMask Users Full Text
Abstract
MetaMask, the cryptocurrency wallet provider, disclosed a new scam baiting its users into sending funds to scammers’ wallet addresses. The address poisoning technique used by scammers relies on similarity to the original recipients’ addresses. Creating an address that closely matches a target addre ... Read MoreCyware
January 9, 2023
Phishing campaign targets government institution in Moldova Full Text
Abstract
The government institutions of Moldova have been hit by a wave of phishing attacks since the country offered support to Ukraine. The government institutions of Moldova have been hit by a wave of phishing attacks, threat actors sent more than 1,330...Security Affairs
January 9, 2023
Facebook Termination Notices Leads to Phishing Full Text
Abstract
In this phishing attack campaign, hackers purporting to be from Facebook are sending fake copyright infringement notices in the hopes of luring users to give their credentials.Cyware
January 5, 2023
Flipper Zero Phishing Attacks Eye Infosec Community Full Text
Abstract
A phishing campaign by an actor group has been spotted taking advantage of the increasing interest of the security community in the Flipper Zero tool, a multi-functional portable cybersecurity tool. They are creating fake shops to fool security experts into giving up their personal details and cryp ... Read MoreCyware
January 2, 2023
RedZei Chinese Scammers Targeting Chinese Students in the U.K. Full Text
Abstract
Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief). "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation," cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up published last week. The most notable aspect about the operation is the steps taken by the threat actors to bypass steps taken by users to prevent scam calls, using a new pay-as-you-go U.K. phone number for each wave so as to render phone number-based blocking ineffective. Thomas, pointing out the meticulous tradecraft employed by the scammers, said the threat actor alternates between SIMs from several mobile carriers such as Three, O2, EE, Tesco Mobile, and Telia. Indications are that the lucrative RedZei campaign may have started as far back as August 2019, with a report from TheThe Hacker News
December 31, 2022
Malvertising campaign MasquerAds abuses Google Ads Full Text
Abstract
Experts warn of a new Malvertising Campaign abusing Google Ads that targets users searching for popular software. Guardio Labs researchers uncovered a malvertising campaign, tracked as MasquerAds and attributed to a threat actor known as Vermux, that...Security Affairs
December 27, 2022
Crooks impersonate brands using search engine advertisement services Full Text
Abstract
The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites...Security Affairs
December 21, 2022
Conti Team One Splinter Group Resurfaces as Royal Ransomware with Callback Phishing Attacks Full Text
Abstract
The threat actors running the ransomware — who used to be a part of Conti Team One, according to a mind map shared by Vitali Kremez — initially dubbed it Zeon ransomware, until they rebranded it to Royal ransomware.Cyware
December 20, 2022
DarkTortilla Masquerades Grammarly, Cisco For Phishing Attacks Full Text
Abstract
Security analysts at Cyble observed two phishing sites imitating Grammarly and Cisco to distribute the DarkTortilla malware. The malware is capable of adding more RAT and stealer payloads, such as AgentTesla, AsyncRAT, NanoCore, and others to an infected system. The complex .NET-based malware has b ... Read MoreCyware
December 19, 2022
Highly Sophisticated DarkTortilla Malware Spreads via Phishing Sites Disguising as Cisco and Grammarly Full Text
Abstract
Security researchers described DarkTortilla’s spreads to users through spam emails with malicious attachments. However, CRIL discovered that the Threat Actors responsible for DarkTortilla had built phishing websites to spread the malware.Cyware
December 15, 2022
Laying Bare Charming Kitten’s Massive Campaign Full Text
Abstract
New phishing techniques by APT42, or Charming Kitten, have come to light that includes compromised accounts, malware, and confrontational lures. The researchers observed at least 60 campaigns this year, which relied on benign conversations to initiate contact with targets.Cyware
December 15, 2022
Operation LiberalFace Targeted Japanese Political Entities Before Elections Full Text
Abstract
ESET researchers discovered a spearphishing campaign targeting Japanese political entities a few weeks before the House of Councillors elections, and in the process uncovered a previously undescribed MirrorFace credential stealerCyware
December 15, 2022
Phishing attack uses Facebook posts to evade email security Full Text
Abstract
A new phishing campaign uses Facebook posts as part of its attack chain to trick users into giving away their account credentials and personally identifiable information (PII).BleepingComputer
December 14, 2022
Open-source repositories flooded by 144,000 phishing packages Full Text
Abstract
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.BleepingComputer
December 09, 2022
Rackspace warns of phishing risks following ransomware attack Full Text
Abstract
Cloud computing provider Rackspace warned customers on Thursday of increased risks of phishing attacks following a ransomware attack affecting its hosted Microsoft Exchange environment.BleepingComputer
December 8, 2022
Direct Deposit Scams Around Holiday Scam Full Text
Abstract
Though this happens all the time, the fact that we're seeing an influx around the holiday is an interesting trend. It means that hackers are actively targeting people when they are likely to spend their money the most.Cyware
December 07, 2022
Elon Musk “Freedom Giveaway” crypto scam promoted via Twitter lists Full Text
Abstract
Twitter accounts giving Elon Musk a follow are being targeted in a crypto giveaway scam dubbed 'Freedom Giveaway.'BleepingComputer
December 7, 2022
Infected WordPress Plugins Redirect to Push Notification Scam Full Text
Abstract
Instead of leveraging the typical base64 encoding to evade detection, the attacker was adding variations of a PHP function to normal plugin files which decoded hex2dec from a second file containing a hexadecimal payload.Cyware
December 07, 2022
Elon Musk’s Twitter followers targeted in fake crypto giveaway scam Full Text
Abstract
Twitter accounts giving Elon Musk a follow are being targeted in a crypto giveaway scam dubbed 'Freedom Giveaway.'BleepingComputer
December 5, 2022
Chinese Gambling Spam Targets World Cup Keywords Full Text
Abstract
The attack affects mostly Chinese websites, but we’ve found a number of western websites also affected by the malicious injections. According to PublicWWW data, the number of infected sites exceeds 50,000 at the time of writing.Cyware
December 2, 2022
Nigeria-based group ‘Lilac Wolverine’ using COVID-19, emotional lures in BEC scams Full Text
Abstract
A cybercrime group based in Nigeria is targeting businesses in the United States and Western Europe with a plethora of scam emails as part of a larger campaign of business email compromise (BEC) attacks.The Record
November 28, 2022
FC Barcelona’s Website Used by Scammers for Fraud Full Text
Abstract
According to Adex, the threat actors used the club website to increase traffic to a likely fraudulent online gaming website. FC Barcelona’s website is visited monthly by 5.4 million people and ranks among the most visited football clubs.Heimdal Security
November 23, 2022
Fake MSI Afterburner targets Windows gamers with miners, info-stealers Full Text
Abstract
Windows gamers and power users are being targeted by fake MSI Afterburner download portals to infect users with cryptocurrency miners and the RedLine information-stealing malware.BleepingComputer
November 23, 2022
Ducktail hackers now use WhatsApp to phish for Facebook Ad accounts Full Text
Abstract
A cybercriminal operation tracked as Ducktail has been hijacking Facebook Business accounts causing losses of up to $600,000 in advertising credits.BleepingComputer
November 22, 2022
Attackers Impersonate Reputed Brands Ahead of Holiday Season Full Text
Abstract
Check Point researchers observed a malicious phishing email campaign designed to target users looking for the Black Friday sale. A massive surge in TrojanOrders attacks was also reported.Cyware Alerts - Hacker News
November 22, 2022
Tesco Gift Card scam explained Full Text
Abstract
In this scam campaign, the scammers are trying to victimize visitors by claiming that they can receive a 100, 200, 400, or 500 dollar Tesco gift card by simply following some instructions which are given on the scam website.Cyberwarzone
November 21, 2022
Analysis of Luna Moth Callback Phishing Campaign Full Text
Abstract
In this campaign, attackers use legitimate and trusted systems management tools to interact directly with a victim’s computer, to manually exfiltrate data to be used for extortion.Palo Alto Networks
November 21, 2022
Earth Preta Targets Multiple Sectors With Large-Scale Spear-Phishing Full Text
Abstract
According to Trend Micro researchers, Earth Preta is targeting government, academic, foundations, and research sectors in Myanmar, Australia, the Philippines, Japan, Taiwan, and other Asia Pacific countries.Cyware Alerts - Hacker News
November 18, 2022
China-based Fangxiao group behind a long-running phishing campaign Full Text
Abstract
A China-based financially motivated group, tracked as Fangxiao, is behind a large-scale phishing campaign dating back as far as 2019. Researchers from Cyjax reported that a China-based financially motivated group, dubbed Fangxiao, orchestrated a large-scale...Security Affairs
November 17, 2022
Phishing kit impersonates well-known brands to target US shoppers Full Text
Abstract
A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween.BleepingComputer
November 17, 2022
Chinese Hackers Using 42,000 Imposter Domains in Massive Phishing Attack Campaign Full Text
Abstract
A China-based financially motivated group is leveraging the trust associated with popular international brands to orchestrate a large-scale phishing campaign dating back as far as 2019. The threat actor, dubbed Fangxiao by Cyjax, is said to have registered over 42,000 imposter domains , with initial activity observed in 2017. "It targets businesses in multiple verticals including retail, banking, travel, and energy," researchers Emily Dennison and Alana Witten said . "Promised financial or physical incentives are used to trick victims into further spreading the campaign via WhatsApp." Users clicking on a link sent through the messaging app are directed to an actor-controlled site, which, in turn, sends them to a landing domain impersonating a well-known brand, from where the victims are once again taken to sites distributing fraudulent apps and bogus rewards. These sites prompt the visitors to complete a survey to claim cash prizes, in exchange for which theThe Hacker News
November 17, 2022
QBot phishing abuses Windows Control Panel EXE to infect devices Full Text
Abstract
Phishing emails distributing the QBot malware are using a DLL hijacking flaw in the Windows 10 Control Panel to infect computers, likely as an attempt to evade detection by security software.BleepingComputer
November 14, 2022
Massive Black hat SEO campaign used +15K WordPress sites Full Text
Abstract
Experts warn of a malicious SEO campaign that has compromised over 15,000 WordPress websites to redirect visitors to fake Q&A portals. Since September 2022, researchers from security firm Sucuri have tracked a surge in WordPress malware redirecting...Security Affairs
November 14, 2022
42,000 sites used to trap users in brand impersonation scheme Full Text
Abstract
A malicious for-profit group named 'Fangxiao' has created a massive network of over 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways.BleepingComputer
November 14, 2022
Scammers Impersonate Financial Regulators to Steal Personal and Banking Data Full Text
Abstract
Kaspersky uncovered two scam campaigns purporting to be from online marketplaces, video streaming services, and government agencies to steal personal and banking data from victims. The attackers did not create any website and just hoped that the victim will agree to discuss their investments first ... Read MoreCyware Alerts - Hacker News
November 12, 2022
New extortion scam threatens to damage sites’ reputation, leak data Full Text
Abstract
An active extortion scam is targeting website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.BleepingComputer
November 11, 2022
New phishing campaign posing as Spain’s Tax Agency Full Text
Abstract
The phishing attempt starts out via a fraudulent SMS that notifies victims of a supposed reimbursement that they qualify for. According to the SMS, all they need to do to receive the reimbursement is to fill out a form on the agency's website.Avast
November 11, 2022
Scammers pretend to be financial regulators Full Text
Abstract
Kaspersky uncovered two separate scams in which cybercriminals impersonate financial regulators investigating fraud. Under this pretext, they extract an array of personal information from their hapless victims.Kaspersky Lab
November 10, 2022
Phishing drops IceXLoader malware on thousands of home, corporate devices Full Text
Abstract
A ongoing phishing campaign has infected thousands of home and corporate users with a new version of the 'IceXLoader' malware.BleepingComputer
November 10, 2022
An $8 mess — Twitter Blue ‘verified’ accounts push crypto scams Full Text
Abstract
Twitter has officially rolled out its Twitter Blue program for an $8 monthly fee that confers upon the Tweeter multiple benefits, including the much-sought blue badge. But, all this has led to its own set of problems, such as threat actors now impersonating famous people and still being granted a "verified" status.BleepingComputer
November 8, 2022
Robin Banks Receives Update with New Tools And Evasion Techniques Full Text
Abstract
Robin Banks, of late, has gone through a major transformation. The Phishing-as-a-Service (PhaaS) platform has introduced several new features, including a cookie-stealing capability. Additionally, hackers can now fully access their phishing kit at $1,500 per month. The latest developments sugg ... Read MoreCyware Alerts - Hacker News
November 7, 2022
Robin Banks phishing-as-a-service platform continues to evolve Full Text
Abstract
The phishing-as-a-service (PhaaS) platform Robin Banks migrated its infrastructure to DDoS-Guard, a Russian bulletproof hosting service. The phishing-as-a-service (PhaaS) platform Robin Banks was originally hosted by Cloudflare provider, but the company...Security Affairs
November 07, 2022
Robin Banks Phishing Service for Cybercriminals Returns with Russian Server Full Text
Abstract
A phishing-as-a-service (PhaaS) platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet. Robin Banks was first documented in July 2022 when the platform's abilities to offer ready-made phishing kits to criminal actors were revealed, making it possible to steal the financial information of customers of popular banks and other online services. It was also found to prompt users to enter Google and Microsoft credentials on rogue landing pages, suggesting an attempt on part of the malware authors to monetize initial access to corporate networks for post-exploitation activities such as espionage and ransomware. In recent months, Cloudflare's decision to blocklist its infrastructThe Hacker News
November 7, 2022
Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers Full Text
Abstract
In 2022, we are dealing with a different breed of hacker. They aren’t just targeting sub-optimal phone security or taking advantage of exploitable systems – they understand the end user (you and me). They know how we think and what we’ll do.Help Net Security
November 7, 2022
Abusing Microsoft Dynamics 365 Customer Voice in phishing attacks Full Text
Abstract
Researchers uncovered a campaign abusing Microsoft Dynamics 365 customer voice to steal credentials from the victims. Microsoft's Dynamics 365 Customer Voice product allows organizations to gain customer feedback, it is used to conduct customer satisfaction...Security Affairs
November 4, 2022
Abusing Microsoft Customer Voice to Send Phishing Links Full Text
Abstract
In this attack, hackers are leveraging legitimate links from Microsoft notifications to send credential-harvesting pages. Avanan has seen hundreds of these attacks in the last few weeks.Avanan
November 04, 2022
Robin Banks phishing service returns to steal banking accounts Full Text
Abstract
The Robin Banks phishing-as-a-service (PhaaS) platform is back in action with infrastructure hosted by a Russian internet company that offers protection against distributed denial-of-service (DDoS) attacks.BleepingComputer
November 04, 2022
As Twitter brings on $8 fee, phishing emails target verified accounts Full Text
Abstract
As Twitter announces plans to charge users $8 a month for Twitter Blue and verification under Elon Musk's management, BleepingComputer has come across several phishing emails targeting verified users.BleepingComputer
November 02, 2022
These Android Apps with a Million Play Store Installations Redirect Users to Malicious Sites Full Text
Abstract
A set of four Android apps released by the same developer has been discovered directing victims to malicious websites as part of an adware and information-stealing campaign. The apps, published by a developer named Mobile apps Group and currently available on the Play Store, have been collectively downloaded over one million times. According to Malwarebytes , the websites are designed to generate revenues through pay-per-click ads, and worse, prompt users to install cleaner apps on their phones with the goal of deploying additional malware. The list of apps is as follows - Bluetooth App Sender (com.bluetooth.share.app) - 50,000+ downloads Bluetooth Auto Connect (com.bluetooth.autoconnect.anybtdevices) - 1,000,000+ downloads Driver: Bluetooth, Wi-Fi, USB (com.driver.finder.bluetooth.wifi.usb) - 10,000+ downloads Mobile transfer: smart switch (com.mobile.faster.transfer.smart.switch) - 1,000+ downloads It's no surprise that malicious apps have devised new ways to geThe Hacker News
October 28, 2022
New LinkedIn Phishing Campaign Bypasses Google Protection Full Text
Abstract
The phishing campaign targeted 500 mailboxes of employees from a national travel organization. The email comes with the subject line - "We noticed some unusual activity" - pretending to be from LinkedIn.Cyware Alerts - Hacker News
October 27, 2022
LinkedIn Phishing Spoof Bypasses Google Workspace Security Full Text
Abstract
A phishing email purportedly from LinkedIn with the subject line "We noticed some unusual activity" was discovered targeting users at a travel organization, in an attempt to pilfer their credentials on the social media platform.Dark Reading
October 23, 2022
Thousands of GitHub repositories deliver fake PoC exploits with malware Full Text
Abstract
Researchers at the Leiden Institute of Advanced Computer Science found thousands of repositories on GitHub that offer fake proof-of-concept (PoC) exploits for various vulnerabilities, some of them including malware.BleepingComputer
October 23, 2022
Typosquat campaign mimics 27 brands to push Windows, Android malware Full Text
Abstract
A massive, malicious campaign is underway using over 200 typosquatting domains that impersonate twenty-seven brands to trick visitors into downloading various Windows and Android malware.BleepingComputer
October 17, 2022
Ducktail Tricks Victims to Steal Facebook Admin Credentials Full Text
Abstract
A newly-launched phishing campaign by Ducktail operators is spreading malware via fake lures for games, subtitle files, adult videos, and cracked MS Office applications. The info-stealer, written in PHP, focuses on stealing Facebook account data and any valuable information stored in users’ account ... Read MoreCyware Alerts - Hacker News
October 12, 2022
Phishing Campaigns Made Easy, Courtesy Caffeine Full Text
Abstract
A new phishing-as-a-service, dubbed Caffeine, was found offering an open registration and customer service support for newbies to help the launch their own campaign. It's a bit pricy but what makes Caffeine subscription 3–5 times costlier than its contemporaries is that it offers anti-detectio ... Read MoreCyware Alerts - Hacker News
October 12, 2022
Hackers Using Vishing to Trick Victims into Installing Android Banking Malware Full Text
Abstract
Malicious actors are resorting to voice phishing (vishing) tactics to dupe victims into installing Android malware on their devices, new research from ThreatFabric reveals. The Dutch mobile security company said it identified a network of phishing websites targeting Italian online-banking users that are designed to get hold of their contact details. Telephone-oriented attack delivery (TOAD), as the social engineering technique is called, involves calling the victims using previously collected information from fraudulent websites. The caller, who purports to be a support agent for the bank, instructs the individual, on the other hand, to install a security app and grant it extensive permissions, when, in reality, it's malicious software intended to gain remote access or conduct financial fraud. In this case, it leads to the deployment of an Android malware dubbed Copybara , a mobile trojan first detected in November 2021 and is primarily used to perform on-device fraud via oThe Hacker News
October 12, 2022
Google Forms abused in new COVID-19 phishing wave in the U.S. Full Text
Abstract
COVID-19-themed phishing messages are once again spiking in the U.S. following a prolonged summer hiatus that appears to be over.BleepingComputer
October 11, 2022
BazarCall Callback Phishing Attacks Constantly Evolving Its Social Engineering Tactics Full Text
Abstract
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage payloads such as ransomware, cybersecurity company Trellix said in a report published last week. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K. BazaCall , also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor (aka BazarLoader) malware by manipulating potential victims into calling a phone number specified in decoy email messages. These email baits aim to create a false sense of urgency, informing the recipients about renewal of a trial subscription for, say, an antivirus service. The messages also urge them to contact their support desk to cancel the plan, or risk getting automatThe Hacker News
October 11, 2022
Caffeine, a new Phishing-as-a-Service toolkit available in the underground Full Text
Abstract
Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine....Security Affairs
October 11, 2022
Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals Full Text
Abstract
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant said in a new report. Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns. The development comes a little over a month after Resecurity took the wraps off another PhaaS service dubbed EvilProxy that's offered for sale on dark web criminal forums. But unlike EvilProxy, whose operators are known to vet prospective customers before activating the subscriptions, Caffeine is notable for running an oThe Hacker News
October 11, 2022
Caffeine Phishing-as-a-Service Platform Offers Open Registration and Customer Service Support for Attackers Full Text
Abstract
This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns.Mandiant
October 10, 2022
Caffeine service lets anyone launch Microsoft 365 phishing attacks Full Text
Abstract
A phishing-as-a-service (PhaaS) platform named 'Caffeine' makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns.BleepingComputer
October 09, 2022
Fake adult sites push data wipers disguised as ransomware Full Text
Abstract
Malicious adult websites push fake ransomware which, in reality, acts as a wiper that quietly tries to delete almost all of the data on your device.BleepingComputer
October 08, 2022
Callback phishing attacks evolve their social engineering tactics Full Text
Abstract
The BazarCall malicious operation has evolved its social engineering methods, keeping the old fake charges lure for the first phase of the attack but then switching to pretending to help the victim deal with an infection or hack.BleepingComputer
October 8, 2022
Toyota Warns Thousands of Customers That They May Get Scam Emails After Data Leak Full Text
Abstract
Around 296,000 pieces of customer information from the T-Connect service might have been leaked. Toyota released a statement warning its customers that they may be at risk of receiving phishing scams or unsolicited emails to their email addresses.Gizmodo
October 7, 2022
Water Labbu Hijacks Crypto Transactions from Scam Websites Full Text
Abstract
Water Labbu, a new threat actor, was observed targeting cryptocurrency scam websites to steal cryptocurrency from the wallets of other scammers through malicious DApps. The profit made by the attacker is believed to be $316,728, looking at the transactions from nine victims. Experts suggest that us ... Read MoreCyware Alerts - Hacker News
October 04, 2022
Popular YouTube Channel Caught Distributing Malicious Tor Browser Installer Full Text
Abstract
A popular Chinese-language YouTube channel has emerged as a means to distribute a trojanized version of a Windows installer for the Tor Browser. Kaspersky dubbed the campaign OnionPoison , with all of the victims located in China. The scale of the attack remains unclear, but the Russian cybersecurity company said it detected victims appearing in its telemetry in March 2022. The malicious version of the Tor Browser installer is being distributed via a link present in the description of a video that was uploaded to YouTube on January 9, 2022. It has been viewed over 64,500 times to date. The channel hosting the video has 181,000 subscribers and claims to be based in Hong Kong. The video is still available to watch on the social media platform as of writing. The attack banks on the fact that the actual Tor Browser website is blocked in China, thus tricking unsuspecting users searching for "Tor浏览器" (i.e., Tor Browser in Chinese) on YouTube into potentially downloading thThe Hacker News
October 03, 2022
Web browser app mode can be abused to make desktop phishing pages Full Text
Abstract
The app mode in Chromium-based browsers like Google Chrome and Microsoft Edge can be abused to create realistic-looking login screens that appear as desktop apps.BleepingComputer
September 30, 2022
Fake US govt job offers push Cobalt Strike in phishing attacks Full Text
Abstract
A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices.BleepingComputer
September 30, 2022
Fake CISO Profiles on LinkedIn Target Fortune 500s – Krebs on Security Full Text
Abstract
The fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.Krebs on Security
September 29, 2022
Microsoft improves phishing protection in Windows 11 22H2 Full Text
Abstract
The enhanced phishing protection automatically detects when a user types their password into an app or website and knows immediately whether the app or site has a secure connection to a trusted website.The Register
September 28, 2022
New campaign uses government, union-themed lures to deliver Cobalt Strike beacons Full Text
Abstract
The lure themes in the phishing documents in this campaign are related to the job details of a government organization in the United States and a trade union in New Zealand.Cisco Talos
September 27, 2022
Lazarus hackers drop macOS malware via Crypto.com job offers Full Text
Abstract
The North Korean Lazarus hacking group is now using fake 'Crypto.com' job offers to hack developers and artists in the crypto space, likely with a long-term goal of stealing digital assets and cryptocurrency.BleepingComputer
September 26, 2022
Spam email campaign targeting businesses delivers the Agent Tesla stealer Full Text
Abstract
In a new malspam campaign, someone posing as a Malaysian prospect and using a fairly odd variety of English, asks the recipient to review some customer requirements and get back with the requested documents.Securelist
September 24, 2022
SEO poisoning campaign directs search engine visitors from multiple industries to JavaScript malware Full Text
Abstract
Researchers have discovered a high-effort search engine optimization (SEO) poisoning campaign that seems to be targeting employees from multiple industries and government sectors when they search for specific terms that are relevant to their work.CSO Online
September 23, 2022
Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts Full Text
Abstract
GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps platform. The Microsoft-owned code hosting service said it learned of the attack on September 16, 2022, adding the campaign impacted "many victim organizations." The fraudulent messages claim to notify users that their CircleCI sessions have expired and that they should log in using GitHub credentials by clicking on a link. Another bogus email revealed by CircleCI prompts users to sign in to their GitHub accounts to accept the company's new Terms of Use and Privacy Policy by following the link embedded in the message. Regardless of the lure, doing so redirects the target to a lookalike GitHub login page designed to steal and exfiltrate the entered credentials as well as the Time-based One Time Password (TOTP) codes in real-time to the attacker, effectively allowingThe Hacker News
September 22, 2022
Microsoft Exchange servers hacked via OAuth apps for phishing Full Text
Abstract
Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails.BleepingComputer
September 21, 2022
LinkedIn Smart Links abused in evasive email phishing attacks Full Text
Abstract
Phishing actors are abusing LinkedIn's Smart Link feature to bypass email security products and successfully redirect targeted users to phishing pages that steal login credentials.BleepingComputer
September 19, 2022
Microsoft 365 phishing attacks impersonate U.S. govt agencies Full Text
Abstract
An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents.BleepingComputer
September 19, 2022
Microsoft Warns of Large-Scale Click Fraud Campaign Targeting Gamers Full Text
Abstract
Microsoft said it's tracking an ongoing large-scale click fraud campaign targeting gamers by means of stealthily deployed browser extensions on compromised systems. "[The] attackers monetize clicks generated by a browser node-webkit or malicious browser extension secretly installed on devices," Microsoft Security Intelligence said in a sequence of tweets over the weekend. The tech giant's cybersecurity division is tracking the developing threat cluster under the name DEV-0796. Attach chains mounted by the adversary commence with an ISO file that's downloaded onto a victim's machine upon clicking on a malicious ad or comments on YouTube. The ISO file, when opened, is designed to install a browser node-webkit (aka NW.js ) or rogue browser extension. It's worth noting that the ISO file masquerades as hacks and cheats for the Krunker first-person shooter game. Cheats are programs that help gamers gain an added advantage beyond the available capabiliThe Hacker News
September 16, 2022
Fake cryptocurrency giveaway sites have tripled this year Full Text
Abstract
The number of websites promoting cryptocurrency giveaway scams to lure gullible victims has increased by more than 300% in the first half of this year, targeting mostly English and Spanish speakers using celebrity deepfakes.BleepingComputer
September 15, 2022
Token-Mining Weakness in Microsoft Teams Makes for Perfect Phish Full Text
Abstract
According to an advisory by Vectra, access tokens for other Teams users can be recovered, allowing attackers to move from a single compromise to the ability to impersonate critical employees, but Microsoft isn't planning to patch.Dark Reading
September 15, 2022
Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks Full Text
Abstract
Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait...Security Affairs
September 14, 2022
Gay hookup site typosquatted to push dodgy Chrome extensions, scams Full Text
Abstract
Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with many typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription.BleepingComputer
September 14, 2022
Gay hookup site typosquatted by 50 domains to push dodgy Chrome extensions Full Text
Abstract
Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with many typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription.BleepingComputer
September 14, 2022
Death of Queen Elizabeth II exploited to steal Microsoft credentials Full Text
Abstract
Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials.BleepingComputer
September 14, 2022
Phishers take aim at Facebook page owners Full Text
Abstract
Phishers are looking to trick owners of Facebook pages with fake notices from the social network (i.e., Meta, the company behind Facebook, Instagram and WhatsApp), in an attempt to get them to part with sensitive information.Help Net Security
September 14, 2022
Phishing page embeds keylogger to steal passwords as you type Full Text
Abstract
A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them.BleepingComputer
September 13, 2022
Hackers now use ‘sock puppets’ for more realistic phishing attacks Full Text
Abstract
An Iranian-aligned hacking group uses a new, elaborate phishing technique involving multiple personas and email accounts to lure targets into opening malicious documents.BleepingComputer
September 10, 2022
Scammers live-streamed on YouTube a fake Apple crypto event Full Text
Abstract
Scammers live-streamed on YouTube an old interview with Tim Cook as part of a fake Apple crypto event, and tens of thousands of users viewed it. Cybercriminals were live-streaming on YouTube an old interview with Tim Cook as part of a fake Apple crypto...Security Affairs
September 09, 2022
Lampion malware returns in phishing attacks abusing WeTransfer Full Text
Abstract
The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns.BleepingComputer
September 06, 2022
New EvilProxy Phishing Service Allowing Cybercriminals to Bypass 2-Factor Security Full Text
Abstract
A new phishing-as-a-service (PhaaS) toolkit dubbed EvilProxy is being advertised on the criminal underground as a means for threat actors to bypass two-factor authentication (2FA) protections employed against online services. "EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA authentication – proxifying victim's session," Resecurity researchers said in a Monday write-up. The platform generates phishing links that are nothing but cloned pages designed to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others. EvilProxy is similar to adversary-in-the-middle ( AiTM ) attacks in that users interact with a malicious proxy server that acts as a go-between for the target website, covertly harvesting the credentials and 2FA passcodes entered in the login pages. It's offered on a subscription basis per serviceThe Hacker News
September 05, 2022
New EvilProxy service lets all hackers use advanced phishing tactics Full Text
Abstract
A reverse-proxy Phishing-as-a-Service (PaaS) platform called EvilProxy has emerged, promising to steal authentication tokens to bypass multi-factor authentication (MFA) on Apple, Google, Facebook, Microsoft, Twitter, GitHub, GoDaddy, and even PyPI.BleepingComputer
September 5, 2022
EvilProxy Phishing-As-A-Service With MFA Bypass Emerged In Dark Web Full Text
Abstract
Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Original post: https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Following...Security Affairs
September 5, 2022
EvilProxy Phishing-as-a-Service with MFA Bypass Capability Emerged in the Dark Web Full Text
Abstract
Early occurrences of EvilProxy have been initially identified in connection to attacks against Google and MSFT customers who have MFA enabled on their accounts – either with SMS or Application Token.Resecurity
September 4, 2022
A new phishing scam targets American Express cardholders Full Text
Abstract
Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The messages use a malicious...Security Affairs
September 02, 2022
JuiceLedger Hackers Behind the Recent Phishing Attacks Against PyPI Users Full Text
Abstract
More details have emerged about the operators behind the first-known phishing campaign specifically aimed at the Python Package Index (PyPI), the official third-party software repository for the programming language. Connecting it to a threat actor tracked as JuiceLedger , cybersecurity firm SentinelOne, along with Checkmarx, described the group as a relatively new entity that surfaced in early 2022. Initial "low-key" campaigns are said to have involved the use of rogue Python installer applications to deliver a .NET-based malware called JuiceStealer that's engineered to siphon passwords and other sensitive data from victims' web browsers. The attacks received a significant facelift last month when the JuiceLedger actors targeted PyPi package contributors in a phishing campaign, resulting in the compromise of three packages with malware. "The supply chain attack on PyPI package contributors appears to be an escalation of a campaign begun earlier in thThe Hacker News
September 01, 2022
Thousands lured with blue badges in Instagram phishing attack Full Text
Abstract
A new Instagram phishing campaign is underway, attempting to scam users of the popular social media platform by luring them with a blue-badge offer.BleepingComputer
August 30, 2022
First Known Phishing Campaign Against PyPI Full Text
Abstract
The attackers send security-themed emails creating a false sense of urgency. The lure included informing targets that Google is executing a mandatory validation process on all packages.Cyware Alerts - Hacker News
August 29, 2022
Scammers used a deepfake AI hologram of Binance executive to scam crypto projects Full Text
Abstract
Scammers used a deepfake AI hologram of the Binance chief communications officer for fraudulent activities. Patrick Hillmann, chief communications officer of Binance, confirmed that scammers used his Deepfake AI hologram to trick users into online...Security Affairs
August 28, 2022
Experts warn of the first known phishing attack against PyPI Full Text
Abstract
The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The Python Package Index, PyPI, this week warned of an ongoing phishing campaign that aims to steal developer credentials...Security Affairs
August 26, 2022
0ktapus phishing campaign: Twilio hackers targeted other 136 organizations Full Text
Abstract
The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign...Security Affairs
August 25, 2022
CFO Spoofed in Convincing Business Email Compromise Scam Full Text
Abstract
The targeted users are presented with a phishing email from the CFO of a major corporation. The CFO asks the recipient of the email to make a payment to an insurance company.Avanan
August 25, 2022
Twilio hackers hit over 130 orgs in massive Okta phishing attack Full Text
Abstract
Threat analysts have discovered the phishing kit responsible for thousands of attacks against 136 high-profile organizations that have compromised 9,931 accounts.BleepingComputer
August 25, 2022
PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks Full Text
Abstract
The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets. The social engineering attack entails sending security-themed messages that create a false sense of urgency by informing recipients that Google is implementing a mandatory validation process on all packages and that they need to click on a link to complete the validation before September, or risk getting their PyPI modules removed. Should an unsuspecting developer fall for the scheme, users are directed to a lookalike landing page that mimics PyPI's login page and is hosted on Google Sites, from where the entered credentials are captured and abused to unauthorizedly access the accounts and compromise the packages to include malwareThe Hacker News
August 25, 2022
PyPI packages hijacked after developers fall for phishing emails Full Text
Abstract
A phishing campaign caught yesterday was seen targeting maintainers of Python packages published to the PyPI registry. Python packages 'exotel' and 'spam' are among hundreds seen laced with malware after attackers successfully compromised accounts of maintainers who fell for the phishing email.BleepingComputer
August 24, 2022
AiTM phishing campaign also targets G Suite users Full Text
Abstract
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise...Security Affairs
August 24, 2022
Hackers use AiTM attack to monitor Microsoft 365 accounts for BEC scams Full Text
Abstract
A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.BleepingComputer
August 23, 2022
A Tale of PivNoxy and Chinoxy Puppeteer Full Text
Abstract
Recently, a simple and short email with a suspicious RTF attachment was sent to a telecommunications agency in South Asia. The email was disguised as having come from a Pakistan government division and delivered the PivNoxy malware.Fortinet
August 22, 2022
PayPal Phishing Scam Uses Invoices Sent Via PayPal – Krebs on Security Full Text
Abstract
While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. For starters, all of the links in the email lead to paypal.com.Krebs on Security
August 21, 2022
Fake DDoS protection pages on compromised WordPress sites lead to malware infections Full Text
Abstract
Threat actors compromise WordPress sites to display fake Cloudflare DDoS protection pages to distribute malware. DDoS Protection pages are associated with browser checks performed by WAF/CDN services which verify if the site visitor is a human or a bot. Recently...Security Affairs
August 17, 2022
Iranian Group Targeting Israeli Shipping and Other Key Sectors Full Text
Abstract
One possible phishing lure used by the attackers is likely to have been a .xls file disguised as a job offer but designed to install Sugardump – one of two unique tools being used by the threat group.Security Week
August 16, 2022
Microsoft Warns About Phishing Attacks by Russia-linked Hackers Full Text
Abstract
Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests. The company is tracking the espionage-oriented activity cluster under its chemical element-themed moniker SEABORGIUM , which it said overlaps with a hacking group also known as Callisto , COLDRIVER , and TA446. "SEABORGIUM intrusions have also been linked to hack-and-leak campaigns, where stolen and leaked data is used to shape narratives in targeted countries," Microsoft's threat hunting teams said . "Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft." Attacks launched by the adversarial collective are known to target the same organizations using consistent methodologies applied over long periods of time, enabling it to infiltrate the victims' social networks through a combination of impersonation,The Hacker News
August 15, 2022
Microsoft disrupts SEABORGIUM ’s ongoing phishing operations Full Text
Abstract
Microsoft disrupted a hacking operation linked conducted by Russia-linked APT SEABORGIUM aimed at NATO countries. The Microsoft Threat Intelligence Center (MSTIC) has disrupted activity by SEABORGIUM (aka ColdRiver, TA446), a Russia-linked threat...Security Affairs
August 15, 2022
Callback phishing attacks see massive 625% growth since Q1 2021 Full Text
Abstract
Phishing is constantly evolving to bypass user training and email protections, and as threat actors adopt new tactics with better success ratios, quarterly stats reflect interesting threat trends on multiple fronts.BleepingComputer
August 11, 2022
Best Buy Spoof Uses Google Storage to Launch Phishing Attack Full Text
Abstract
In this attack, hackers are spoofing Best Buy. Best Buy is another popular spoofed brand. This one is not the most convincing one researchers have seen, as the logos are lacking, and the email isn’t especially convincing.Avanan
August 10, 2022
Phishing attack abuses Microsoft Azure, Google Sites to steal crypto Full Text
Abstract
A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites.BleepingComputer
August 9, 2022
Snapchat and Amex Abused to Target Microsoft 365 Users Full Text
Abstract
Threat actors were found sending phishing emails that abused open redirects on Amex and Snapchat. The domains act as a temporary landing site from where the victim is redirected to the malicious site.Cyware Alerts - Hacker News
August 9, 2022
3 Common Bank Scams Targeting NFCU, Bank of America, and M&T Bank Full Text
Abstract
One thing we can all agree on is the fact that merely the thought of being scammed is scary. However, if there is perhaps one type of scam that, above all others, nobody wants to fall for, it’s a bank scam.Trend Micro
August 08, 2022
Researchers Uncover Classiscam Scam-as-a-Service Operations in Singapore Full Text
Abstract
A sophisticated scam-as-a-service operation dubbed Classiscam has now infiltrated into Singapore, more than 1.5 years after expanding to Europe . "Scammers posing as legitimate buyers approach sellers with the request to purchase goods from their listings and the ultimate aim of stealing payment data," Group-IB said in a report shared with The Hacker News. The cybersecurity firm called the operators a "well-coordinated and technologically advanced scammer criminal network." Classiscam refers to a Russia-based cybercrime operation that was first recorded in summer 2019 but only came under spotlight a year later coinciding with a surge in activity owing to an increase in online shopping in the aftermath of COVID-19 outbreak. Called the most widely used fraud scheme during the pandemic, Classiscam targets people who use marketplaces and services relating to property rentals, hotel bookings, online bank transfers, online retail, ride-sharing, and package deThe Hacker News
August 8, 2022
LogoKit update – The phishing kit leveraging Open Redirect Vulnerabilities Full Text
Abstract
LogoKit - Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection...Security Affairs
August 08, 2022
Twilio discloses data breach after SMS phishing attack on employees Full Text
Abstract
Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack.BleepingComputer
August 8, 2022
Attackers abuse open redirects in Snapchat and Amex in phishing attacks Full Text
Abstract
Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft...Security Affairs
August 07, 2022
Snapchat, Amex sites abused in Microsoft 365 phishing attacks Full Text
Abstract
Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials.BleepingComputer
August 03, 2022
Microsoft accounts targeted with new MFA-bypassing phishing kit Full Text
Abstract
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication.BleepingComputer
August 3, 2022
Phishers Exploit Unprotected Snapchat, American Express Sites for Malicious Redirects Full Text
Abstract
From the website operator’s perspective, the only damage that potentially occurs is harm to the site’s reputation. The victims, however, may lose credentials, data, and possibly money.INKY
August 1, 2022
Blockchain security firm warns of new MetaMask phishing campaign Full Text
Abstract
As per a post written by Halborn’s technical education specialist Luis Lubeck, the active phishing campaign used emails to target MetaMask users and trick them into giving out their passphrases.Coin Telegraph
July 31, 2022
Huge network of 11,000 fake investment sites targets Europe Full Text
Abstract
Researchers have uncovered a gigantic network of more than 11,000 domains used to promote numerous fake investment schemes to users in Europe.BleepingComputer
July 29, 2022
This phishing attack uses a countdown clock to panic you into handing over passwords Full Text
Abstract
A sneaky new phishing attack attempts to manipulate victims into entering their username and password by claiming their account will be deleted if they don't - and it uses a countdown timer to pile on the pressure.ZDNet
July 29, 2022
Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network Full Text
Abstract
The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS , short for InterPlanetary File System, is a peer-to-peer (P2P) network to store and share files and data using cryptographic hashes, instead of URLs or filenames, as is observed in a traditional client-server approach. Each hash forms the basis for a unique content identifier ( CID ). The idea is to create a resilient distributed file system that allows data to be stored across multiple computers. This would allow information to be accessed without having to rely on third parties such as cloud storage providers, effectively making it resistant to censorship. "Taking down phishing content stored on IPFS can be difficulThe Hacker News
July 28, 2022
IPFS: The New Hotbed of Phishing Full Text
Abstract
These websites have the capability to change their background and logo depending on the user’s domain. The phishing sites are stored in the InterPlanetary File System (IPFS).Trustwave
July 27, 2022
New ‘Robin Banks’ phishing service targets BofA, Citi, and Wells Fargo Full Text
Abstract
A new phishing as a service (PhaaS) platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services.BleepingComputer
July 26, 2022
Google Ads Abused in Windows Support Scams Full Text
Abstract
An eerily realistic-seeming Google Search YouTube ad is redirecting visitors to tech support scams masquerading as security alerts from Windows Defender. In case a user is using a VPN connection, it is sent to the genuine YouTube site. Users are suggested to use a reliable anti-malware solution t ... Read MoreCyware Alerts - Hacker News
July 26, 2022
LinkedIn phishing target employees managing Facebook Ad Accounts Full Text
Abstract
A new phishing campaign codenamed 'Ducktail' is underway, targeting professionals on LinkedIn to take over Facebook business accounts that manage advertising for the company.BleepingComputer
July 24, 2022
QBot phishing uses Windows Calculator sideloading to infect devices Full Text
Abstract
The operators of the QBot malware have been using the Windows Calculator to side-load the malicious payload on infected computers.BleepingComputer
July 22, 2022
India: Business Associations Warn Members Against ‘PSPCL’ Phishing Scam Full Text
Abstract
Several business associations have warned their members against this fraud after PSPCL issued a public notice regarding the same. Businessmen are also demanding that authorities take strict action against the people running this scam.The Times Of India
July 20, 2022
Convincing ‘YouTube’ Google ads lead to Windows support scams Full Text
Abstract
A scarily realistic-looking Google Search YouTube advertisement is redirecting visitors to tech support scams pretending to be security alerts from Windows Defender.BleepingComputer
July 19, 2022 <br {:=”” .fs-4=”” .fw-700=”” .lh-0=”” }=”” <p=”” style=”font-weight:500; margin:0px” markdown=”1”> Fake Nvidia giveaway promises bitcoin Full Text
Abstract
On the splash screen of the fake website, visitors see the company logo (albeit purple, not the usual green) and the name of its CEO, Jensen Huang. Visitors are asked here to “select a category” to take part in the “event”.Kaspersky Lab
July 18, 2022
Roaming Mantis hits Android and iOS users in malware, phishing attacks Full Text
Abstract
After hitting Germany, Taiwan, South Korea, Japan, the US, and the U.K. the Roaming Mantis operation moved to targeting Android and iOS users in France, likely compromising tens of thousands of devices.BleepingComputer
July 17, 2022
PayPal-themed Phishing Kit Steals Information Full Text
Abstract
Akamai unveiled a malicious operation that brute-forces WordPress sites to deploy phishing kits. These kits redirect users to fake PayPal pages and harvest sensitive data including users’ banking information and email passwords. Users are advised to double-check the domain name of a page requ ... Read MoreCyware Alerts - Hacker News
July 14, 2022
Warning Issued Against NYDMV Phishing Scams Full Text
Abstract
A new SMS-based scam is reaching out to people in New York with a false claim of New York State offering $1,500 rebates owing to high fuel prices. Those who click on the links are redirected to a fake DMV website and urged to enter their personal information. The NYS Office has provided multip ... Read MoreCyware Alerts - Hacker News
July 14, 2022
PayPal phishing kit added to hacked WordPress sites for full ID theft Full Text
Abstract
A newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos.BleepingComputer
July 13, 2022
Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021 Full Text
Abstract
A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal...Security Affairs
July 13, 2022
Abused QuickBooks Site Sends Phone Scam Emails Full Text
Abstract
INKY recently detected a new variant of the tried-and-true phone scam. This time, the perps abused QuickBooks, an accounting software package used primarily by small business and midmarket customers who lack in-house finance and accounting teams.INKY
July 13, 2022
Microsoft Warns of Large-Scale AiTM Phishing Attacks Against Over 10,000 Organizations Full Text
Abstract
Microsoft on Tuesday disclosed that a large-scale phishing campaign targeted over 10,000 organizations since September 2021 by hijacking Office 365's authentication process even on accounts secured with multi-factor authentication (MFA). "The attackers then used the stolen credentials and session cookies to access affected users' mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets," the company's cybersecurity teams reported . The intrusions entailed setting up adversary-in-the-middle (AitM) phishing sites, wherein the adversary deploys a proxy server between a potential victim and the targeted website so that recipients of a phishing email are redirected to lookalike landing pages designed to capture credentials and MFA information. "The phishing page has two different Transport Layer Security (TLS) sessions — one with the target and another with the actual website the target wants to access," the companyThe Hacker News
July 12, 2022
Hackers impersonate cybersecurity firms in callback phishing attacks Full Text
Abstract
Hackers are impersonating well-known cybersecurity companies, such as CrowdStrike, in callback phishing emails to gain initial access to corporate networks.BleepingComputer
July 12, 2022
Text Message Phishing Scams Prompt Warning from New York DMV Full Text
Abstract
If someone clicks on the link provided in the scam message, they are brought to a webpage that is designed to look like the DMV website and they are asked to submit personal information.Government Technology
July 12, 2022
Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs Full Text
Abstract
Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks.BleepingComputer
July 12, 2022
New Phishing Attacks Shame, Scare Victims into Surrendering Twitter, Discord Credentials Full Text
Abstract
A recent wave of social media phishing schemes doubles down on aggressive scare tactics with phony account-abuse accusations to coerce victims into handing over their login details.Dark Reading
July 11, 2022
Anubis Networks is back with new C2 server Full Text
Abstract
A large-scale phishing campaign leveraging the Anubis Network is targeting Brazil and Portugal since March 2022. A large-scale phishing campaign is targeting Internet-end users in Brazil and Portugal since March 2022. Anubis Network is a C2 portal...Security Affairs
July 11, 2022
Brazen crooks are now posing as cybersecurity companies to trick you into installing malware Full Text
Abstract
Brazen cybercriminals are now posing as cybersecurity companies in phishing messages which claim that the recipient has been hit by a cyber attack and that they should urgently respond in order to protect their network.ZDNet
July 09, 2022
Hackers Exploiting Follina Bug to Deploy Rozena Backdoor Full Text
Abstract
A newly observed phishing campaign is leveraging the recently disclosed Follina security vulnerability to distribute a previously undocumented backdoor on Windows systems. "Rozena is a backdoor malware that is capable of injecting a remote shell connection back to the attacker's machine," Fortinet FortiGuard Labs researcher Cara Lin said in a report this week. Tracked as CVE-2022-30190 , the now-patched Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability has come under heavy exploitation in recent weeks ever since it came to light in late May 2022. The starting point for the latest attack chain observed by Fortinet is a weaponized Office document that, when opened, connects to a Discord CDN URL to retrieve an HTML file (" index.htm ") that, in turn, invokes the diagnostic utility using a PowerShell command to download next-stage payloads from the same CDN attachment space. This includes the Rozena implant ("WordThe Hacker News
July 9, 2022
Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies Full Text
Abstract
The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number. The campaign leverages similar social-engineering tactics to those employed in WIZARD SPIDER’s 2021 BazarCall campaign.Crowdstrike
July 8, 2022
Hackers Target National Portal of India via Unprecedented Phishing Technique Full Text
Abstract
The threat actors have been targeting the Indian government's portal by utilizing a bogus URL to trick users into submitting sensitive information such as credit card numbers, expiration months, and CVV codes, according to CloudSEK.International Business Times
July 07, 2022
Fake copyright complaints push IcedID malware using Yandex Forms Full Text
Abstract
BleepingComputer
June 30, 2022
Google blocked dozens of domains used by hack-for-hire groups Full Text
Abstract
Google's Threat Analysis Group (TAG) has blocked dozens of malicious domains and websites used by hack-for-hire groups in attacks targeting high-risk targets worldwide.BleepingComputer
June 28, 2022
Malicious Messenger chatbots used to steal Facebook accounts Full Text
Abstract
A new phishing attack is using Facebook Messenger chatbots to impersonate the company's support team and steal credentials used to manage Facebook pages.BleepingComputer
June 26, 2022
Fake copyright infringement emails install LockBit ransomware Full Text
Abstract
LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.BleepingComputer
June 26, 2022
Clever phishing method bypasses MFA using Microsoft WebView2 apps Full Text
Abstract
A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts.BleepingComputer
June 24, 2022
Phishing Attacks Using Microsoft’s Cloud CDN Service AFD Full Text
Abstract
Resecurity spotted a surge in phishing messages delivered via Azure Front Door, Microsoft’s cloud CDN service. Most of the content targeted Amazon, SendGrid, and Docusign customers. Through well-known cloud services the criminals are constantly trying to evade detection of their phishing attacks by ... Read MoreCyware Alerts - Hacker News
June 24, 2022
Phishing Alert: LNK-based Malware Distribution is on the Rise Full Text
Abstract
Microsoft claimed that hackers are increasingly deploying malware, including QBot, Emotet, Bazarloader, and ICEID, through infected LNK files. To distribute LNK files to victims, threat actors use spam emails and malicious URLs. Users should exercise caution when opening dangerous links and at ... Read MoreCyware Alerts - Hacker News
June 23, 2022
Phishing Kits, Credential Theft, and Social Media Scam Trends Q1 2022 Full Text
Abstract
While there has been a slight increase in the traditional email phishing attack, the other trends include social media impersonation scams, dark web threats, hybrid vishing attacks, and BEC attacks.Cyware Alerts - Hacker News
June 23, 2022
New MetaMask phishing campaign uses KYC lures to steal passphrases Full Text
Abstract
A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases.BleepingComputer
June 22, 2022
Fake Voicemail Campaign Steals Microsoft 365 Credentials Full Text
Abstract
A Voicemail messaging campaign is targeting individuals in the key vertical markets of the U.S. to steal their Office365 and Outlook credentials, while evading anti-phishing tools through a CAPTCHA check. The email has an HTML attachment using a music note character to impersonate the file as a sou ... Read MoreCyware Alerts - Hacker News
June 22, 2022
Threat Actors Target EI-ISAC Members with Fake Facebook Email Full Text
Abstract
Attackers are leveraging fake Facebook email uses copyrights to lure members of the Elections Infrastructure Information Sharing and Analysis Center (Ei-ISAC). The body of the email informed EI-ISAC that Facebook had taken down some of its content, as the result of a copyright infringement. Th ... Read MoreCyware Alerts - Hacker News
June 21, 2022
Voicemail Scam Steals Microsoft Credentials Full Text
Abstract
Attackers are targeting a number of key vertical markets in the U.S. with the active campaign, which impersonates the organization and Microsoft to lift Office365 and Outlook log-in details.Threatpost
June 21, 2022
Cybercriminals Use Azure Front Door in Phishing Attacks Full Text
Abstract
Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. Resecurity, Inc. (USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service...Security Affairs
June 18, 2022
New phishing attack infects devices with Cobalt Strike Full Text
Abstract
Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines.BleepingComputer
June 18, 2022
Fake Facebook Email Uses Copyrights to Trick EI-ISAC Members Full Text
Abstract
Malicious cyber actors recently targeted members of the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) with a copyright-themed fake Facebook email.CIS
June 17, 2022
Shipping Scams of the Week: BHL and USPS Full Text
Abstract
The scammers have borrowed the DHL company brand — even going so far as to mimic its colors, logo, and web design. Netizens have also reported receiving phishing emails from scammers posing as USPS.Trend Micro
June 14, 2022
At least $413,000 lost to parcel scams in Singapore since Jan Full Text
Abstract
Phishing scams involving the delivery of parcels have resulted in a loss of at least S$574,000 (~$413,000) since the start of 2022. The scams have claimed at least 415 victims, the Singapore Police Force said.Yahoo Finance
June 9, 2022
Summer holiday season fuels upswing of travel-themed spam Full Text
Abstract
Current phishing emails run the gamut from airline ticket giveaways, gift cards, and offers of bonus flight hours to booking confirmations and bargain offers for holiday rentals and all-inclusive deals.Help Net Security
June 08, 2022
Massive Facebook Messenger phishing operation generates millions Full Text
Abstract
Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements.BleepingComputer
June 08, 2022
Poisoned CCleaner search results spread information-stealing malware Full Text
Abstract
Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program.BleepingComputer
June 7, 2022
Follina Exploited in Phishing Attacks Full Text
Abstract
U.S. local governments and European governments were targeted in a phishing campaign using malicious RTF documents that abuse the Windows Follina flaw. The attack gathers passwords from a large number of browsers including Chrome, Firefox, Edge, Opera, Yandex, Vivaldi, and CentBrowser. The CISA sug ... Read MoreCyware Alerts - Hacker News
June 06, 2022
Windows zero-day exploited in US local govt phishing attacks Full Text
Abstract
European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina.BleepingComputer
June 05, 2022
Evasive phishing mixes reverse tunnels and URL shortening services Full Text
Abstract
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.BleepingComputer
June 2, 2022
Scammers Target NFT Discord Channel Full Text
Abstract
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.Threatpost
June 01, 2022
RuneScape phishing steals accounts and in-game item bank PINs Full Text
Abstract
Cybersecurity researchers have discovered a new RuneScape-themed phishing campaign, and it stands out among the various operations for being exceptionally well-crafted.BleepingComputer
June 01, 2022
Telegram’s blogging platform abused in phishing attacks Full Text
Abstract
Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials.BleepingComputer
May 30, 2022
A new WhatsApp OTP scam could allow the hijacking of users’ accounts Full Text
Abstract
Experts warn of a new ongoing WhatsApp OTP scam that could allow attackers to hijack users’ accounts through phone calls. Recently CloudSEK founder Rahul Sasi warned of an ongoing WhatsApp OTP scam that could allow threat actors to hijack users’...Security Affairs
May 26, 2022
Intuit warns of QuickBooks phishing threatening to suspend accounts Full Text
Abstract
Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings.BleepingComputer
May 26, 2022
Exposed: the threat actors who are poisoning Facebook Full Text
Abstract
An investigation of the infamous “Is That You?” video scam led Cybernews researchers into exposing threat actors who are poisoning Facebook Original post @ https://cybernews.com/security/exposed-the-threat-actors-who-are-poisoning-facebook/ An...Security Affairs
May 23, 2022
Photos of abused victims used in new ID verification scam Full Text
Abstract
Scammers are now leveraging dating apps like Tinder and Grindr to pose themselves as former victims of physical abuse to gain your trust and sympathy and sell you "ID verification" services. BleepingComputer came across multiple instances of users on online dating apps being approached by these catfishing profiles.BleepingComputer
May 19, 2022
Phishing websites now use chatbots to steal your credentials Full Text
Abstract
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors.BleepingComputer
May 19, 2022
Phishers Add Chatbot to the Phishing Lure Full Text
Abstract
Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. The phishers hope that this will help lower the attention of the target victim.Security Week
May 18, 2022
New Phishing Attack Spreads Fileless Malware Trio | Cyware Hacker News Full Text
Abstract
A phishing campaign has been observed targeting Windows users with three different fileless malware to steal sensitive information. The three malware are identified as BitRAT , PandoraHVNC, and AveMariaRAT. VBA scripts and PowerShell are used to retrieve the malware and install it on the victim' ... Read MoreCyware Alerts - Hacker News
May 16, 2022
HTML attachments remain popular among phishing actors in 2022 Full Text
Abstract
HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves.BleepingComputer
May 16, 2022
This phishing attack delivers three forms of malware. And they all want to steal your data Full Text
Abstract
Detailed by cybersecurity researchers at Fortinet, those who unintentionally run the malicious attachment sent in phishing emails fall victim to AveMariaRAT, BitRAT and PandoraHVNC trojan malware.ZDNet
May 15, 2022
Fake Pixelmon NFT site infects you with password-stealing malware Full Text
Abstract
A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets.BleepingComputer
May 11, 2022
Vanity URLs Could be Spoofed for Social Engineering Attacks Full Text
Abstract
Vanity links created by companies to add their brand to well-known cloud services could become a useful vector for phishing attacks and a way to better fool victims, researchers warn.Dark Reading
May 11, 2022
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters Full Text
Abstract
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.Threatpost
May 11, 2022
New Phishing-as-a-Service Toolkit Depends on Impersonation Scams Full Text
Abstract
Security analysts discovered a new underground service called Frappo, which is basically a Phishing-as-a-Service (PaaS), that lets cybercriminals host and launch sophisticated impersonation-based phishing scams. The cybercrime service was first seen on March 22, 2021. Given the rise in such threats ... Read MoreCyware Alerts - Hacker News
May 11, 2022
New Wave of Activities From Mustang Panda Full Text
Abstract
Mustang Panda is on a spree to launch phishing campaigns targeting European and Russian entities and using relevant news to lure potential victims. In some cases, the group has used summit- and conference-themed lures in Asia and Europe, and aims to gain as much long-term access to carry out cybere ... Read MoreCyware Alerts - Hacker News
May 10, 2022
Exclusive: Welcome “Frappo” – Resecurity identified a new Phishing-as-a-Service Full Text
Abstract
The Resecurity HUNTER unit identified a new underground service called 'Frappo', which is available on the Dark Web. “Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages...Security Affairs
May 09, 2022
Ukraine warns of “chemical attack” phishing pushing stealer malware Full Text
Abstract
Ukraine's Computer Emergency Response Team (CERT-UA) is warning of the mass distribution of Jester Stealer malware via phishing emails using warnings of impending chemical attacks to scare recipients into opening attachments.BleepingComputer
May 07, 2022
Fake crypto giveaways steal millions using Elon Musk Ark Invest video Full Text
Abstract
Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube.BleepingComputer
May 6, 2022
How Instagram scammers talk users out of their accounts Full Text
Abstract
Regardless of the script they’re following, scammers will say you’ll receive a link on your phone via SMS. They will then ask you not to click the link but merely take a screenshot and send the image back to them.Malwarebytes Labs
May 4, 2022
Watch Out! Verified Twitter Accounts Are Targeted in Phishing Attacks Full Text
Abstract
The targets were notified that there was a problem with their verified Twitter account and were advised to click on the ‘Check notifications’ button to find out more about what is wrong.Heimdal Security
May 03, 2022
New phishing warns: Your verified Twitter account may be at risk Full Text
Abstract
Phishing emails increasingly target verified Twitter accounts with emails designed to steal their account credentials, as shown by numerous ongoing campaigns conducted by threat actors.BleepingComputer
May 02, 2022
Google SMTP relay service abused for sending phishing emails Full Text
Abstract
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users.BleepingComputer
April 29, 2022
Phishing Campaign Delivers Malware to Steals Passwords, Chat Logs, and Crypto Wallets Full Text
Abstract
A mass phishing campaign is targeting Windows PCs and aims to deliver malware that can steal usernames, passwords, credit card details, and the contents of cryptocurrency wallets.ZDNet
April 28, 2022
Cybercriminals deliver IRS tax scams and phishing campaigns by mimicking government vendors Full Text
Abstract
Cybercriminals purposely choose specific times when all of us are busy with taxes, and preparing for holidays (e.g., Easter), that’s why you need to be especially careful during these times.Help Net Security
April 27, 2022
Russian govt impersonators target telcos in phishing attacks Full Text
Abstract
A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries.BleepingComputer
April 25, 2022
This sneaky phishing attack tries to steal your Facebook password Full Text
Abstract
As part of the fake appeals process, the user is asked to provide sensitive information, including their name and email address. Before submitting the form, the user is also asked to enter their Facebook password.ZDNet
April 23, 2022
Phishing attacks using the topic “Azovstal” targets entities in Ukraine Full Text
Abstract
Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic "Azovstal" and Cobalt Strike Beacon. The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country...Security Affairs
April 21, 2022
Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors Full Text
Abstract
Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate...Security Affairs
April 20, 2022
Watch out for Ukraine donation scammers in Twitter replies Full Text
Abstract
The invasion of Ukraine has been a money-making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works.Malwarebytes Labs
April 19, 2022
LinkedIn brand takes lead as most impersonated in phishing attacks Full Text
Abstract
Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level.BleepingComputer
April 18, 2022
MetaMask warns Apple users over iCloud phishing attacks Full Text
Abstract
In a Twitter thread posted on Monday, MetaMask noted that users run the risk of losing their funds if their Apple password “isn’t strong enough” and an attacker is able to phish their account credentials.Coin Telegraph
April 15, 2022
T-Mobile customers warned of unblockable SMS phishing attacks Full Text
Abstract
An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS (Short Message Service) group messages.BleepingComputer
April 14, 2022
Campaign Similar to Operation Kitty Phishing Found Targeting South Koreans Full Text
Abstract
According to researchers, the campaign was first observed in April and aims to steal data from individuals in South Korea. They are targeted via spear-phishing emails that include malicious Word documents.Cyware Alerts - Hacker News
April 12, 2022
DPRK-Nexus Adversary Targets South Korean Individuals in a New Chapter of Kitty Phishing Operation Full Text
Abstract
Cluster25 traced a recent activity that started in the first days of April 2022 from a DPRK-nexus threat actor using spear-phishing emails containing Korean-based malicious documents with different lures to compromise its victims.Cluster25
April 12, 2022
Double-Your-Crypto Scams Share Crypto Scam Host – Krebs on Security Full Text
Abstract
The ark-x2[.]org site pretended to be a crypto giveaway website run by Cathie Wood, the founder and CEO of ARKinvest, an established Florida company that manages several exchange-traded investment funds.Krebs on Security
April 11, 2022
Eavesdropping scam: A new scam call tactic Full Text
Abstract
Hiya has detected the newest scam call tactic, the eavesdropping scam. The new scam aims to get users to call back by leaving vague voicemail messages where an unknown voice is heard talking about the potential victim.Help Net Security
April 6, 2022
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info Full Text
Abstract
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.Threatpost
April 05, 2022
Ukraine: Russian Armageddon phishing targets EU govt agencies Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon).BleepingComputer
April 05, 2022
Australia warns of money recovery phishing luring past victims Full Text
Abstract
The Australian Competition & Consumer Commission has published an announcement to raise awareness about a spike in money recovery scams.BleepingComputer
April 05, 2022
Ukraine spots Russian-linked ‘Armageddon’ phishing attacks Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon).BleepingComputer
April 4, 2022
“Free easter chocolate basket” is a social media scam after your personal details Full Text
Abstract
Cadbury UK has issued a warning to its 315,000 followers on Twitter about a scam making the rounds on WhatsApp and other social media sites like Facebook. The Dorset Police Cyber Crime Unit posted an appeal about this scam on its Facebook page.Malwarebytes Labs
April 2, 2022
Phishing attacks exploit free calendar app to steal account credentials Full Text
Abstract
In a recent report, email security provider INKY described a recent phishing campaign that took advantage of the Calendly calendar app to harvest sensitive account credentials from unsuspecting victims.Tech Republic
April 1, 2022
Phishing Attacks Target NATO and European Military Full Text
Abstract
Google TAG found multiple cybercriminal activities, such as phishing and malware attacks, targeting NATO and Eastern European countries. An APT group adopted a novel Browser-in-the-Browser (BitB) phishing technique. A group with alleged links to China targeted government and military organizations ... Read MoreCyware Alerts - Hacker News
March 31, 2022
Google warns of multiple hacking groups using the war in Ukraine as a lure in phishing attempts Full Text
Abstract
Hostile hacking groups are exploiting Russia's invasion of Ukraine to carry out cyberattacks designed to steal login credentials, sensitive information, money, and more from victims around the world.ZDNet
March 31, 2022
Phishers Schedule Victims on Calendar App Full Text
Abstract
Toward the end of February, INKY detected a credential harvesting operation that abused Calendly, a freemium calendaring hub, by inserting malicious links on calendly.com event invitations.INKY
March 28, 2022
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware Full Text
Abstract
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a report shared with The Hacker News. "A forged reply to a previous stolen email is being used as a way to convince the recipient to open the attachment. This is notable because it increases the credibility of the phishing email and may cause a high infection rate." The latest wave of attacks, detected in mid-March 2022, is said to have targeted organizations within energy, healthcare, law, and pharmaceutical sectors. IcedID, aka BokBot, like its counterparts TrickBot and Emotet , is a banking trojan that has evolved to become an entry point for more sophisticated threats, including huThe Hacker News
March 28, 2022
Phishing Kits Evolve and Evade Detection Full Text
Abstract
Off-the-shelves, modern phishing kits are being sold on underground forums that contain several, sophisticated detection avoidance and traffic filtering processes to not be marked as threats. Fake websites impersonating renowned brands are created using phishing kits featuring realistic login ... Read MoreCyware Alerts - Hacker News
March 28, 2022
Shopping trap: The online stores’ scam that hits users worldwide Full Text
Abstract
Shopping trap: Criminal gangs from China have been using copies of online stores of popular brands to target users all over the world Malicious schemas linked to online stores are on the rise in 2022. Criminal gangs from China have been using copies...Security Affairs
March 24, 2022
Phishing kits constantly evolve to evade security software Full Text
Abstract
Modern phishing kits sold on cybercrime forums as off-the-shelve packages feature multiple and sophisticated detection avoidance and traffic filtering systems to ensure that internet security solutions won't mark them as a threat.BleepingComputer
March 24, 2022
Tax-Season Scammers Spoof Fintechs, Including Stash, Public Full Text
Abstract
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.Threatpost
March 21, 2022
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable Full Text
Abstract
A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single sign-on ( SSO ) options embedded on websites such as "Sign in with Google" (or Facebook, Apple, or Microsoft). While the default behavior when a user attempts to sign in via these methods is to be greeted by a pop-up window to complete the authentication process, the BitB attack aims to replicate this entire process using a mix of HTML and CSS code to create an entirely fabricated browser window. "Combine the window design with an iframe pointing to the malicious server hosting the phishing page, and it's basically indistinguishable," mrd0x_ said in a technical write-up published lastThe Hacker News
March 21, 2022
‘CryptoRom’ Crypto Scam Abusing iPhone Features to Target Mobile Users Full Text
Abstract
Social engineering attacks leveraging a combination of romantic lures and cryptocurrency fraud have been luring unsuspecting victims into installing fake apps by taking advantage of legitimate iOS features like TestFlight and Web Clips. Cybersecurity company Sophos, which has named the organized crime campaign " CryptoRom ," characterized it as a wide-ranging global scam. "This style of cyber-fraud, known as sha zhu pan (杀猪盘) — literally 'pig butchering plate' — is a well-organized, syndicated scam operation that uses a combination of often romance-centered social engineering and fraudulent financial applications and websites to ensnare victims and steal their savings after gaining their confidence," Sophos analyst Jagadeesh Chandraiah said in a report published last week. The campaign works by approaching potential targets through dating apps like Bumble, Tinder, Facebook Dating, and Grindr, before moving the conversation to messaging apps such as WhThe Hacker News
March 21, 2022
Facebook phish claims “Someone tried to log into your account” Full Text
Abstract
The mail itself combines a fairly clean design with minimal messaging. There’s a tendency with some phish attempts to overstuff the mail with all manner of nonsense to look more convincing.Malwarebytes Labs
March 19, 2022
New Phishing toolkit lets anyone create fake Chrome browser windows Full Text
Abstract
A phishing kit has been released that allows red teamers and wannabe cybercriminals to create effective single sign-on phishing login forms using fake Chrome browser windows.BleepingComputer
March 16, 2022
‘CryptoRom’ Crypto-Scam is Back via Side-Loaded Apps Full Text
Abstract
Scammers are bypassing Apple’s App Store security, stealing thousands of dollars’ worth of cryptocurrency from the unwitting, using the TestFlight and WebClips programs.Threatpost
March 15, 2022
Massive phishing campaign uses 500+ domains to steal credentials Full Text
Abstract
Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet.BleepingComputer
March 13, 2022
Fake Valorant cheats on YouTube infect you with RedLine stealer Full Text
Abstract
Korean security analysts have spotted a malware distribution campaign that uses Valorant cheat lures on YouTube to trick players into downloading RedLine, a powerful information stealer.BleepingComputer
March 09, 2022
Chinese phishing actors consistently targeting EU diplomats Full Text
Abstract
The China-aligned group tracked as TA416 (aka Mustang Panda) has been consistently targeting European diplomats since August 2020, with the most recent activity involving refreshed lures to coincide with the Russian invasion of Ukraine.BleepingComputer
March 08, 2022
Belarus targeted Ukraine, Poland in phishing campaigns: Google Full Text
Abstract
Google’s threat analysis team said that Belarus has targeted Ukrainian and Polish officials with phishing attacks amid Russia’s invasion of Ukraine.The Hill
March 08, 2022
Google: Russian Hackers Target Ukrainians, European Allies via Phishing Attacks Full Text
Abstract
A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group (TAG) said it took down two Blogspot domains that were used by the nation-state group FancyBear (aka APT28) – which is attributed to Russia's GRU military intelligence – as a landing page for its social engineering attacks. The disclosure comes close on the heels of an advisory from the Computer Emergency Response Team of Ukraine (CERT-UA) warning of phishing campaigns targeting Ukr.net users that involve sending messages from compromised accounts containing links to attacker-controlled credential harvesting pages. Another cluster of threat activity concerns webmail users of Ukr.net, Yandex.ru, wp.pl, rambler.ru, meta.ua, and i.ua, who have been at the receiving end of phishing attacks by a Belarusian threat actor tracked as GhostwritThe Hacker News
March 8, 2022
Ukraine’s CERT-UA warns of phishing attacks against Ukrainian citizens Full Text
Abstract
Ukraine's CERT-UA warned citizens of new phishing attacks launched through compromised email accounts belonging to Indian entities. Ukraine's Computer Emergency Response Team (CERT-UA) is warning of new phishing attacks targeting Ukrainian citizens...Security Affairs
March 7, 2022
8X Increase in Russian-Based Phishing Full Text
Abstract
Avanan analyzed more than two million customer email inboxes since February 16. On the 27th, the attacks increased by eight times as compared to the baseline volume.Cyware Alerts - Hacker News
March 07, 2022
Ukrainian CERT Warns Citizens of Phishing Attacks Using Compromised Accounts Full Text
Abstract
Ukraine's Computer Emergency Response Team (CERT-UA) warned of new phishing attacks aimed at its citizens by leveraging compromised email accounts belonging to three different Indian entities with the goal of compromising their inboxes and stealing sensitive information. The agency cautioned that the emails arrive with the subject line "Увага" (meaning "Attention") and claim to be from a domestic email service called Ukr.net, when in actuality, the email address of the sender is "muthuprakash.b@tvsrubber[.]com." The messages purportedly warn the recipients of an unauthorized attempt to log in to their accounts from an IP address based out of the eastern Ukrainian city of Donetsk, further prompting them to click on a link to change their passwords with immediate effect. "After following the link and entering the password, it gets to the attackers," CERT-UA noted in a Facebook post over the weekend. "In this way, they gain access toThe Hacker News
March 7, 2022
Google Fights Phishing With Updated Workspace Notifications Full Text
Abstract
Instead of just showing the name, now, Google is including the commenter's email address in Workspace comment notifications, so that users can better assess the legitimacy of the message.Security Week
March 4, 2022
The most impersonated brands in phishing attacks Full Text
Abstract
With six brands in the top 20, financial services was the most impersonated industry of 2021, representing 35% of all phishing pages, rising sharply based on its place at 28% in 2020.Help Net Security
March 04, 2022
Social media phishing attacks are at an all time high Full Text
Abstract
Phishing campaigns continue to focus on social media, ramping up efforts to target users for the third consecutive year as the medium becomes increasingly used worldwide for communication, news, and entertainment.BleepingComputer
March 3, 2022
Phishing Campaign Targeted Those Aiding Ukraine Refugees Full Text
Abstract
A military email address was used to distribute malicious email macros among EU personnel helping Ukrainians.Threatpost
March 3, 2022
Ransomware infections top list of the most common results of phishing attacks Full Text
Abstract
In a new study, eighty-four percent of organizations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result.Tech Republic
March 2, 2022
Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees Full Text
Abstract
A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. Researchers from cybersecurity firm Proofpoint uncovered a spear-phishing campaign, likely conducted by a nation-state actor,...Security Affairs
March 02, 2022
Phishing attacks target countries aiding Ukrainian refugees Full Text
Abstract
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.BleepingComputer
March 01, 2022
Hundreds of eBike phishing sites abuse Google Ads to push scams Full Text
Abstract
A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands.BleepingComputer
February 25, 2022
Ukraine links phishing targeting military to Belarusian hackers Full Text
Abstract
The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.BleepingComputer
February 24, 2022
Citibank phishing baits customers with fake suspension alerts Full Text
Abstract
An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds.BleepingComputer
February 23, 2022
New Phishing Technique Uses Remote Access Software Full Text
Abstract
Security researchers discovered a new phishing technique wherein adversaries bypass MFA using the VNC screen sharing system without victims logging into their accounts. The demonstrated phishing technique has not been used in real-world attacks yet. However, the researcher suspects that it could be ... Read MoreCyware Alerts - Hacker News
February 23, 2022
Hackers tried to shatter the spine of global supply chains in 2021 Full Text
Abstract
IBM researchers say that phishing remains the most common attack vector for cyberattacks but there has also been a 33% increase in the use of vulnerabilities against unpatched systems.ZDNet
February 22, 2022
Devious phishing method bypasses MFA using remote access software Full Text
Abstract
A devious new phishing technique allows attackers to bypass MFA by secretly having victims log in to their accounts directly on attacker-controlled servers using VNC.BleepingComputer
February 21, 2022
Attackers Target Top UK Bank With Phishing Campaigns Full Text
Abstract
Monzo, one of the UK's most popular online banking platforms, warned users against an ongoing phishing campaign that can acquire their personal data and eventually, let hackers take over their bank accounts. The phishing process starts with a SMSdisplaying Monzo as the sender's name. Users nee ... Read MoreCyware Alerts - Hacker News
February 21, 2022
OpenSea users lose $2 million worth of NFTs in phishing attack Full Text
Abstract
The non-fungible token (NFT) marketplace OpenSea is investigating a phishing attack that left 17 of its users without more than 250 NFTs worth around $2 million.BleepingComputer
February 20, 2022
BEC scammers impersonate CEOs on virtual meeting platforms Full Text
Abstract
The FBI warned US organizations and individuals are being increasingly targeted in BECattacks on virtual meeting platforms The Federal Bureau of Investigation (FBI) warned this week that US organizations and individuals are being increasingly targeted...Security Affairs
February 18, 2022
Microsoft Warns of ‘Ice Phishing’ Threat on Web3 and Decentralized Networks Full Text
Abstract
Microsoft has warned of emerging threats in the Web3 landscape, including "ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers. "One aspect that the immutable and public blockchain enables is complete transparency, so an attack can be observed and studied after it occurred," Christian Seifert, principal research manager at Microsoft's Security and Compliance group, said . "It also allows assessment of the financial impact of attacks, which is challenging in traditional web2 phishing attacks." The theft of the keys could be carried out in several ways, including imThe Hacker News
February 16, 2022
FBI warns of BEC attackers impersonating CEOs in virtual meetings Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned today that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.BleepingComputer
February 16, 2022
Singapore introduces strong measures to stop online scams Full Text
Abstract
Singapore will step up up efforts to stamp out phishing and spoofing, ministers told the parliament on Tuesday. The topic gained attention after instances of attacks and scams soared recently.The Register
February 13, 2022
Analyzing Phishing attacks that use malicious PDFs Full Text
Abstract
Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks Every day everybody receives many phishing attacks with malicious docs or PDFs. I decided to take a look at one of these files. I did a static analysis...Security Affairs
February 10, 2022
Be Careful! Phishing Kits Bypassing MFA are Growing in Popularity Full Text
Abstract
In one recent discovery, a team of academics highlighted that there are more than 1200 phishing toolkits deployed in the wild that are capable of intercepting 2FA security codes. Proofpoint researchers also flagged three phishing kits in particular—Modlishka, Muraena/Necrobrowser, and Evilginx2—tha ... Read MoreCyware Alerts - Hacker News
February 8, 2022
Roaming Mantis Operators Use Fake SMS Messages to Lure European Targets Full Text
Abstract
Researchers have detected new activity of Roaming Mantis; attackers have modified the Android trojan Wroba to target Android and iPhone users in Germany and France to steal credentials. Germany and French officials have alerted users about smishing messages with package notifications and compromise ... Read MoreCyware Alerts - Hacker News
February 8, 2022
Roaming Mantis SMSishing campaign now targets Europe Full Text
Abstract
The Roaming Mantis SMS phishing campaign is now targeting Android and iPhone users in Europe with malicious apps and phishing pages. Roaming Mantis surfaced in March 2018 when hacked routers in Japan redirecting users to compromised websites. Roaming...Security Affairs
February 07, 2022
Medusa malware ramps up Android SMS phishing attacks Full Text
Abstract
The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud.BleepingComputer
February 4, 2022
AsyncRAT Operators Adopt New Evasive Delivery Technique Full Text
Abstract
Morphisec identified a new sophisticated campaign using a phishing tactic with an HTML attachment to deliver AsyncRAT for around five months. Moreover, the malware campaign has one of the lowest detection rates, according to VirusTotal. This calls upon the organizations to regularly audit and upgra ... Read MoreCyware Alerts - Hacker News
February 04, 2022
US indicts multiple call centers for IRS, Social Security scams Full Text
Abstract
The U.S. Department of Justice has announced the indictment of several India-based call centers and their directors for targeting Americans with Social Security, IRS, and loan phone call scams.BleepingComputer
February 4, 2022
Microsoft blocked tens of billions of brute-force and phishing attacks in 2021 Full Text
Abstract
Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year. Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions...Security Affairs
February 03, 2022
Intuit warns of phishing emails threatening to delete accounts Full Text
Abstract
Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended.BleepingComputer
February 03, 2022
Microsoft blocked billions of brute-force and phishing attacks last year Full Text
Abstract
Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft.BleepingComputer
February 03, 2022
MFA adoption pushes phishing actors to reverse-proxy solutions Full Text
Abstract
The rising adoption of multi-factor authentication (MFA) for online accounts pushes phishing actors to use more sophisticated solutions to continue their malicious operations, most notably reverse-proxy tools.BleepingComputer
January 30, 2022
Multi-Stage Phishing Campaign Leverages BYOD Concept to Target Organizations Full Text
Abstract
According to Microsoft 365 Defender Threat Intelligence Team, the campaign took advantage of the devices that did not implement MultiFactor Authentication (MFA).Cyware Alerts - Hacker News
January 30, 2022
Novel device registration trick enhances multi-stage phishing attacks Full Text
Abstract
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft has shared details of a large-scale phishing campaign that leverages stolen credentials to register...Security Affairs
January 28, 2022
Finland warns of Facebook accounts hijacked via Messenger phishing Full Text
Abstract
Finland's National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims' friends in Facebook Messenger chats.BleepingComputer
January 27, 2022
New phishing attack uses an unusual trick to spread further Full Text
Abstract
A new multi-phase phishing campaign first enrolls an attacker's BYOD device on a corporate network and then begins sending thousands of convincing phishing emails to further targets.ZDNet
January 27, 2022
Microsoft warns of multi-stage phishing campaign leveraging Azure AD Full Text
Abstract
Microsoft's threat analysts have uncovered a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices onto the target's network and use them to distribute phishing emails.BleepingComputer
January 25, 2022
Google Drive now warns you of suspicious phishing, malware docs Full Text
Abstract
Google is rolling out new warning banners in Google Drive to alert users of potentially suspicious files that threat actors could use for malware delivery and in phishing attacks.BleepingComputer
January 24, 2022
Surge in Malicious QR Codes Sparks FBI Alert Full Text
Abstract
QR codes have become a go-to staple for contactless transactions of all sorts during the pandemic, and the FBI is warning cybercriminals are capitalizing on their lax security to steal data and money, and drop malware.Threatpost
January 24, 2022
Emotet spam uses unconventional IP address formats to evade detection Full Text
Abstract
Experts warn Emotet malware campaign using "unconventional" IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using "unconventional" IP address formats to evade detection....Security Affairs
January 21, 2022
Phishing impersonates shipping giant Maersk to push STRRAT malware Full Text
Abstract
A new phishing campaign using fake shipping delivery lures installs the STRRAT remote access trojan on unsuspecting victim's devices.BleepingComputer
January 19, 2022
Phishing Attacks Impersonates Department of Labor to Steal Vendors’ Account Credentials Full Text
Abstract
Researchers from Inky detailed a series of phishing attacks in which the sender address on most of the emails appeared to come from [email protected], the real domain for the Department of Labor.Tech Republic
January 19, 2022
Office 365 phishing attack impersonates the US Department of Labor Full Text
Abstract
A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials.BleepingComputer
January 18, 2022
New RedLine Variant Uses Omicron Lure to Trap Victims Full Text
Abstract
Fortinet discovered a new RedLine info-stealer campaign impersonating the COVID-19 Omicron stat counter app as a lure to steal data. The victims of the attack campaign are reportedly distributed across 12 countries. Security teams are advised to deploy a reliable anti-malware solution, encrypt impo ... Read MoreCyware Alerts - Hacker News
January 17, 2022
DHL dethrones Microsoft as most imitated brand in phishing attacks Full Text
Abstract
DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.BleepingComputer
January 17, 2022
Nintendo warns of spoofed sites pushing fake Switch discounts Full Text
Abstract
Nintendo has warned customers of multiple sites impersonating the Japanese video game company's official website and pretending to sell Nintendo Switch consoles at significant discounts.BleepingComputer
January 14, 2022
Real Big Phish: Mobile Phishing & Managing User Fallibility Full Text
Abstract
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike.Threatpost
January 12, 2022
EA: 50 high-profile FIFA 22 accounts taken over by phishing actors Full Text
Abstract
Electronic Arts (EA) has published an official response to numerous reports about hacked player accounts, confirming the problem and attributing it to phishing actors.BleepingComputer
January 10, 2022
Phishing Kit Victim Workflow and Data Exflitration Full Text
Abstract
Phishing designed to obtain credentials for retail brands or markets can contain very different stages compared to phishing designed to obtain online banking or credit card information from victims.ZeroFox
January 6, 2022
Google Voice Authentication Scam Leaves Victims on the Hook Full Text
Abstract
The FBI is seeing so much activity around malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers, that it sent out an alert this week.Threatpost
January 6, 2022
The Use of Phishing Toolkits to ByPass 2FA is on the Rise Full Text
Abstract
Cybersecurity researchers claimed to have found over a thousand phishing toolkits that are able to hack two-factor authentication, allowing hackers to conduct sophisticated attacks on a target system. It is bizarre to admit that most of these MitM phishing toolkits in use by attackers are based on ... Read MoreCyware Alerts - Hacker News
January 06, 2022
US arrests suspect who stole unpublished books in phishing attacks Full Text
Abstract
An Italian man allegedly involved in a multi-year scheme to fraudulently obtain hundreds of prepublication manuscripts was arrested on Wednesday at the John F. Kennedy International Airport, in New York.BleepingComputer
January 6, 2022
Google Docs comment feature abused in phishing campaign Full Text
Abstract
Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. Researchers from security firm Avanan in December uncovered a phishing campaign targeting mainly Outlook...Security Affairs
January 06, 2022
Google Docs commenting feature exploited for spear-phishing Full Text
Abstract
A new trend in phishing attacks emerged in December 2021, with threat actors abusing the commenting feature of Google Docs to send out emails that appear trustworthy.BleepingComputer
January 06, 2022
FBI warns about ongoing Google Voice authentication scams Full Text
Abstract
The Federal Bureau of Investigation (FBI) says Americans who share their phone number online are being targeted by Google Voice authentication scams.BleepingComputer
December 30, 2021
Twitter account of FBI’s fake chat app, ANOM seen trolling today Full Text
Abstract
The Twitter account previously associated with the ANOM chat app is posting frivolous tweets this week. ANOM was a fake encrypted messaging platform created as part of a global sting operation led by the U.S. FBI, Australian Federal Police (AFP), and other law enforcement agencies to catch criminals.BleepingComputer
December 29, 2021
Silent danger: One in five aged domains is malicious, risky, or unsafe Full Text
Abstract
The number of malicious dormant domains is on the rise, and as researchers warn, roughly 22.3% of strategically aged domains pose some form of danger.BleepingComputer
December 28, 2021
Not-so-funny Funeral Scam by Dridex Full Text
Abstract
A phishing attack loaded with Dridex malware is faking COVID-19 funeral assistance and attempts to steal the online banking credentials of individuals. This is not the first time that cybercriminals have been observed trolling victims with messages. A week ago, cybercriminals were sending fake e ... Read MoreCyware Alerts - Hacker News
December 25, 2021
Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline Full Text
Abstract
A gang behind a recent Dridex Omicron campaign is moking the victims taunting them with a COVID-19 funeral assistance helpline number. Crooks behind a recent Dridex campaign is moking the researchers and victims taunting them with a COVID-19 funeral...Security Affairs
December 24, 2021
Dridex Omicron phishing taunts with funeral helpline number Full Text
Abstract
A malware distributor for the Dridex banking malware has been toying with victims and researchers over the last few weeks. The latest example is a phishing campaign that taunts victims with a COVID-19 funeral assistance helpline number.BleepingComputer
December 23, 2021
Phishing campaign targets CoinSpot cryptoexchange 2FA codes Full Text
Abstract
A new phishing campaign that targets users of the CoinSpot cryptocurrency exchange employs a new theme that revolves around withdrawal confirmations.BleepingComputer
December 23, 2021
Phishers Now Impersonate Pfizer to Target Victims Full Text
Abstract
The attackers are using clean PDF attachments with newly registered domains that seem to be valid Pfizer online spaces. Then, they use spawn email accounts for email distribution to bypass email protection.Cyware Alerts - Hacker News
December 23, 2021
A Global Phishing Scam That Cost Victims $80 Million Per Month Full Text
Abstract
With the holiday season here, scammers are making use of their best tactics to phish users, and one such phishing scam, probably the biggest in the year, has come to the notice of researchers.Cyware Alerts - Hacker News
December 20, 2021
Robocalls More Than Doubled in 2021, Cost Victims $30B Full Text
Abstract
T-Mobile reported blocking 21 billion scam calls during a record-smashing year for robocalls.Threatpost
December 20, 2021
Meta sues people behind Facebook and Instagram phishing Full Text
Abstract
Meta (formerly known as Facebook) has filed a federal lawsuit in California court to disrupt phishing attacks targeting Facebook, Messenger, Instagram, and WhatsApp users.BleepingComputer
December 20, 2021
T-Mobile says it blocked 21 billion scam calls this year Full Text
Abstract
T-Mobile says it blocked 21 billion scam, spam, and unwanted robocalls this year through its free Scam Shield robocall and scam protection service, amounting to an average of 1.8 billion scam calls identified or blocked every month.BleepingComputer
December 20, 2021
Phishing attacks impersonate Pfizer in fake requests for quotation Full Text
Abstract
Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims.BleepingComputer
December 17, 2021
Crypto Scam Revenue Touches $7.7 Billion Full Text
Abstract
As per Chainalysis’ 2022 Crypto Crime Report, c rypto scams have earned a revenue of $7.7 billion from victims worldwide. This is an 81% rise from that in 2020. Rug pulls accounted for 37% of all crypto scam revenue.Cyware Alerts - Hacker News
December 15, 2021
Large-scale phishing study shows who bites the bait more often Full Text
Abstract
A large-scale phishing study involving 14,733 participants over a 15-month experiment has produced some surprising findings that contradict previous research results that formed the basis for popular industry practices.BleepingComputer
December 13, 2021
Phishing campaign uses PowerPoint macros to drop Agent Tesla Full Text
Abstract
A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code.BleepingComputer
December 12, 2021
A phishing campaign targets clients of German banks using QR codes Full Text
Abstract
Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including...Security Affairs
December 10, 2021
‘Appalling’ Riot Games Job Fraud Takes Aim at Wallets Full Text
Abstract
Scammers are using fake job listings to empty the wallets of young, hopeful victims looking to break into the gaming industry.Threatpost
December 10, 2021
Phishing attacks use QR codes to steal banking credentials Full Text
Abstract
A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process.BleepingComputer
December 7, 2021
When Scammers Get Scammed, They Take It to Cybercrime Court Full Text
Abstract
Underground arbitration system settles disputes between cybercriminals.Threatpost
December 7, 2021
Persuasive Phishing Attacks Use Fake Office365 Spam Alerts Full Text
Abstract
Microsoft has always been the target of phishing attacks. A new wave of phishing attacks is using fake Office 365 notifications with an aim to steal victims’ Microsoft credentials.Cyware Alerts - Hacker News
December 05, 2021
As Twitter removes blue badges for many, phishing targets verified accounts Full Text
Abstract
A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error.BleepingComputer
December 05, 2021
Convincing Microsoft phishing uses fake Office 365 spam alerts Full Text
Abstract
A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials.BleepingComputer
December 05, 2021
New Twitter phishing campaign targets verified accounts Full Text
Abstract
A new phishing campaign has been targeting verified Twitter accounts, as seen by BleepingComputer. The phishing campaign follows Twitter's recent removal of the checkmark from a number of verified accounts, citing that these were ineligible for the legendary status, and verified in error.BleepingComputer
December 3, 2021
Now Anyone can Phish with Phishing Kits Full Text
Abstract
Phishing kits enable non-technical criminals to readily leverage new techniques. These kits contain a set of tools that allow wannabe criminals to build and launch their own phishing campaigns.Cyware Alerts - Hacker News
December 02, 2021
Phishing actors start exploiting the Omicron COVID-19 variant Full Text
Abstract
Phishing actors have quickly started to exploit the emergence of the Omicron COVID-19 variant and now use it as a lure in their malicious email campaigns.BleepingComputer
December 2, 2021
How phishing kits are enabling a new legion of pro phishers Full Text
Abstract
Malicious emails can be used to reach many targets with relative ease, and criminals can purchase ready-made phishing kits that bundle together everything they need for a lucrative campaign.Help Net Security
December 01, 2021
Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns Full Text
Abstract
Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive data without the knowledge of the victim, the financially motivated operation uncovered by Check Point Research is designed to trick the targets into handing over their credit card information by sending them a legitimate-looking SMS message that contains a link, which, when clicked, downloads a malware-laced app onto their devices. "The malicious application not only collects the victim's credit card numbers, but also gains access to their 2FA authentication SMS, and turn[s] the victim's device into a bot capable of spreading similar phishing SMS to other potential victims," Check Point researThe Hacker News
December 01, 2021
State-backed hackers increasingly use RTF injection for phishing Full Text
Abstract
Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns.BleepingComputer
November 30, 2021
High Volume German Phishing Campaign Aims to Steal Banking Credentials Full Text
Abstract
Since the end of August 2021, Proofpoint researchers observed multiple high-volume campaigns leveraging customized, actor-owned landing pages spoofing major German banks like Volksbank and Sparkasse.Proof Point
November 29, 2021
Phishing Attacks Reach 260,000 in Q3 2021 - APWG Report Full Text
Abstract
The month of July witnessed 260,642 phishing attacks, the highest in APWG’s reporting history since 2004. Phishing victimized software-as-a-service and webmail industries the most in Q3 2021.Cyware Alerts - Hacker News
November 28, 2021
The Rise in Banking Scams: Zelle Fraud and Other Threats Full Text
Abstract
A notorious group of hackers has been found targeting customers of banks with phony fraud alerts and stealing thousands of dollars from their bank accounts. The scam first came to light in August.Cyware Alerts - Hacker News
November 26, 2021
TrickBot phishing checks screen resolution to evade researchers Full Text
Abstract
The TrickBot malware operators have been using a new method to check the screen resolution of a victim system to evade detection of security software and analysis by researchers.BleepingComputer
November 25, 2021
New Twists on Gift-Card Scams Flourish on Black Friday Full Text
Abstract
Fake merchandise and crypto jacking are among the new ways cybercriminals will try to defraud people flocking online for Black Friday and Cyber Monday.Threatpost
November 22, 2021
Online Holiday Scams are Upon Us Full Text
Abstract
Scammers are setting up fake online shops that impersonate legitimate ones. The perpetrators ensure that these stores are easy to find while looking for the original ones.Cyware Alerts - Hacker News
November 22, 2021
Beware of Customer Complaint Email Scam Full Text
Abstract
Sophos found that fake corporate complaints are surging and using targeted attacks to deploy malware. The emails come in the form of complaints from your boss or colleagues and use fear-inducing verbiage.Cyware Alerts - Hacker News
November 19, 2021
Fake TSA PreCheck sites scam US travelers with fake renewals Full Text
Abstract
There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return.BleepingComputer
November 19, 2021
Scammers Leverage Fake SS7 Exploits to Boost Their Revenue Full Text
Abstract
Analysts at SOS Intelligence found several underground forums offering fake exploits for SS7 vulnerabilities. During the investigation, the researchers uncovered 84 unique onion domains claiming to offer the fake exploit tool.Cyware Alerts - Hacker News
November 18, 2021
Ransomware Phishing Emails Sneak Through SEGs Full Text
Abstract
The MICROP ransomware spreads via Google Drive and locally stored passwords.Threatpost
November 18, 2021
3 Top Tools for Defending Against Phishing Attacks Full Text
Abstract
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it.Threatpost
November 18, 2021
Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials Full Text
Abstract
Threat actors are targeting Middle-East-based employees of major corporations in a scam that uses a specific ‘ephemeral’ aspect of the project-management tool to link to SharePoint phishing pages.Threatpost
November 18, 2021
Glitch service abused to host short-lived phishing sites Full Text
Abstract
Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns.BleepingComputer
November 18, 2021
Phishing campaign targets Tiktok influencer accounts Full Text
Abstract
Threat actors have launched a phishing campaign targeting more than 125 TikTok ‘Influencer’ accounts in an attempt to hijack them. Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok ‘Influencer’...Security Affairs
November 17, 2021
Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts Full Text
Abstract
Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out.Threatpost
November 17, 2021
TikTok phishing threatens to delete influencers’ accounts Full Text
Abstract
Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers' managers.BleepingComputer
November 16, 2021
Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild Full Text
Abstract
No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a new study undertaken by a group of researchers from Stony Brook University and Palo Alto Networks, who have demonstrated a new fingerprinting technique that makes it possible to identify MitM phishing kits in the wild by leveraging their intrinsic network-level properties, effectively automating the discovery and analysis of phishing websites. Dubbed " PHOCA " — named after the Latin word for "seals" — the tool not only facilitates the discovery of previously unseen MitM phishing toolkits, but also be used to detect and isolate malicious requests coming from such servers. Phishing toolkits aim to automate and streamline the work required by attackers to conductThe Hacker News
November 8, 2021
Spam and Phishing Trends - Q3 2021 Edition Full Text
Abstract
Attackers attempted to cash in on anniversaries of brands, such as IKEA, Tesco, and Amazon, by creating fake sites related to the brands and holding prize draws or surveys.Cyware Alerts - Hacker News
November 7, 2021
Experts spotted a phishing campaign impersonating security firm Proofpoint Full Text
Abstract
Threat actors are impersonating cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials. Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft...Security Affairs
November 04, 2021
Phishing emails deliver spooky zombie-themed MirCop ransomware Full Text
Abstract
A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.BleepingComputer
November 03, 2021
Beware: Free Discord Nitro phishing targets Steam gamers Full Text
Abstract
A new Steam phishing promoted via Discord messages promises a free Nitro subscription if a user links their Steam account, which the hackers then use to steal game items or promote other scams.BleepingComputer
November 1, 2021
Office 365 Phishing Campaign Abuses Stolen Amazon SES Token Full Text
Abstract
Stolen access token leveraged in phishing campaign that spoofs brand name email addresses.Threatpost
October 27, 2021
Teen Rakes in $2.74M Worth of Bitcoin in Phishing Scam Full Text
Abstract
The kid was busted after abusing Google Ads to lure users to his fake gift card site.Threatpost
October 27, 2021
Watch out for the Steam skin “free knife” scam Full Text
Abstract
It’s a tactic designed to scam people in the fastest way imaginable. The scammer makes a minimal effort, they send a message to potential victims on Steam or on services such as Discord.Malwarebytes Labs
October 26, 2021
Over 10 Million Android Users Targeted With Premium SMS Scam Apps Full Text
Abstract
A global fraud campaign has been found leveraging 151 malicious Android apps with 10.5 million downloads to rope users into premium subscription services without their consent and knowledge. The premium SMS scam campaign — dubbed " UltimaSMS " — is believed to commenced in May 2021 and involved apps that cover a wide range of categories, including keyboards, QR code scanners, video and photo editors, spam call blockers, camera filters, and games, with most of the fraudulent apps downloaded by users in Egypt, Saudi Arabia, Pakistan, the U.A.E., Turkey, Oman, Qatar, Kuwait, the U.S., and Poland. Although a significant chunk of the apps in question has since been removed from the Google Play Store, 82 apps continued to remain available in the online marketplace as of October 19, 2021. It all starts with the apps prompting users to enter their phone numbers and email addresses to gain access to the advertised features, only to subscribe the victims to premium SMS servicThe Hacker News
October 24, 2021
Microsoft Most Imitated Brand for Phishing Attacks: Report Full Text
Abstract
Microsoft topped the list as 29% of all brand phishing attempts were related to the Redmond-based technology giant. Other impersonated brands include Amazon (13%), DHL (9%), and Bestbuy (8%).Cyware Alerts - Hacker News
October 24, 2021
TodayZoo phishing kit borrows the code from other kits Full Text
Abstract
Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential...Security Affairs
October 23, 2021
Microsoft Warns of TodayZoo Phishing Kit Used in Extensive Credential Stealing Attacks Full Text
Abstract
Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in December 2020, dubbed the copy-and-paste attack infrastructure " TodayZoo ." "The abundance of phishing kits and other tools available for sale or rent makes it easy for a lone wolf attacker to pick and choose the best features from these kits," the researchers said. "They put these functionalities together in a customized kit and try to reap the benefits all to themselves. Such is the case of TodayZoo." Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages thatThe Hacker News
October 22, 2021
This monster of a phishing campaign is after your passwords Full Text
Abstract
Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses the ZooToday phishing kit built using pieces of code copied from other hackers' work.ZDNet
October 20, 2021
Employees Make Best Frontline Phishing Defense Full Text
Abstract
October is Cybersecurity Awareness Month. Make empowering workers to detect and thwart inbox attacks a priority with Trend Micro Phish Insight.Threatpost
October 14, 2021
DocuSign phishing campaign targets low-ranking employees Full Text
Abstract
Phishing actors are following a new trend of targeting non-executive employees but who still have access to valuable areas within an organization.BleepingComputer
October 14, 2021
“Free Steam game” scams on TikTok are Among Us Full Text
Abstract
The scammers are claiming to offer up free versions of the incredibly popular Among Us game. However, they also claim to have special hacked versions up for grabs that allow players to cheat.Malwarebytes Labs
October 13, 2021
Crooks use math symbols to evade anti-phishing solutions Full Text
Abstract
Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages...Security Affairs
October 11, 2021
Verizon Phishing Scam Targets Customers Through a Text Message Full Text
Abstract
Cybercriminals behind this scam ask subscribers to provide their personal information. If they for this trap, their security number, bank account number, and other information could be hacked.Tech Times
October 08, 2021
Intuit warns QuickBooks customers of ongoing phishing attacks Full Text
Abstract
Intuit has warned QuickBooks customers that they are targeted by an ongoing phishing campaign impersonating the company and trying to lure potential victims with fake renewal charges.BleepingComputer
October 6, 2021
Chase Bank Heavily Targeted Via XBALTI Phishing Kit Full Text
Abstract
During the three months from mid-May to mid-August 2021, Cyren researchers detected a 300% increase in phishing URLs and kits within their own telemetry targeting Chase Bank.Security Week
October 1, 2021
Weaponizing Apple AirTag to lure users to malicious sites Full Text
Abstract
Threat actors could exploit a stored cross-site scripting (XSS) vulnerability in Apple AirTag product to lure users to malicious websites. Security researcher Bobby Rauch discovered a stored cross-site scripting (XSS) vulnerability in the Apple AirTag...Security Affairs
September 29, 2021
Apple AirTag can be Abused to Redirect People to iCloud Phishing Pages Full Text
Abstract
Anyone who finds the AirTag and scans it with an Apple or Android phone will immediately see a unique Apple URL with the owner’s message. This feature can be abused to redirect to a phishing page.Krebs on Security
September 27, 2021
Fake ‘BT’ caller steals from elderly victims in app scam Full Text
Abstract
The fraud incident happened last Thursday (23 September), prompting West Mercia Police to issue a bulletin warning people to be on their guard against suspicious phone calls.The Register
September 26, 2021
Credential Phishing Campaign Targets Governments in APAC and EMEA Full Text
Abstract
Hackers were found disguising as various ministries in a phishing scheme targeting the government departments of at least seven countries in APAC and EMEA. To date, at least 15 pages are actively targeting the governments of Belarus, Georgia, Kyrgyzstan, Pakistan, Turkmenistan, Ukraine, and Uzbeki ... Read MoreCyware Alerts - Hacker News
September 23, 2021
BulletProofLink, a large-scale phishing-as-a-service active since 2018 Full Text
Abstract
Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. Microsoft researchers have uncovered a large-scale phishing-as-a-service (PHaaS) operation,...Security Affairs
September 23, 2021
Phishing-as-a-Service is Here - Phishing Gets Easier Full Text
Abstract
Microsoft discovered a Phishing-as-a-Service (PhaaS) operation that is responsible for quite a few phishing attacks against corporations. The PhaaS model makes it easier to conduct phishing attacks.Cyware Alerts - Hacker News
September 22, 2021
Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation Full Text
Abstract
Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that's involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. "With over 100 available phishing templates that mimic known brands and services, the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today," Microsoft 365 Defender Threat Intelligence Team said in a Tuesday report. "BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators." The tech giant said it uncovered the operation during its investigation of a credential phishingThe Hacker News
September 22, 2021
Phishing-as-a-service operation uses double theft to boost profits Full Text
Abstract
Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately.BleepingComputer
September 21, 2021
Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It? Full Text
Abstract
Nick Kael, CTO at Ericom, discusses how phishing is gaining sophistication and what it means for businesses.Threatpost
September 19, 2021
New “Elon Musk Club” crypto giveaway scam promoted via email Full Text
Abstract
A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks.BleepingComputer
September 15, 2021
Attackers Impersonate DoT in Two-Day Phishing Scam Full Text
Abstract
Threat actors dangled the lure of receiving funds from the $1 trillion infrastructure bill and created new domains mimicking the real federal site.Threatpost
September 15, 2021
Travel Themed Phishing URLs Set to Prey on Eager Travelers Full Text
Abstract
Although the pandemic is not over, as the world opens up borders and the vaccines slow down the spread of the virus, people who have been cooped up at home are eager to travel.Palo Alto Networks
September 14, 2021
SSID Stripping: New Method for Tricking Users Into Connecting to Rogue APs Full Text
Abstract
A team of researchers has identified what appears to be a new method that malicious actors could use to trick users into connecting to their wireless access points (APs).Security Week
September 9, 2021
Phishing attacks: One in three suspect emails reported by employees really are malicious Full Text
Abstract
According to a new report, about a third of emails reported by employees really are malicious or highly suspect, demonstrating the effectiveness of the well-established maxim "Think before you click".ZDNet
September 8, 2021
Machine learning technique detects phishing sites based on markup visualization Full Text
Abstract
The technique uses “binary visualization” libraries to transform the markup and code of web pages into images. Using this method, they created a dataset of legitimate and phishing images of websites.The Daily Swig
September 7, 2021
We Could Start Seeing Some Hurricane Ida-related Investment Scams Full Text
Abstract
People should be wary to ask anyone approaching them with an investment opportunity if they’re licensed and if their investment is registered with the SEC or with a state.Heimdal Security
September 4, 2021
SEC warns of investment scams related to Hurricane Ida Full Text
Abstract
The US Securities and Exchange Commission warns investors of potential investment scams that leverages Hurricane Ida as a bait. The US Securities and Exchange Commission (SEC)'s Office of Investor Education and Advocacy is warning investors of potential...Security Affairs
August 30, 2021
Various Online Scams are Gaining Traction in the Crypto and Financial Space Full Text
Abstract
OpenSea was targeted by an aggressive phishing attack. The attackers hid in the crypto platform’s Discord server and impersonated legit OpenSea employees to steal NFTs and cryptocurrency.Cyware Alerts - Hacker News
August 26, 2021
Kanye’s upcoming album is a scam magnet, Kaspersky finds Full Text
Abstract
In the case of Kanye's latest release, Kaspersky found fake downloads linking to scam websites just like those found in the days immediately preceding the release of "Black Widow."Tech Republic
August 26, 2021
DeFi scams go from zero to $129 million in a year to become top financial hack Full Text
Abstract
Atlas VPN analyzed financial hacks over the last two-and-a-half years and found that DeFi hacks represent 76% of all major hacks for the first half of 2021 as compared to 25% of the total in 2020.Tech Republic
August 25, 2021
New Hampshire town loses $2.3 million to overseas scammers Full Text
Abstract
Peterborough, a small New Hampshire town, has lost $2.3 million after BEC scammers redirected several bank transfers using forged documents sent to the town's Finance Department staff in multiple email exchanges.BleepingComputer
August 23, 2021
Phishing campaign uses UPS.com XSS vuln to distribute malware Full Text
Abstract
A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents.BleepingComputer
August 23, 2021
US military personnel defrauded into losing $822m through scams Full Text
Abstract
The researchers examined data compiled by the US FTC. They discovered that $484.4 million was lost by military families and reservists, followed by veterans and retirees whose financial damages account for 35% of all losses ($290.1 million).Hackread
August 21, 2021
Google Docs Scams Still Pose a Threat Full Text
Abstract
In research presented at the Defcon security conference this month, a researcher found workarounds that attackers could potentially use to get past Google's enhanced Workspace protections.Wired
August 19, 2021
Researchers nab wannabe ransomware scammer trying to convince victims to help hack their employer Full Text
Abstract
The incident, which occurred in mid-August, marks another tactical swerve in the ever-shifting world of ransomware techniques and at least three companies have fallen victim to it.Cyberscoop
August 12, 2021
QR Code Scammers Get Creative with Bitcoin ATMs Full Text
Abstract
Threat actors are targeting everyone from job hunters to Bitcoin traders to college students wanting a break on their student loans, by exploiting the popular technology’s trust relationship with users.Threatpost
August 12, 2021
Microsoft: Evasive Office 365 phishing campaign active since July 2020 Full Text
Abstract
Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020.BleepingComputer
August 12, 2021
Malicious Actors Employ Impersonation Scams to Infect Users with Flubot Malware Full Text
Abstract
Malicious hackers are impersonating delivery services and sending phishing text messages to Britons to trick them into downloading Flubot malware, according to UK mobile network Three.Cyber News
August 12, 2021
If a QR code leads you to a Bitcoin ATM at a gas station, it’s a scam Full Text
Abstract
Whether by QR code and bogus website or plain old unsolicited telephone call, the outcome is typically the same. Monthly fees going out of the victim’s bank account until they notice something amiss.Malwarebytes Labs
August 11, 2021
Online Scammers Impersonate the Australian Taxation Office for Tax Season Full Text
Abstract
With the government sending out tax communications, stimulus checks and more in the wake of COVID-19, scammers are taking advantage of the fact that an email from the ATO would not seem out of place.Cofense
August 4, 2021
A Unique Paypal Credential Phishing Scam Full Text
Abstract
The threat actor sends an email, which does not raise any suspicions, with the subject line stating to initiate a live chat regarding a service notice related to the target’s PayPal account.Cyware Alerts - Hacker News
August 4, 2021
Office 365: Phishing Variant Bypasses Microsoft’s Own Secure Email Gateway Full Text
Abstract
The body of the email explains that Microsoft service has expired; in this case, it's their “Business Basic package.” The threat actor ensured their campaign looked similar to Microsoft-themed emails.Cofense
August 4, 2021
Phishing Campaign Dangles SharePoint File-Shares Full Text
Abstract
Attackers spoof sender addresses to appear legitimate in a crafty campaign that can slip past numerous detections, Microsoft researchers have discovered.Threatpost
August 2, 2021
This new phishing attack is ‘sneakier than usual’, Microsoft warns Full Text
Abstract
Microsoft's Security Intelligence team has issued an alert to Office 365 users and admins to be on the lookout for a "crafty" phishing email with spoofed sender addresses.ZDNet
August 2, 2021
New WeTransfer phishing attack spoofs file-sharing to steal credential Full Text
Abstract
The phishing email appears to be sent by WeTransfer as it bears the sender name Wetransfer and has the title View Files Sent Via WeTransfer. The similarity is enough to come across as a genuine email.Hackread
July 31, 2021
New PayPal Credential Phishing Scam Conducted Via Live Chat Service Full Text
Abstract
As credential phishing is usually conducted via a simple URL link, it is easy to overlook some subtle or exaggerated tactics that threat actors have been using to steal credentials from unsuspecting victims.Heimdal Security
July 30, 2021
BazaCall: Phony call centers lead to exfiltration and ransomware Full Text
Abstract
If a target recipient does decide to call the phone number indicated in the email, they will speak with a real person from a fraudulent call center set up by BazaCall’s operators.Microsoft
July 29, 2021
Phony Call Centers Tricking Users Into Installing Ransomware and Data-Stealers Full Text
Abstract
An ongoing malicious campaign that employs phony call centers has been found to trick victims into downloading malware capable of data exfiltration as well as deploying ransomware on infected systems. The attacks — dubbed "BazaCall" — eschew traditional social engineering techniques that rely on rogue URLs and malware-laced documents in favor of a vishing-like method wherein targeted users are sent email messages informing them of a forthcoming subscription charge unless they call a specific phone number. By tricking the recipients into calling the number, the unsuspecting victims are connected with an actual human operator at a fraudulent call center, who then provide them with instructions to download the BazaLoader malware. BazaLoader (aka BazarBackdoor) is a C++-based downloader with the ability to install various types of malicious programs on infected computers, including deploying ransomware and other malware to steal sensitive data from victimized systems. FirstThe Hacker News
July 22, 2021
Phish Swims Past Email Security With Milanote Pages Full Text
Abstract
The “Evernote for creatives” is anchoring a rapidly spiking phishing campaign, evading SEGs with ease.Threatpost
July 21, 2021
Current State of Consent Phishing Emails Full Text
Abstract
Microsoft threat researchers are tracking an increased rise in consent phishing attacks that exploit OAuth request links. The threat actors are attempting to lure targets into providing permission to attacker-owned apps and eventually, sensitive information.Cyware Alerts - Hacker News
July 21, 2021
Beware, crypto-scammer seeks foreigner with blockchain account Full Text
Abstract
Researchers at Malwarebytes observed a 419-style scam (also known as an advance fee scam) which claims to deliver on the promise of cryptocurrency riches over a WhatsApp conversation.Malwarebytes Labs
July 19, 2021
Microsoft takes down domains used to scam Office 365 users Full Text
Abstract
Microsoft's Digital Crimes Unit (DCU) has seized 17 malicious domains used by scammers in a business email compromise (BEC) campaign targeting the company's customers.BleepingComputer
July 17, 2021
New LinkedIn phishing campaign found using Google Forms Full Text
Abstract
The new LinkedIn phishing email prompts users to verify their LinkedIn accounts with the subject line including the potential victim’s name as well to make it look more authentic.Hackread
July 15, 2021
Microsoft details the rise in consent phishing emails and potential mitigations Full Text
Abstract
Microsoft has tracked an increase in consent phishing emails that abuse OAuth request links in an attempt to trick recipients into granting attacker-owned apps permissions to access sensitive data.Microsoft
July 09, 2021
Kaseya warns of phishing campaign pushing fake security updates Full Text
Abstract
Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates.BleepingComputer
July 8, 2021
‘How can I help you today?’ Scammers dupe online support agents through live chat platforms Full Text
Abstract
The scheme is yet another recent example of phishing campaigns leveraging communication mediums outside of email to catch prospective victims off-guard. And it works in part because website operators that use chat features are not always diligently scanning uploaded files for malware.SCMagazine
July 7, 2021
Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing Full Text
Abstract
The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data.Threatpost
July 7, 2021
Over 170 Scam Cryptomining Apps Charge for Non-Existent Services Full Text
Abstract
Lookout claims users have lost over $350,000 to mobile fraudInfosecurity Magazine
July 2, 2021
Phishing attack targets DocuSign and SharePoint users Full Text
Abstract
Researchers said most of the emails use COVID-19 as a way to dupe users into clicking on a bogus document. For example, the email will ask the user to review a “Covid 19 relief fund as approved by the board of directors.”SCMagazine
June 29, 2021
Parcel delivery scammers targeting people with personalised messages Full Text
Abstract
A recent parcel delivery scam has adopted new tricks with scammers sending out personalized messages to the targeted victims to defraud them of up to thousands of dollars.Times of Malta
June 29, 2021
Spear Phishing Campaign with New Techniques Takes Aim at Aviation Companies Full Text
Abstract
In this campaign, a malicious link that distributes an AsyncRAT payload is sent to aviation companies with a well-crafted message. AsyncRAT is used to steal credentials and other sensitive data.Fortinet
June 26, 2021
.WIM Files Attachment Is Being Used in Phishing Attacks Full Text
Abstract
The researchers at Trustwave have disclosed in a recent report that threat actors are starting to utilize WIM (Windows Imaging Format) attachments in order to distribute the Agent Tesla remote access trojan.Heimdal Security
June 25, 2021
Phishing Campaign Exploits Housing Boom Full Text
Abstract
The phishing emails in this campaign purportedly contain a link to home purchase closing documents from First American, a company whose services include real estate title and settlement.Cofense
June 24, 2021
US brokerage firms warned of ‘FINRA Support’ phishing attacks Full Text
Abstract
US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support.'BleepingComputer
June 24, 2021
Hybrid phishing and vishing attacks imitate business workflows Full Text
Abstract
Vishing attacks have grown in numbers since COVID-19 forced employees home, often replicating the frequency emails sent from businesses and employers related to password resets, security alerts, locked accounts, order confirmations and invoices.SCMagazine
June 24, 2021
Phishing attack’s unusual file attachment is a double-edged sword Full Text
Abstract
A threat actor uses an unusual attachment to bypass security software that is a double-edged sword that may work against them.BleepingComputer
June 23, 2021
Phishing Campaign Bypasses SEG to Target Office365 Users Full Text
Abstract
A new phishing campaign that counterfeits an Outlook Security update email is luring employees to open a New Policy PDF to harvest their Office 365 credentials. There is a dire need for a continuously evolving security strategy which also highlights the importance of having multiple layers of secur ... Read MoreCyware Alerts - Hacker News
June 22, 2021
It’s Not Safe: “Security Update” Goes Phishing via PDF Full Text
Abstract
Cofense has observed an Office 365 credential phishing campaign, masquerading as an Outlook Security update email from the IT Security department to lure employees to open a “New Policy” PDF.Cofense
June 21, 2021
Agent Tesla RAT Returns in COVID-19 Vax Phish Full Text
Abstract
An unsophisticated campaign shows that the pandemic still has long legs when it comes to being social-engineering bait.Threatpost
June 21, 2021
Amazon Prime Day - Beware of Phishing Deluge, Experts Warn Full Text
Abstract
Shoppers urged not to click on links in unsolicited emails and textsInfosecurity Magazine
June 18, 2021
Scammers Using Tampered Ledger Devices to Steal Cryptocurrency Full Text
Abstract
Users and security experts have uncovered a scam involving the delivery of fake replacement Ledger devices to customers to steal cryptocurrency. Customers using Ledger devices are recommended to beware of any unwanted email, package, or text.Cyware Alerts - Hacker News
June 18, 2021
Novel Phishing Attack Abuses Google Drive and Docs Full Text
Abstract
Simple technique bypasses static link scanning, researchers warnInfosecurity Magazine
June 17, 2021
Attackers create phishing lures with standard tools in Google Docs to steal credentials Full Text
Abstract
Researchers on Thursday reported that hackers are using standard tools within Google Docs/Drive to lead unsuspecting victims to fraudulent websites, stealing credentials in the process. In a blog post, Avanan said hackers are bypassing static link scanners by hosting their attacks on publicly-known services. Gil Friedrich, co-founder and CEO of Avanan, said his team has…SCMagazine
June 17, 2021
Threat Actors Use Google Docs to Host Phishing Attacks Full Text
Abstract
Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.Threatpost
June 16, 2021
Scammers mail fake Ledger devices to steal your cryptocurrency Full Text
Abstract
Scammers are sending fake replacement devices to Ledger customers exposed in a recent data breach that are used to steal cryptocurrency wallets.BleepingComputer
June 15, 2021
Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign Full Text
Abstract
Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations.Threatpost
June 15, 2021
Google Workspace adds new phishing protection, client-side encryption Full Text
Abstract
Google Workspace (formerly G Suite) has been updated with client-side encryption and new Google Drive phishing and malware content protection.BleepingComputer
June 14, 2021
Microsoft experts disrupted a large-scale BEC campaign Full Text
Abstract
Microsoft disrupted a large-scale business email compromise (BEC) campaign that used forwarding rules to access messages related to financial transactions. Microsoft researchers announced to have disrupted the cloud-based infrastructure used by crooks...Security Affairs
June 14, 2021
Microsoft: Scammers bypass Office 365 MFA in BEC attacks Full Text
Abstract
Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise (BEC) campaign.BleepingComputer
June 14, 2021
Global Police Close Record Number of Fake Pharma Sites Full Text
Abstract
Operation also leads to seizure of $9m in counterfeit pills and devicesInfosecurity Magazine
June 10, 2021
Global Scamdemic: Scams Become Number One Online Crime Full Text
Abstract
Threat hunting and adversarial cyber intelligence company Group-IB published a comprehensive analysis of fraud cases on a global scale. Group-IB, a global threat hunting and adversarial cyber intelligence company specializing in the investigation...Security Affairs
June 10, 2021
Scams and Phishing Attacks Witness Explosion Full Text
Abstract
Phishing scams witnessed a staggering 974% spike, the majority of which were aimed at male-sounding names within an organization. Is it time organizations rethink their IT operations and risk-management strategies to effectively manage phishing threats?Cyware Alerts - Hacker News
June 10, 2021
Now you can add cryptojacking, reverse proxy phishing to list of cryptocurrency threats Full Text
Abstract
The most common attack methods dominating the conversation in cybercriminal forums are reverse proxy phishing, cryptojacking, dusting, and clipping, according to a new study from Digital Shadows.ZDNet
June 09, 2021
FBI warns of BEC scammers impersonating construction companies Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned private sector companies of scammers impersonating construction companies in business email compromise (BEC) attacks targeting organizations from multiple US critical infrastructure sectors.BleepingComputer
June 8, 2021
Nearly Two Percent of Top-Grossing Apps on App Store Found Siphoning Off $48 Million From Users Full Text
Abstract
Of the highest 1,000 grossing apps on the App Store, nearly two percent are scams, according to an analysis by The Washington Post. These apps have resulted in $48 million worth of losses for users.Washington Post
June 8, 2021
Online Casino Users Receive Deceptive Emails Saying They Won The Big Prize Full Text
Abstract
In this campaign, the spammers are exploiting affiliate programs to advertise online casinos such as Ducky Luck, Raging Bull Casino, Sports and Casino, using deceptive emails.Heimdal Security
June 7, 2021
Ukrainian Organizations Hit by Massive Russian Spear-Phishing Campaign Full Text
Abstract
The spear-phishing attack campaign took place in early June last week, according to alerts published by the Ukrainian Secret Service, Ukrainian Cyber Police, and CERT Ukraine.The Record
June 7, 2021
Russia behind a massive spear-phishing campaign that hit Ukraine Full Text
Abstract
Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. Three Ukrainian cybersecurity agencies (Ukrainian Secret Service, Ukrainian Cyber Police, and CERT...Security Affairs
June 04, 2021
Phishing uses Colonial Pipeline ransomware lures to infect victims Full Text
Abstract
The recent ransomware attack on Colonial Pipeline inspired a threat actor to create create a new phishing lure to trick victims into downloading malicious files.BleepingComputer
June 4, 2021
Hackers use Colonial pipeline ransomware news for phishing attack Full Text
Abstract
Cyberattackers are now using the notoriety of the Colonial Pipeline ransomware attack to leverage further phishing attacks, according to the findings of a cybersecurity company.ZDNet
June 4, 2021
Team of romance scammers defrauded US victims out of $2.5M since 2016, DOJ says Full Text
Abstract
U.S. prosecutors have charged nine people in connection with a scheme to defraud elderly Americans out of more than $2.5 million by pretending to be friends or romantic partners online.Cyberscoop
June 3, 2021
Email spoofing: how attackers impersonate legitimate senders Full Text
Abstract
SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, so it is fairly easy to spoof the sender’s address.Kaspersky Labs
June 3, 2021
Google PPC Ads Deliver Redline, Taurus, and mini-Redline Infostealers Full Text
Abstract
The PPC ads targeted specific IP ranges in the US and probably some other countries. Non-targeted IPs are redirected to legitimate pages that download the correct applications.Morphisec
June 1, 2021
Nobelium Active Again With New Phishing Campaign Full Text
Abstract
Nobelium is now gaining access to the infrastructure of genuine technology providers and targeting their customers. The Russian gang behind SolarWinds’ supply chain attack, recently infiltrating the accounts of the United States Agency for International Development’s (USAID) on an email market ... Read MoreCyware Alerts - Hacker News
June 1, 2021
$7 Million Digital Advertising Scam: Russian Man Convicted Full Text
Abstract
The gang allegedly referred to its scheme as "Metan" - the Russian word for methane - although it's also been referred to as Methbot by the FBI and prosecutors, and later as Media Methane.Info Risk Today
June 1, 2021
SolarWinds Hackers Used Constant Contact Email Service In Phishing Attack Full Text
Abstract
Nobelium launched this week’s attacks not through the SolarWinds Orion network monitoring tool but by gaining access to the Constant Contact account of the USAID, Microsoft said.CRN
May 31, 2021
Phishing for Credentials: New Tactics as COVID’s Grip Eases Full Text
Abstract
The Cofense Phishing Defense Center (PDC) has observed a phishing campaign that attempts to gather login credentials from employees by acting as the Chief Information Officer (CIO).Cofense
May 31, 2021
COVID-19 – Phishing attacks target employees that come back to the office Full Text
Abstract
Hackers are attempting to exploit the return to the "new normal" after the governments are removing restrictions imposed in response to COVID-19. The number of COVID-19 infections are decreasing in many countries and some governments are reducing...Security Affairs
May 29, 2021
Beware: Walmart phishing attack says your package was not delivered Full Text
Abstract
A Walmart phishing campaign is underway that attempts to steal your personal information and verifies your email for further phishing attacks.BleepingComputer
May 28, 2021
SolarWinds Hackers Go Phishing Full Text
Abstract
Microsoft: Nobelium is targeting governments, NGOs and think tanks with phishing campaignInfosecurity Magazine
May 28, 2021
Microsoft details new sophisticated spear-phishing attacks from NOBELIUM Full Text
Abstract
Microsoft experts uncovered a wide-scale malicious email campaign operated by NOBELIUM, the threat actor behind SolarWinds hack. Microsoft Threat Intelligence Center (MSTIC) has uncovered a wide-scale malicious email campaign conducted by NOBELIUM...Security Affairs
May 27, 2021
Uyghurs targeted by fake human rights emails Full Text
Abstract
Members of the Uyghur Muslim community in China and abroad are being targeted in a surveillance efforts by likely "Chinese-speaking" hackers through the use of fake emails from the United Nations (U.N.) and a human rights group, cybersecurity researchers announced Thursday.The Hill
May 27, 2021
Chinese Phishing Attack Targets High-Profile Uyghurs Full Text
Abstract
Kaspersky and Check Point team up to reveal latest espionage campaignInfosecurity Magazine
May 24, 2021
Ongoing Bitcoin Scams Demonstrate Power of Social Engineering Triggers Full Text
Abstract
On May 17, 2021, the US Federal Trade Commission announced, “Since October 2020, reports have skyrocketed, with nearly 7,000 people reporting losses of more than $80 million on these scams.”Security Week
May 20, 2021
Fraudsters Employ Amazon Voice Phishing Attacks in Fake Order Scams Full Text
Abstract
In case studies published by Armorblox, it highlighted two Amazon vishing attacks intent on stealing customer credit card details -- and how the use of voice messages can bypass existing spam filters.ZDNet
May 20, 2021
Domain Group Discloses Phishing Attack that Targete Site Users Full Text
Abstract
"We have identified a scam that used a phishing attack to gain access to Domain's administrative systems to engage with people who have made rental property enquiries," the company's CEO told ZDNet.ZDNet
May 20, 2021
Royal Mail phish deploys evasion tricks to avoid analysis Full Text
Abstract
When you click the link to visit the fake Royal Mail page, there’s a fair bit of code for detecting potential VM use. It tests for WebGL renders and whether site visitors have a display or not.Malwarebytes Labs
May 19, 2021
Microsoft, Google Clouds Hijacked for Gobs of Phishing Full Text
Abstract
Attackers sent 52M malicious messages leveraging the likes of Office 365, Azure, OneDrive, SharePoint, G-Suite and Firebase storage in Q1 2021.Threatpost
May 19, 2021
Scammers Impersonating Windows Defender to Push Malicious Windows Apps | McAfee Blogs Full Text
Abstract
Cybercriminals are increasingly using Windows Push Notifications to impersonate legitimate alerts. Recent campaigns pose as a Windows Defender Update to target user and system information.McAfee
May 19, 2021
Payment App Scammers: Stay Aware and Learn to Avoid Them Full Text
Abstract
While it is convenient and becoming more popular to use virtual wallets like Venmo, PayPal, and Cash App, there is a risk of potentially being scammed by someone who isn't who they say they are.Binary Defense
May 18, 2021
Scammers Pose as Meal-Kit Services to Steal Customer Data Full Text
Abstract
Attackers are sending messages disguised as offers from meal-kit services, like HelloFresh.Threatpost
May 18, 2021
FBI receives record level of complaints for online scams, investment fraud Full Text
Abstract
The FBI says that complaints concerning online scams and investment fraud have now reached a record-breaking level. The FBI's IC3 received its six millionth complaint on May 15, 2021.ZDNet
May 18, 2021
Consumers Warned About Surge in Meal Kit Delivery Scams Full Text
Abstract
Fraudsters are increasingly impersonating meal kit delivery companies like GoustoInfosecurity Magazine
May 18, 2021
Families of Missing Persons Receive Fake Ransom Demands Full Text
Abstract
FBI warns that extortion scams are increasingInfosecurity Magazine
May 18, 2021
Threat Actors Target South Korean and Aussie Users with Malicious Emails Disguised as Accounting Ledgers Full Text
Abstract
Out of this, 98.34 percent of the attacks appear to have originated from IP addresses in Bangladesh, with 76.08% of targeted users in South Korea, 17% in Australia, and 1% in the US.Bitdefender
May 17, 2021
FBI spots spear-phishing posing as Truist Bank bank to deliver malware Full Text
Abstract
Threat actors impersonated Truist, the sixth-largest U.S. bank holding company, in a spear-phishing campaign attempting to infect recipients with what looks like remote access trojan (RAT) malware.BleepingComputer
May 17, 2021
FBI warns of scammers targeting families of missing persons Full Text
Abstract
The Federal Bureau of Investigation (FBI) warned that scammers actively target the vulnerable families of missing persons attempting to extort them using information shared on social media.BleepingComputer
May 15, 2021
Fake Chrome App Goes Viral with Smishing Full Text
Abstract
A new Android malware has surfaced that fakes the Google Chrome app. Attackers used it as part of a sophisticated hybrid cyberattack campaign that also uses mobile phishing to steal credentials.Cyware Alerts - Hacker News
May 12, 2021
167 counterfeit apps used for financial scams against Android and iOS users Full Text
Abstract
Researchers found 167 counterfeit Android and iOS apps that attackers used to steal money from victims who believed they installed a financial trading, banking or cryptocurrency app from a trusted provider.SCMagazine
May 12, 2021
FBI Warns of Cybercriminals Abusing Search Advertisements to Promote Phishing Sites Full Text
Abstract
The FBI says that cybercrime gangs are using search results and search engine ads to lure victims on phishing sites for financial institutions in order to collect their login credentials.The Record
May 12, 2021
Trust Wallet, MetaMask crypto wallets targeted by new support scam Full Text
Abstract
Trust Wallet and MetaMask wallet users are being targeted in ongoing and aggressive Twitter phishing attacks to steal cryptocurrency funds.BleepingComputer
May 11, 2021
Zix tricks: Phishing campaign creates false illusion that emails are safe Full Text
Abstract
The malicious scheme hides behind multiple layers of redirect links in order to confuse security systems.SCMagazine
May 10, 2021
Staff Bonus was “Crass” Phishing Simulation Full Text
Abstract
"Thank you" email offering bonus to train company employees was a cybersecurity testInfosecurity Magazine
May 10, 2021
Global BEC Campaign Victimizes Over 120 Organizations via Gift Card Scams Full Text
Abstract
In this campaign, attackers targeted a variety of companies in the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.Microsoft
May 10, 2021
Scammers Score $2 Million from WallStreetBets Forum Users Full Text
Abstract
A cryptocurrency scam recently pilfered at least $2 million from WallStreetBets enthusiasts, convincing them that they were buying into a new crypto coin connected to the popular memestock.Gizmodo
May 08, 2021
Twitter scammers impersonate SNL in Elon Musk cryptocurrency scams Full Text
Abstract
Twitter scammers are jumping on Elon Musk's hosting of Saturday Night Live to push cryptocurrency scams to steal people's Bitcoin, Ethereum, and Dogecoin.BleepingComputer
May 8, 2021
Microsoft warns of a large-scale BEC campaign to make gift card scam Full Text
Abstract
Microsoft is warning of a large-scale BEC campaign that targeted hundreds of organizations leveraging typo-squatted domains registered days before the attacks. Business email compromise (BEC) attacks represent a serious threat for organizations worldwide,...Security Affairs
May 7, 2021
Three Marylanders Indicted Over BEC Scam Full Text
Abstract
Defendants charged in connection with dating and BEC scams that netted over $2.3mInfosecurity Magazine
May 7, 2021
Amazon Fake Reviews Scam Exposed in Data Breach Full Text
Abstract
In total, 13,124,962 of records (or 7GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities like giving fake product reviews on Amazon.Safety Detectives
May 6, 2021
Financial sector saw a 125% increase in mobile phishing attacks during 2020 Full Text
Abstract
Average quarterly exposure to phishing attacks on mobile devices in the financial sector rose by 125% – and malware and app risk exposure increased by more than five times.SCMagazine
May 6, 2021
Financial Services Experience 125% Rise in Exposure to Mobile Phishing Full Text
Abstract
Cyber-criminals have ramped up their targeting of phones, tablets, and ChromebooksInfosecurity Magazine
May 5, 2021
BazarBackdoor phishing campaign eschews links and files to avoid raising red flags Full Text
Abstract
SEGs and sandbox rules are designed to spot them, and employees are trained to distrust them, so attackers are taking an alternate approach.SCMagazine
May 5, 2021
Feds Shut Down Fake COVID-19 Vaccine Phishing Website Full Text
Abstract
‘Freevaccinecovax.org’ claimed to be that of a biotech company but instead was stealing info from visitors to use for nefarious purposes.Threatpost
May 5, 2021
Global Phishing Campaign Drops New Malware Trio Full Text
Abstract
Mandiant warns financial crime group will be backInfosecurity Magazine
May 4, 2021
Bait Boost: Phishers Delivering Increasingly Convincing Lures Full Text
Abstract
An intense hunt for corporate account credentials will continue into next quarter, researchers predict.Threatpost
May 04, 2021
U.S. Agency for Global Media data breach caused by a phishing attack Full Text
Abstract
The U.S. Agency for Global Media (USAGM) has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries.BleepingComputer
May 4, 2021
Global Phishing Attacks Spawn Three New Malware Strains Full Text
Abstract
The never-seen malware strains have "professionally coded sophistication" and were launched by a well-resourced APT using nearly 50 domains, one hijacked.Threatpost
May 4, 2021
Fake Vaccine Domain Seized Full Text
Abstract
Maryland US Attorney’s Office seizes domain name used in fake COVID-19 vaccine scamInfosecurity Magazine
May 4, 2021
Spearphishing Attack Uses COVID-21 Lure to Target Ukrainian Government Full Text
Abstract
FortiGuard Labs has discovered yet another COVID-themed lure designed to compel unsuspecting victims to click on what appears to be an innocuous link that leads to a malicious zip file attachment.Fortinet
May 04, 2021
Worldwide phishing attacks deliver three new malware strains Full Text
Abstract
A global-scale phishing campaign targeted worldwide organizations across a large array of industries with never-before-seen malware strains delivered via specially-tailored lures.BleepingComputer
May 3, 2021
Magecart scammers aim at restaurants’ online delivery systems Full Text
Abstract
The last six months have seen security breaches of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29.Cyberscoop
May 3, 2021
DarkPath scam group loses 134 domains impersonating the WHO Full Text
Abstract
United Nations security experts and security firm Group-IB said they worked together to take down 134 websites operated by a cybercrime group known as DarkPath and tricking users via a fake survey.The Record
April 30, 2021
Your stolen ParkMobile data is now free for wannabe scammers Full Text
Abstract
The account information for almost 22 million ParkMobile customers is now in the hands of hackers and scammers after the data was released for free on a hacking forum.BleepingComputer
April 30, 2021
Saving World Health Day: UNICC and Group-IB take down scam campaign impersonating the World Health Organization Full Text
Abstract
UNICC and Group-IB detected and took down a massive multistage scam campaign circulating online on April 7, World Health Day. Group-IB, a global threat hunting and adversary-centric cyber intelligence company that specializes in investigating hi-tech...Security Affairs
April 30, 2021
Passwordstate Warns of Ongoing Phishing Attacks Following Data Breach Full Text
Abstract
Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an updated advisory released on Wednesday. "These emails are not sent by Click Studios." Last week, Click Studios said attackers had employed sophisticated techniques to compromise Passwordstate's update mechanism, using it to drop malware on user computers. Only customers who performed In-Place Upgrades between April 20, 8:33 PM UTC, and April 22, 0:30 AM UTC are said to be affected. While Passwordstate serves about 29,000 customers, the Adelaide-based firm maintained that the total number of impacted customers is very low. It's also urging users to refrain from poThe Hacker News
April 29, 2021
Lloyds Bank warning as Britons attacked by another text message scam Full Text
Abstract
The criminals are preying on Britons’ worries about their financial information being compromised, and money stolen. However, ironically, this is exactly what the fraudsters hope to accomplish.Express
April 29, 2021
Bitcoin scammers phish for wallet recovery codes on Twitter Full Text
Abstract
The scam isn’t being spread by just one account, nor is there just one bogus support form. Multiple Twitter profiles lurk in the replies of anyone having a bad cryptocoin experience.Malwarebytes Labs
April 28, 2021
Scammers imitate Windows logo with HTML tables to slip through email gateways Full Text
Abstract
Email security solutions featuring machine learning or computer vision should be able to identify the fake logo and sniff out the attack.SCMagazine
April 28, 2021
Click Studios says stop tweeting: Phishers track breach notification info to craft new lures Full Text
Abstract
Companies are often pilloried in the wake of data breaches for lacking transparency or leaving their users in the dark about potential impact. This incident demonstrates the flip side of that coin, how information or communications from a company following a breach can be weaponized by bad actors.SCMagazine
April 28, 2021
SMS phishing scam lures Rogers customers with outage refunds Full Text
Abstract
Cybercriminals target Rogers customers with a new SMS phishing campaign pretending to be refunds for last week's Canada-wide wireless outage.BleepingComputer
April 28, 2021
Passwordstate hackers phish for more victims with updated malware Full Text
Abstract
Click Studios, the software company behind the Passwordstate enterprise password manager, is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware.BleepingComputer
April 28, 2021
Chase Bank Phish Swims Past Exchange Email Protections Full Text
Abstract
Two phishing attacks elude Exchange security protections and spoof real-life account scenarios in an attempt to fool victims.Threatpost
April 28, 2021
Deep Analysis: FormBook New Variant Delivered in Phishing Campaign – Part III Full Text
Abstract
When FormBook starts in a target process, it loads an ntdll.dll module and then overrides its data with the deployed FormBook malware. This disguises FormBook as an ntdll.dll module when it runs.Fortinet
April 27, 2021
Threat Actors Impersonate Chase Bank Full Text
Abstract
Cyber-criminals launch credential phishing attacks targeting Chase bank customersInfosecurity Magazine
April 27, 2021
Phishing attacks target Chase Bank customers Full Text
Abstract
In a new report released Tuesday, security firm Armorblox revealed two recent phishing campaigns aimed at Chase Bank customers with an objective to steal their account credentials.Tech Republic
April 24, 2021
Twitter alarms users with messages that resembled phishing emails Full Text
Abstract
Twitter sparked panic among users that they were the subjects of a phishing attack in what was instead an accidental mass email. The message sent to some Twitter users went out asking them to confirm their email addresses by clicking on a button.Cyberscoop
April 23, 2021
Phishing impersonates global recruitment firm to push malware Full Text
Abstract
An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers.BleepingComputer
April 23, 2021
Another BitCoin Exchange Scam—This Time “Live” on YouTube Full Text
Abstract
Essentially, this is a typical scam, much like the recent Bitcoin exchange scams seen on Twitter. But this is a first for the YouTube platform. And it also made the claim that it was LIVE.Fortinet
April 23, 2021
Analysis of New FormBook Variant Delivered in Phishing Campaign Full Text
Abstract
FormBook is a malware designed to steal sensitive information from a victim’s device as well as to receive control commands to perform additional malicious tasks on that device.Fortinet
April 22, 2021
FlixOnline Poses as Netflix to Steal WhatsApp Conversations Data Full Text
Abstract
New research unveiled an Android malware, disguised as an app called FlixOnline, that entices users by promising free Netflix subscriptions and spread further by creating auto-replies to messages in WhatsApp.Cyware Alerts - Hacker News
April 22, 2021
Cybercriminals use Telegram Bots and Google Forms for Automated Phishing Full Text
Abstract
Group-IB found that cybercriminals are frequently using legitimate services including Google Forms and Telegram bots to collect stolen data from exploit kits during phishing attacks.Cyware Alerts - Hacker News
April 22, 2021
Costco Issues Scam Warning Full Text
Abstract
Membership-only big-box wholesaler tells Americans to be wary of 14 digital scamsInfosecurity Magazine
April 20, 2021
Critical update: Facebook Messenger users hit by scammers in over 80 states Full Text
Abstract
Researchers from security firm Group-IB have detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB has detected a large-scale scam campaign targeting Facebook Messenger users all over the world. Group-IB Digital...Security Affairs
April 20, 2021
Facebook Messenger Users Targeted by Scammers Across 84 Countries Full Text
Abstract
To facilitate the moderation process in Facebook and bypass its scam filters, scammers used shortened links created with the help of such services as linktr.ee, bit.ly, cutt.us, cutt.ly, and rb.gy.Group-IB
April 20, 2021
Spearphishing Campaign by Russian Espionage Group Gamaredon Infects Ukrainian Officials Full Text
Abstract
Russian hackers have a long history of going after organizations in Ukraine, but the Gamaredon group especially has tunnel vision for the former Soviet republic and its government officials.Cyberscoop
April 19, 2021
Shady scam bots trick Omegle users into nonconsensual video sex recordings Full Text
Abstract
One way for scammers to make their bots more believable is by recording unknowing Omegle users doing things the scammer wants them to do and then using those recordings to target more users.Malwarebytes Labs
April 15, 2021
Celsius email system breach leads to phishing attack on customers Full Text
Abstract
Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack.BleepingComputer
April 15, 2021
Key Characteristics and Geographic Associations of Phishing Emails Full Text
Abstract
An analysis by Barracuda and Columbia University revealed that the majority of phishing emails originate from countries in Eastern Europe, Central America, the Middle East, and Africa.Cyware Alerts - Hacker News
April 13, 2021
Tax Phish Swims Past Google Workspace Email Security Full Text
Abstract
Crooks are looking to harvest email credentials with a savvy campaign that uses the Typeform service to host the phishing page.Threatpost
April 13, 2021
Watch out for this W-2 phishing scam targeting the 2021 tax season Full Text
Abstract
With the United State tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal your login credentials.BleepingComputer
April 13, 2021
New FormBook Variant Delivered in Phishing Campaign Full Text
Abstract
FortiGuard Labs captured a phishing campaign that was sending a Microsoft PowerPoint document as an email attachment to spread the new variant of the infamous FormBook malware.Fortinet
April 12, 2021
Golden Chickens and New Spear-Phishing Campaign Full Text
Abstract
A new spear-phishing campaign has been targeting LinkedIn users with fake job offers in an attempt to attain control over victims’ computers using a sophisticated backdoor trojan called more_eggs.Cyware Alerts - Hacker News
April 9, 2021
The geography and network characteristics of phishing attacks Full Text
Abstract
The country where emails originate and the number of countries they are routed through on the way to their final destination offer important warning signs of phishing attacks.Barracuda
April 9, 2021
Hackers Use Google Forms and Telegram bots to Collect Phished Credentials Full Text
Abstract
Cybercriminals are increasingly using legitimate services such as Google Forms and Telegram to gather user data stolen on phishing websites. Alternative ways...Cyber Security News
April 8, 2021
Digital artists meet scam artists, as criminals pounce on NFT craze Full Text
Abstract
Criminals are standing up fraudulent NFT-themed websites that sell nonexistent items or phish users’ credentials.SCMagazine
April 8, 2021
Stimulus Stimulates Unemployment Scams Full Text
Abstract
Suspicious unemployment-related emails up 50% in US since late FebruaryInfosecurity Magazine
April 08, 2021
Microsoft Office 365 phishing evades detection with HTML Lego pieces Full Text
Abstract
A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely.BleepingComputer
April 08, 2021
Tech support scammers lure victims with fake antivirus billing emails Full Text
Abstract
Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign.BleepingComputer
April 07, 2021
Google Forms and Telegram abused to collect phished credentials Full Text
Abstract
Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots.BleepingComputer
April 7, 2021
Phishing Emails Most Commonly Originate from Eastern Europe Full Text
Abstract
The five countries sending the highest proportion of phishing emails are from Eastern EuropeInfosecurity Magazine
April 7, 2021
Crooks use Telegram bots and Google Forms to automate phishing Full Text
Abstract
Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, has found that cybercriminals...Security Affairs
April 7, 2021
Emerging hacking tool ‘EtterSilent’ mimics DocuSign, researchers find Full Text
Abstract
EtterSilent has been advertised in a Russian cybercrime forum and comes in two versions. One exploits a vulnerability in Microsoft Office, CVE-2017-8570, and one uses a malicious macro.Cyberscoop
April 6, 2021
Array of recent phishing schemes use personalized job lures, voice manipulation Full Text
Abstract
Golden Chickens gang looks to infect targets with backdoor trojan, while MoleRats actors use audio tool to perhaps sound like women in vishing messages.SCMagazine
April 6, 2021
Beware of New “more_eggs” Attack Targets Linkedln Users With Fake Job Offers Full Text
Abstract
Hackers spear-phishing business professionals on LinkedIn with fake job offers and infecting them with malware warns eSentire. eSentire, a...Cyber Security News
April 6, 2021
Healthcare Phishing Incidents Lead to Big Breaches Full Text
Abstract
As healthcare organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise.Gov Info Security
April 6, 2021
How Deliveroo Scared Customers into Believing They Had Been Scammed Full Text
Abstract
Deliveroo’s email has similarities to the scams we see arriving in users’ inboxes every day, purporting to be for expensive orders, that trick unsuspecting recipients to click on links in a panic.Bitdefender
April 6, 2021
Fake LinkedIn job offers scam spreading More_eggs backdoor Full Text
Abstract
Researchers warn that the More_eggs backdoor can also exfiltrate data from a device putting your social media accounts, emails, browsing history, cryptocurrency wallets at risk of being stolen.Hackread
April 6, 2021
LinkedIn Users Targeted by Spear-Phishing Campaign Full Text
Abstract
Golden Chickens group goes gunning for job-seekersInfosecurity Magazine
April 6, 2021
Phishing Trends With PDF Files in 2020: 5 Approaches Attackers Use Full Text
Abstract
To lure users into clicking on embedded links and buttons in phishing PDF files, Unit 42 identified the top five schemes grouped as Fake Captcha, Coupon, Play Button, File Sharing, and E-commerce.Palo Alto Networks
April 5, 2021
LinkedIn Spear-Phishing Campaign Targets Job Hunters Full Text
Abstract
Fake job offers lure professionals into downloading the more_eggs backdoor trojan.Threatpost
April 5, 2021
Charming Kitten and Medical Researchers - A Cat and Mouse Game Full Text
Abstract
This late-2020 spearphishing campaign aimed to steal the credentials of 25 senior medical researchers in oncology, neurology, and genetic research in the U.S. and Israel.Cyware Alerts - Hacker News
April 5, 2021
Browser lockers: Extortion disguised as a fine Full Text
Abstract
It includes imitating the “blue screen of death” (BSOD) in the browser, false warnings about system errors or detected viruses, threats to encrypt files, legal liability notices, and many others.Kaspersky Labs
April 5, 2021
Criminals send out fake “census form” reminder – don’t fall for it! Full Text
Abstract
The server name used in the scam is obviously fake because it doesn’t end in .gov.uk, which is a controlled domain available only to official national, regional and local government bodies in the UK.Sophos
April 2, 2021
Non-Fungible Tokens: Of Course They’re Attracting Scammers Full Text
Abstract
Since digital ownership of Twitter CEO Jack Dorsey's first tweet sold for $2.9 million, security researchers now expect fraudsters to focus more on non-fungible token aficionados.Gov Info Security
April 2, 2021
Robinhood Warns Customers of Tax-Season Phishing Scams Full Text
Abstract
Attackers are impersonating the stock-trading broker using fake websites to steal credentials as well as sending emails with malicious tax files.Threatpost
April 02, 2021
MacKenzie Scott Grant scam more widespread than initially thought Full Text
Abstract
A massive phishing campaign reaching tens of thousands of inboxes impersonated the MacKenzie Bezos-Scott grant foundation promising financial benefits to recipients in exchange of a processing fee.BleepingComputer
April 01, 2021
US DOJ: Phishing attacks use vaccine surveys to steal personal info Full Text
Abstract
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information.BleepingComputer
April 1, 2021
Protecting employees from job offer scams can lead to awkward but important conversations Full Text
Abstract
Employees who are successfully phished with a job offer likely won’t report the incident to their employer, expert says.SCMagazine
April 1, 2021
Over 1,600 Fake Twitter Accounts Being Used to Impersonate Major Indonesian Banks Full Text
Abstract
The scam campaign involving over 1600 fake Twitter accounts, targets over 2 million Indonesian bank customers, which corresponds to the number of legitimate bank Twitter pages’ followers.Security Affairs
March 31, 2021
IRS Warns of Higher Education Phishing Scam Full Text
Abstract
Cyber-attackers impersonate IRS to scam university students and staffInfosecurity Magazine
March 31, 2021
Reality Show Members Charged with Telemarketing Scam Full Text
Abstract
Real Housewives of Salt Lake City stars face money laundering and wire fraud chargesInfosecurity Magazine
March 31, 2021
Scammers steal New Yorkers’ private info for benefits fraud Full Text
Abstract
New York's Department of Financial Services (DFS) warns of an ongoing series of attacks resulting in the theft of personal information belonging to hundreds of thousands of New Yorkers.BleepingComputer
March 30, 2021
Crypto Scams: Past and Future Full Text
Abstract
In 2020, more than 400,000 crypto scams were observed. This was a 40% surge from 2019. The scams that topped the charts include giveaways, fake prizes, and sweepstakes.Cyware Alerts - Hacker News
March 30, 2021
Scammers target universities in ongoing IRS phishing attacks Full Text
Abstract
The Internal Revenue Service (IRS) is warning of ongoing phishing attacks impersonating the IRS and targeting educational institutions.BleepingComputer
March 30, 2021
Australian telcos have blocked over 55 million scam calls since December Full Text
Abstract
Australian Communications Minister Paul Fletcher said on Tuesday that Australian telcos have blocked over 55 million scam calls since the industry got a new scam call code in December.ZDNet
March 30, 2021
Steam users: Don’t fall for the “I accidentally reported you” scam Full Text
Abstract
The fraudsters behind the “I accidentally reported you” Steam scam usually approach their targets under the pretext that they need something, or they have something to say.Malwarebytes Labs
March 29, 2021
The Next Wave of Scams is Bleeding Internet Users Full Text
Abstract
Rampant scams continue to diddle thousands of online users worldwide. L osses from these financially motivated BEC and EAC scams surpassed $1.86 billion in 2020.Cyware Alerts - Hacker News
March 29, 2021
How to Effectively Prevent Email Spoofing Attacks in 2021? Full Text
Abstract
Email spoofing is a growing problem for an organization's security. Spoofing occurs when a hacker sends an email that appears to have been sent from a trusted source/domain. Email spoofing is not a new concept. Defined as "the forgery of an email address header to make the message appear as if it was sent from a person or location other than the actual sender," it has plagued brands for decades. When an email is sent, the From address doesn't show which server the email was actually sent from - instead, it shows the domain that was entered when the address was created so as not to arouse suspicion among recipients. With the amount of data flowing through email servers these days, it should come as no surprise that spoofing is a problem for businesses. At the end of 2020, we found that phishing incidents were up a staggering 220% year-over-year at the height of the global pandemic scare. Since not all spoofing attacks are large-scale, the actual number could be mucThe Hacker News
March 29, 2021
German MPs Hit by Russian-Backed Phishing Attacks Full Text
Abstract
GRU-linked Ghostwriter group pegged for involvementInfosecurity Magazine
March 26, 2021
Phished Healthcare Provider Takes Legal Action Against Amazon Full Text
Abstract
SalusCare turns to the law after Amazon denies request to view storage buckets allegedly housing healthcare provider’s stolen dataInfosecurity Magazine
March 25, 2021
Phishing Campaign Used Fake Office 365 Update Messages Full Text
Abstract
A recent phishing scheme used fake Microsoft Office 365 update messages to target financial executives and others in an effort to harvest their credentials, according to the security firm Area 1.Gov Info Security
March 25, 2021
FBI Warns Scammers Spoofing FBI Office Phone Numbers in Government Impersonation Fraud Full Text
Abstract
The FBI has seen a recent increase in phone calls that spoof the Bureau’s phone number as part of various scams, but most recently in trying to obtain banking data or gift card/wire transfer payments.FBI
March 25, 2021
Brazil leads in phishing attacks Full Text
Abstract
According to the report on phishing by cybersecurity firm Kaspersky, Brazil tops a list of five countries with the highest rate of users targeted for data theft throughout last year.ZDNet
March 24, 2021
9,000 employees targeted in phishing attack against California agency Full Text
Abstract
A California state agency was victimized by a phishing incident last week in which an employee clicked on a link that provided access to the employee’s account for some 24 hours.SCMagazine
March 24, 2021
TrickBot Spreading Actively, Launches Phishing Schemes Full Text
Abstract
The CISA and FBI are warning of ongoing Trickbot attacks that are leveraging a traffic infringement phishing scheme to trick victims into installing the TrickBot malware.Cyware Alerts - Hacker News
March 24, 2021
The human impact of a Royal Mail phishing scam Full Text
Abstract
The scam asks recipients to pay a £2.99 GBP fee, but of course the scammers are after much more. To pay the fee, the victim has to enter their personal details, and credit card details.Malwarebytes Labs
March 24, 2021
Scammers tried slurping folks’ login details through 70,000 coronavirus-themed phishing URLs during 2020 Full Text
Abstract
Cybercriminals exploited the coronavirus pandemic to set up phishing websites that posed as Pfizer, BioNTech and other household-name suppliers of vaccines and PPE, according to Palo Alto Networks.The Register
March 24, 2021
Phish Leads to Breach at Calif. State Controller — Krebs on Security Full Text
Abstract
For more than 24 hours starting on the afternoon of March 18, attackers had access to the email records of an employee in its Unclaimed Property Division after the employee got phished.Krebs on Security
March 23, 2021
Cheap shots: Vaccine phishing scams target employees seeking a return to the office Full Text
Abstract
Use of dynamic algorithms could make these phishing schemes look like they are personalized for the recipient.SCMagazine
March 23, 2021
Microsoft warns of phishing attacks bypassing email gateways Full Text
Abstract
An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).BleepingComputer
March 23, 2021
IRS Scam Emails Ask Tax Preparers for EFIN Information Full Text
Abstract
According to the IRS, the attack began with a scam email. This email claimed to come from ‘IRS Tax E-Filing.’ The subject line reads ‘Verifying your EFIN before e-filing.’Security Intelligence
March 22, 2021
Delhi Police Bust Call Center Scammers Full Text
Abstract
34 arrested for allegedly duping Americans, Canadians, and Brits with tech support scamInfosecurity Magazine
March 22, 2021
Phishers’ perfect targets: Employees getting back to the office Full Text
Abstract
According to Inky, employees who have slowly been returning to work in offices and other company premises can expect cyber crooks to impersonate their colleagues and their company’s leadership.Help Net Security
March 19, 2021
Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departments Full Text
Abstract
A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants, and financial departments across numerous industries.Help Net Security
March 18, 2021
Fraudsters Impersonating Tesco in New Phone Scam, Police Warn Full Text
Abstract
Victims are being tricked into giving away personal details, including banking detailsInfosecurity Magazine
March 17, 2021
SBI, ICICI, HDFC, Axis Bank, PNB and the Indian IT department targeted in phishing scam Full Text
Abstract
The targeted banks in the campaign include the State Bank of India, ICICI, HDFC, Axis Bank and Punjab National Bank, revealed an investigation by CyberPeace Foundation and Autobot Infosec.The Times Of India
March 16, 2021
Royal Mail scam says your parcel is waiting for delivery Full Text
Abstract
This Royal Mail delivery scam begins with a text message out of the blue, claiming that a parcel is waiting for delivery and they are asked to pay the settlement amount to receive it.Malwarebytes Labs
March 15, 2021
Phishing sites now detect virtual machines to bypass detection Full Text
Abstract
Phishing sites are now using JavaScript to evade detection by checking whether a visitor is browsing the site from a virtual machine or headless device.BleepingComputer
March 12, 2021
Scammers promote fake cryptocurrency giveaways via Twitter ads Full Text
Abstract
Threat actors have started to use 'Promoted' tweets, otherwise known as Twitter ads, to spread cryptocurrency giveaway scams.BleepingComputer
March 12, 2021
Cyber Espionage Campaign Targeting the Middle East has Connections with MuddyWater Full Text
Abstract
Researchers recently detected malicious activity targeting organizations in the Middle East and neighboring regions using spearphishing emails to distribute their harmful packages.Cyware Alerts - Hacker News
March 12, 2021
Google reCAPTCHA Abused in Multiple Phishing Campaigns Full Text
Abstract
Senior-level executives in the banking and IT sectors are being targeted for their Office 365 credentials in a phishing campaign that uses a fake Google reCAPTCHA system.Cyware Alerts - Hacker News
March 11, 2021
Phishing Campaign Lurking Behind Fake FINRA Audit Notifications Full Text
Abstract
The U.S. FINRA has warned brokerage firms and brokers against an ongoing phishing campaign impersonating the agency and sending fake compliance audit alerts to pilfer information.Cyware Alerts - Hacker News
March 11, 2021
Attackers Leveraging a Fake Google reCAPTCHA System to Steal Office 365 Credentials Full Text
Abstract
The Zscaler threat research team has recently detected a new series of Microsoft-themed phishing attacks that are generally aimed at senior-level employees...Cyber Security News
March 10, 2021
Scammers Scamming with Increased Spunk Full Text
Abstract
Cryptocurrency scammers have come under the limelight recently as it was found that they made off with at least $145,000 in the span of a week.Cyware Alerts - Hacker News
March 09, 2021
US seizes more domains used in COVID-19 vaccine phishing attacks Full Text
Abstract
The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development.BleepingComputer
March 9, 2021
Emails and Mobile Phones Become Top Phishing Tools Full Text
Abstract
In the case of email-based phishing methods, scammers are taking their game up a notch as they open avenues for targeted attacks, BEC attacks, and ransomware, among other infections.Cyware Alerts - Hacker News
March 9, 2021
Malformed URL Phishing Grabs the Spotlight Full Text
Abstract
First detected in October 2020, the tactic began gaining momentum through the end of the year. Between January and February, the volume of phishing attacks using malformed URL prefixes increased dramatically.Cyware Alerts - Hacker News
March 9, 2021
NCSC: Don’t Fall for Mother’s Day Scams This Week Full Text
Abstract
Security agency urges users to be Cyber AwareInfosecurity Magazine
March 8, 2021
Phishing Attack Uses Fake Google reCAPTCHA Full Text
Abstract
The campaign begins with phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.Info Risk Today
March 5, 2021
US Warns of Fake Unemployment Benefit Websites Full Text
Abstract
New phishing attack spoofs state workforce agency websites to steal PIIInfosecurity Magazine
March 05, 2021
Ongoing phishing attacks target US brokers with fake FINRA audits Full Text
Abstract
The US Financial Industry Regulatory Authority (FINRA) has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information.BleepingComputer
March 5, 2021
BEC scammer infects own device, giving researchers a front-row seat to operations Full Text
Abstract
To carry out the scam, the scammer needed more details on equipment used at an unnamed oil company to make malicious emails to the company’s employees more believable, researchers wrote.Cyberscoop
March 4, 2021
Scammers impersonate execs to target big payout of investor dollars Full Text
Abstract
Current tactics, which seek payouts that are multiple times larger than the average email impersonation scheme, are not terribly sophisticated. But if perfected, the approach could pose a serious threat to the financial investment and privacy equity community.SCMagazine
March 04, 2021
Hacked SendGrid accounts used in phishing attacks to steal logins Full Text
Abstract
A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid.BleepingComputer
March 4, 2021
COVID-19 Vaccine Spear-Phishing Attacks Jump 26 Percent Full Text
Abstract
Cybercriminals are using the COVID-19 vaccine to steal Microsoft credentials, infect systems with malware and bilk victims out of hundreds of dollars.Threatpost
March 03, 2021
BEC scammers are targeting investors for massive payouts Full Text
Abstract
Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average.BleepingComputer
March 03, 2021
US government warns of Social Security scams using fake federal IDs Full Text
Abstract
Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration (SSA) warns.BleepingComputer
March 03, 2021
Cash App phishing kit deployed in the wild, courtesy of 16Shop Full Text
Abstract
The developer of the 16Shop phishing kit has added a new component that targets users of the popular Cash App mobile payment service.BleepingComputer
February 28, 2021
Beware: AOL phishing email states your account will be closed Full Text
Abstract
An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed.BleepingComputer
February 26, 2021
Twitter scammers earned over $145k this week in Bitcoin, Ethereum, Doge Full Text
Abstract
Cryptocurrency scammers have made at least $145,000 this week by promoting fake giveaways through hacked verified Twitter accounts.BleepingComputer
February 25, 2021
It’s Time to Talk More About Crypto Scams Full Text
Abstract
BTS fans are the target of a massive crypto scam on Twitter. For a little more than two weeks, cryptocurrency-related posts started appearing on timelines of BTS fans, also known as ARMY.Cyware Alerts - Hacker News
February 23, 2021
Hackers hit 10,000 mailboxes in phishing attacks on FedEx and DHL Express Full Text
Abstract
The two email attacks employed a broad range of techniques to get past traditional email security filters and pass the “eye tests” of unsuspecting end users.SCMagazine
February 23, 2021
10K Microsoft Email Users Hit in FedEx Phishing Attack Full Text
Abstract
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express – but that really steal their credentials.Threatpost
February 23, 2021
A ‘crypto’ scam is brewing on Twitter, and social media at large Full Text
Abstract
Two weeks ago, a Mumbai-based fan of the Korean pop (K-pop) band BTS realised that she and her connections had been inadvertently following a cryptocurrency account on Twitter.The Times Of India
February 22, 2021
Texas electric company warns of scammers threatening to cut power Full Text
Abstract
Texas electric utility Austin Energy today warned of unknown individuals impersonating the company and threatening customers over the phone that their power will be cut off unless they pay fictitious overdue bills.BleepingComputer
February 19, 2021
Phishing campaign alters prefix in hyperlinks to bypass email defenses Full Text
Abstract
Better integration between email and web security systems could serve as a defense.SCMagazine
February 19, 2021
Spam and Phishing Attacks 2020 - Key Trends Full Text
Abstract
The COVID-19 pandemic is being completely exploited by online scammers. Kaspersky researchers laydown trends and studies for phishing and spam for the past year.Cyware Alerts - Hacker News
February 19, 2021
Phishing: These are the most common techniques used to attack your PC Full Text
Abstract
Creating malicious Office macros is still the most common attack technique deployed by cybercriminals looking to compromise PCs after they've tricked victims into opening phishing emails.ZDNet
February 19, 2021
Nigerian man sentenced 10 years for $11 million phishing scam Full Text
Abstract
A Nigerian national has been sentenced to 10 years in prison for allegedly coordinating an international spearphishing campaign that has cost victims approximately $11 million in losses.Cyberscoop
February 18, 2021
Phishers tricking users via fake LinkedIn Private Shared Document Full Text
Abstract
Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warns.Help Net Security
February 18, 2021
Owner of app that hijacked millions of devices with one update exposes buy-to-infect scam Full Text
Abstract
The owners of a popular barcode scanner Android application that became a malicious nuisance on millions of devices with one update insist that a third-party buyer was to blame.ZDNet
February 17, 2021
NIST hints at upgrades to its system for scoring a phish’s deceptiveness Full Text
Abstract
Future plans for the methodology include the incorporation of operational data gathered from multiple organizations.SCMagazine
February 17, 2021
Beware of These New Waves of Phishing Attacks - Warn Agencies Full Text
Abstract
Tech companies and government agencies released alerts about ongoing phishing campaigns laden with malicious attachments and social engineering tactics.Cyware Alerts - Hacker News
February 17, 2021
NHS Phishing Scam Promises #COVID19 Vaccine Full Text
Abstract
Threat actor ups email volumes 350%, according to MimecastInfosecurity Magazine
February 16, 2021
Lockdown Love Scams Reach a Record High Full Text
Abstract
The number of people being targeted by fake relationship-seekers has spiked during the COVID-19 pandemic with cybercriminals raking in a record $304 million in 2020.Cyware Alerts - Hacker News
February 16, 2021
Hackers abusing the Ngrok platform phishing attacks Full Text
Abstract
Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations...Security Affairs
February 16, 2021
Automating scam call blocking sees Telstra prevent up to 500,000 calls a day Full Text
Abstract
Telstra said it is now blocking 6.5 million suspected scam calls a month, at times up to 500,000 a day, thanks to automating the former manual process that sat at around 1 million monthly scam calls.ZDNet
February 16, 2021
Malvertisers exploited browser zero-day to redirect users to scams Full Text
Abstract
The ScamClub malvertising group used a zero-day vulnerability in the WebKit web browser engine to push payloads that redirected to gift card scams.BleepingComputer
February 16, 2021
Spam and phishing trends in 2020 Full Text
Abstract
In the year 2020, the share of spam in email traffic amounted to 50.37%, down by 6.14 percentage points from 2019. Most of the email spam traffic (21.27%) originated in Russia.Kaspersky Labs
February 15, 2021
IRS Warns of EFIN Scam Full Text
Abstract
Scammers spoof IRS to steal Electronic Filing Identification Numbers from tax prosInfosecurity Magazine
February 15, 2021
Microsoft will alert Office 365 admins of Forms phishing attempts Full Text
Abstract
Microsoft is adding new security warnings to the Security and Compliance Center (SCC) default alert policies to inform IT admins of detected phishing attempts abusing Microsoft Forms in their tenants.BleepingComputer
February 15, 2021
Update: Recent Facebook Phishing Campaign is Now Spreading to the UK After Targeting German Users Full Text
Abstract
With over 20,000 additional victims tricked since the new campaign began on February 11, it appears that is now also targeting British users, as about 75% of the new victims are based in the UK.Cyber News
February 15, 2021
Nearly 40% of consumers lost money to phone scams in 2020 Full Text
Abstract
Businesses and consumers are relying on the voice call more than ever during the pandemic with voice traffic up 184% in 2020 compared to 2019, according to a Hiya report.Help Net Security
February 13, 2021
Gmail users from US most targeted by email-based phishing and malware Full Text
Abstract
Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware...Security Affairs
February 13, 2021
New Bazar Trojan Variant is Being Spread in Recent Phishing Campaign Full Text
Abstract
Bazar is a backdoor Trojan designed to target a device, collect sensitive information, control the system via commands, and deliver malware. Last year, it was observed delivering the TrickBot malware.Fortinet
February 12, 2021
Scammers target US tax pros in ongoing IRS phishing attacks Full Text
Abstract
The Internal Revenue Service (IRS) has warned US tax professionals of identity thieves actively targeting them in a series of phishing attacks attempting to steal Electronic Filing Identification Numbers (EFINs).BleepingComputer
February 12, 2021
Google: Gmail users from US most targeted by phishing attacks Full Text
Abstract
Google has revealed earlier this week that Gmail users from the United States are the most popular target for email-based phishing and malware attacks.BleepingComputer
February 12, 2021
Romance scam victims reported $304 million in fraud in 2020, a new high Full Text
Abstract
Some of the fraud was initiated through dating apps but even more through social media, the FTC said, as people flocked to them during months of stay-at-home orders during the coronavirus pandemic.Cyberscoop
February 12, 2021
SMS tax scam unmasked: Bogus but believable – don’t fall for it! Full Text
Abstract
Every month of the year has some sort of tax relevance somewhere in the world, and tax scammers take advantage of the many different regional tax filing seasons to customize their criminality to where you live.Sophos
February 12, 2021
Authorities Blocked One of The World’s Largest Phishing Service Full Text
Abstract
Recently, the international Cyber police team has reported another high-profile arrest on February 4 during an international specialized operation along with law...Cyber Security News
February 10, 2021
Scammers Selling Fake #COVID19 Vaccination Cards for Just $20 Full Text
Abstract
DomainTools says market is building for anti-vaxxersInfosecurity Magazine
February 9, 2021
Ukraine’s police arrested the author of the U-Admin phishing kit Full Text
Abstract
An international operation conducted by Ukraine's police, along with the US and Australia peers, shut down the world's largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine's police, along with the US and Australian...Security Affairs
February 9, 2021
Researchers uncovered a Facebook phishing campaign that tricked nearly 500,000 users in two weeks Full Text
Abstract
“Is that you” is a phishing scam that begins with a Facebook message sent by one of your friends. The “friend” claims to have found a video or image with you featured in it.Cyber News
February 9, 2021
Phishers Piggyback on Phishing Kits to Expand Their Activities Full Text
Abstract
Compiled with a set of JavaScript functions, the novel toolkit dubbed LogoKit enables cybercriminals to change logos and text on a phishing page in real-time.Cyware Alerts - Hacker News
February 09, 2021
Ukrainian Police Arrest Author of World’s Largest Phishing Service U-Admin Full Text
Abstract
Law enforcement officials in Ukraine, in coordination with authorities from the U.S. and Australia, last week shut down one of the world's largest phishing services that were used to attack financial institutions in 11 countries, causing tens of millions of dollars in losses. The Ukrainian attorney general's office said it worked with the National Police and its Main Investigation Department to identify a 39-year-old man from the Ternopil region who developed a phishing package and a special administrative panel for the service, which were then aimed at several banks located in Australia, Spain, the U.S., Italy, Chile, the Netherlands, Mexico, France, Switzerland, Germany, and the U.K. Computer equipment, mobile phones, and hard drives were seized as part of five authorized searches conducted during the course of the operation. Security researcher Brian Krebs noted the raids were in connection with U-Admin , a phishing framework that makes use of fake web pages to pilThe Hacker News
February 9, 2021
Arrest, Raids Tied to ‘U-Admin’ Phishing Kit — Krebs on Security Full Text
Abstract
Cyber cops in Ukraine carried out an arrest and raids in connection with author of U-Admin, a software package used to administer what’s being called “one of the world’s largest phishing services.”Krebs on Security
February 8, 2021
Novel phishing technique uses Morse code to compose malicious URLs Full Text
Abstract
Cybercriminals devised a new phishing technique that leverages the Morse code to hide malicious URLs and bypass defense. Experts spotted a new targeted phishing campaign that leverages a new obfuscation technique based on the Morse code to hide malicious...Security Affairs
February 8, 2021
Fraudsters Target Discord Users in Cryptocurrency Scam Full Text
Abstract
Fraudsters are targeting Discord users with a scam centered on a fake cryptocurrency exchange and using the lure of free bitcoin or ethereum cryptocurrency to steal money and personal data.Bank Info Security
February 07, 2021
New phishing attack uses Morse code to hide malicious URLs Full Text
Abstract
A new targeted phishing campaign includes the novel obfuscation technique of using Morse code to hide malicious URLs in an email attachment.BleepingComputer
February 5, 2021
Google Firebase hosts Microsoft Office phishing attack Full Text
Abstract
A phishing attack recently uncovered by researchers pretends to share information about an electronic funds transfer (EFT) by offering up a link to download an HTML invoice that then loads to a page with Microsoft Office branding that’s hosted on Google Firebase. The attack culminates with a final phishing page that looks to extract a…SCMagazine
February 05, 2021
Microsoft warns of increasing OAuth Office 365 phishing attacks Full Text
Abstract
Microsoft has warned of an increasing number of consent phishing (aka OAuth phishing) attacks targeting remote workers during recent months, BleepingComputer has learned.BleepingComputer
February 4, 2021
Fraudsters Build Up Phishing Repertoire for 2021 Tax Season. Are… Full Text
Abstract
Fraudsters had an early start anticipating the buzz surrounding tax filing season, with phishing campaigns impersonating the government agency as early as November 25, 2020, according to Bitdefender.Bit Defender
February 2, 2021
Barclays: 2020 the Highest Year on Record for Scams Full Text
Abstract
Over half of Brits are too embarrassed to report falling victim to scamsInfosecurity Magazine
February 01, 2021
Phishing campaign lures US businesses with fake PPP loans Full Text
Abstract
Threat actors are sending phishing emails impersonating a Small Business Administration (SBA) lender to prey on US business owners who want to apply for a PPP loan to keep their business going during the COVID-19 crisis.BleepingComputer
February 01, 2021
Scammers posing as FBI agents threaten targets with jail time Full Text
Abstract
The U.S. Federal Bureau of Investigation (FBI) is warning scammers actively posing as FBI representatives and threatening targets with fines and jail time unless they don't hand out personal and/or financial information.BleepingComputer
January 30, 2021
Beware: Malicious Home Depot ad gets top spot in Google Search Full Text
Abstract
A malicious Home Depot advertising campaign is redirect Google search visitors to tech support scams.BleepingComputer
January 29, 2021
Trickbot is back again - with fresh phishing and malware attacks Full Text
Abstract
Initially starting life as a banking trojan, Trickbot evolved to become a highly popular form of malware among cybercriminals, particularly because its modular nature allowed for it to be used in many different kinds of attacks.ZDNet
January 28, 2021
LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages Full Text
Abstract
A phishing kit has been found running on at least 700 domains – and mimicking services like false SharePoint portals, OneDrive and Office 365.Threatpost
January 28, 2021
LogoKit, a new phishing kit that dynamically creates phishing forms Full Text
Abstract
Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target...Security Affairs
January 28, 2021
Consumers Falling for $100m Clone Firm Scams Full Text
Abstract
Regulator says too many are making ill-judged investmentsInfosecurity Magazine
January 28, 2021
FTC Warns ‘U.S. Trading Commission’ Website Is a Scam Full Text
Abstract
The FTC issued a unique consumer alert this week, warning that scammers pretending to be the U.S. regulatory agency have been attempting to bilk the public out of their bank accounts and life savings.Nextgov
January 27, 2021
UK’s National Crime Agency warns novice and veteran traders alike of rise in clone company scams Full Text
Abstract
A warning has been issued by the UK's NCA and FCA on a rise in clone company scams targeting those looking for investment opportunities to recover financially from COVID-19.ZDNet
January 27, 2021
Phishing and Malspam with Leaf PHPMailer Full Text
Abstract
When the tool is loaded, it leverages the LeafPHP mailer library to distribute the spam. It contains various text fields that allow the attacker to input custom data for important email fields.Sucuri
January 27, 2021
BEC Scammers Find New Ways to Navigate Microsoft 365 Full Text
Abstract
BEC scammers targeted victims' out-of-office replies and read receipts during the 2020 holiday season, when many took time off work and automatic replies were more prevalent, researchers report.Dark Reading
January 27, 2021
Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication Full Text
Abstract
FireEye recently encountered various phishing campaigns, mostly in the Americas and Europe, using WOFF-based substitution cypher, localization specific targeting, and various evasion techniques.FireEye
January 26, 2021
Phishing scheme shows CEOs may be ‘most valuable asset,’ and ‘greatest vulnerability’ Full Text
Abstract
Cybercriminals have been using a phishing kit featuring fake Office 365 password alerts as a lure to target the credentials of chief executives, business owners and other high-level corporate leaders – often companies’ biggest security liabilities.SCMagazine
January 26, 2021
Google discloses spearphishing targeting security researchers Full Text
Abstract
Depending on how widespread the compromises were, it could potentially taint some research and defensive strategies that threat intelligence firms share with businesses and other organizations.SCMagazine
January 26, 2021
Targeted Phishing Attacks Target High-Ranking Company Executives Full Text
Abstract
An evolving phishing campaign observed at least since May 2020 has been found to target high-ranking company executives across manufacturing, real estate, finance, government, and technological sectors with the goal of obtaining sensitive information. The campaign hinges on a social engineering trick that involves sending emails to potential victims containing fake Office 365 password expiration notifications as lures. The messages also include an embedded link to retain the same password that, when clicked, redirects users to a phishing page for credential harvesting. "The attackers target high profile employees who may not be as technically or cybersecurity savvy, and may be more likely to be deceived into clicking on malicious links," Trend Micro researchers said in a Monday analysis. "By selectively targeting C-level employees, the attacker significantly increases the value of obtained credentials as they could lead to further access to sensitive personal andThe Hacker News
January 26, 2021
TikTok Flaw Lay Bare Phone Numbers, User IDs For Phishing Attacks Full Text
Abstract
A security flaw in TikTok could have allowed attackers to query query the platform’s database – potentially opening up for privacy violations.Threatpost
January 21, 2021
Thousands of BEC lures use Google Forms in recon campaign Full Text
Abstract
Researchers say they have observed thousands of messages using Google Forms to target retail, telecom, healthcare, energy and manufacturing companies in an apparent reconnaissance campaign to launch future business email compromises (BECs). The attackers used Google Forms to bypass email security content filters based on keywords, according to a blog released Wednesday by Proofpoint Threat…SCMagazine
January 21, 2021
Passwords stolen via phishing campaign available through Google search Full Text
Abstract
Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation...Security Affairs
January 21, 2021
Attackers Perform BEC Target Selection Using Google Forms Full Text
Abstract
This hybrid campaign combines the benefits of scale and legitimacy by leveraging Google Services with social engineering attacks, more commonly associated with BEC schemes.Proofpoint
January 21, 2021
Interpol: Dating App Victims Lured into Investment Scams Full Text
Abstract
Police body sends alert to 194 member countriesInfosecurity Magazine
January 21, 2021
Scammers Are Sending Fake Job Offers on LinkedIn Full Text
Abstract
Online scammers are sending fake job offers to professionals on LinkedIn, impersonating real HR employees in an attempt to lure victims to share their banking information.Motherboard Vice
January 20, 2021
Investment Scammers Prey on Dating App Users, Interpol Warns Full Text
Abstract
Users of dating apps – like Tinder, Match and Bumble – should be on the lookout for investment-fraud scammers.Threatpost
January 19, 2021
Interpol: Trading scammers lure love-struck victims via dating apps Full Text
Abstract
The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps.BleepingComputer
January 19, 2021
Text Phishing Scam Disguised as New York State DMV Messages Full Text
Abstract
Using the ongoing adoption of the REAL ID Act of 2005 in an attempt to make the scam sound legitimate, the attackers have used three specific text phishing messages, the New York State DMV said.Security Intelligence
January 19, 2021
Attackers Steal E-Mails, Info from OpenWrt Forum Full Text
Abstract
Users of the Linux-based open-source firmware—which include developers from commercial router companies–may be targeted by phishing campaigns, administrators warn.Threatpost
January 19, 2021
Vishing attacks conducted to steal corporate accounts, FBI warns Full Text
Abstract
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. The Federal Bureau of Investigation (FBI) published a Private Industry Notification (PIN) that warns of...Security Affairs
January 19, 2021
Organizations Should Establish ‘Blame-Free Employee Reporting’ of… Full Text
Abstract
CISA’s description of the latest phishing attempts fit the bill for spearphishing, where the attackers typically go after a high-profile victim who handles the company’s finances, or an executive.Bit Defender
January 15, 2021
Surge in remotely hosted phish images? Some say it’s business as usual Full Text
Abstract
In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.SCMagazine
January 15, 2021
Phishers count on remotely hosted images to bypass email filters Full Text
Abstract
Loading remotely hosted images instead of embedding them directly into emails is one of the latest tricks employed by phishers to bypass email filters that cannot detect such images in real-time.Help Net Security
January 14, 2021
Telegram-based phishing service Classiscam hits European marketplaces Full Text
Abstract
Dozens of cybercriminal gangs are publishing fake ads on popular online marketplaces to lure interested users to fraudulent merchant sites or to phishing pages that steal payment data.BleepingComputer
January 14, 2021
Scam-as-a-Service operation made more than $6.5 million in 2020 Full Text
Abstract
A newly uncovered Russian-based cybercrime operation has helped classified ads scammers steal more than $6.5 million from buyers across the US, Europe, and former Soviet states.ZDNet
January 14, 2021
Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds Full Text
Abstract
Russian-speaking scammers started targeting users of European marketplaces and classifieds is a criminal scheme dubbed Classiscam. Group-IB, a global threat hunting and and adversary-centric cyber intelligence company, has discovered that Russian-speaking...Security Affairs
January 13, 2021
New Variant of Ursnif Continuously Targeting Italy Full Text
Abstract
A few days ago, FortiGuard Labs detected a phishing campaign in the wild that was spreading a fresh variant of the Ursnif Trojan via an attached MS Word document that is continuously targeting Italy.Fortinet
January 11, 2021
Aliens and UFOs: A Final Frontier for Social Engineers Full Text
Abstract
The release of a CIA archive on UFOs is exactly the kind of headline-making event that phishing and scam actors long for.Threatpost
January 8, 2021
We got used to SMS notifications and phishers are capitalizing on it Full Text
Abstract
The fake messages impersonate payment, package delivery and streaming services, government and healthcare organizations, popular IT providers, online retailers, hospitality organizations, and so on.Help Net Security
January 7, 2021
New bank-related phishing scam involves impersonation of Singapore government officials Full Text
Abstract
Scammers have been impersonating Singapore government officials since December in what police on Tuesday (Jan 5) described as a new variant of bank-related phishing scams.Straits Times
January 03, 2021
Beware: PayPal phishing texts state your account is ‘limited’ Full Text
Abstract
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.BleepingComputer
January 2, 2021
Facebook ads used to steal 615000+ credentials in a phishing campaign Full Text
Abstract
Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook ads to redirect users to Github accounts hosting phishing pages used to steal victims’ login credentials.Security Affairs
January 1, 2021
Facebook ads used to steal 615000+ credentials in a phishing campaign Full Text
Abstract
Cybercriminals are abusing Facebook ads in a large-scale phishing scam aimed at stealing victims’ login credentials. Researchers from security firm ThreatNix spotted a new large-scale campaign abusing Facebook ads. Threat actors are using Facebook...Security Affairs
December 29, 2020
No Break in Phishing Scams Full Text
Abstract
An employee of Freedom Finance fell victim to a phishing email, resulting in the loss of data of 16,000 clients from 2018. The attack also disrupted the internal network of the company.Cyware Alerts - Hacker News
December 29, 2020
Indian e-commerce users target of new ‘year-end carnival’ scam Full Text
Abstract
The scam is designed to make e-commerce users believe that Flipkart is offering a year-end carnival, although there is no such information this year on the e-commerce player's official website.The Times Of India
December 29, 2020
Hackers phish 615,000 login credentials by using Facebook ads Full Text
Abstract
The Facebook users targeted span from a number of countries including Egypt, the Philippines, Pakistan, and Nepal with more than 615,000 of them being affected in totality.Hackread
December 28, 2020
Multi-platform card skimmer targets Shopify, BigCommerce, Zencart, and Woocommerce stores Full Text
Abstract
Experts warn of a multi-platform credit card skimmer that can target online stores running on Shopify, BigCommerce, Zencart, and Woocommerce. Security experts have discovered a multi-platform credit card skimmer that can allow threat actors to harvest payment...Security Affairs
December 28, 2020
One in ten shopping ads promoted on Google potentially lead to phishing sites Full Text
Abstract
Ads created by cybercriminals can lead users to malicious phishing websites where they can be tricked into buying counterfeit or unsafe products, fall victim to financial scams, or worse.CyberNews
December 28, 2020
Multi-platform card skimmer found on Shopify, BigCommerce stores Full Text
Abstract
A recently discovered multi-platform credit card skimmer can harvest payment info on compromised stores powered by Shopify, BigCommerce, Zencart, and Woocommerce.BleepingComputer
December 26, 2020
GoDaddy apologized for insensitive phishing email sent to its employees offering a fake bonus Full Text
Abstract
GoDaddy made the headlines for an initiative that is dividing cybersecurity community, it sent phishing messages offering bonuses to its employees. GoDaddy sent an email to its employee that promised a Christmas bonus to help them to face economic...Security Affairs
December 26, 2020
Amazon Gift Card Scam Delivers Dridex This Holiday Season Full Text
Abstract
The operators behind Dridex have a nefarious trick up their sleeves this holiday season. A widespread phishing scam promises victims a $100 Amazon gift card but instead delivers the prolific banking Trojan to target machines.Dark Reading
December 24, 2020
Scammers Run COVID-19 Vaccine Fraud Schemes to Fool Users Full Text
Abstract
The schemes to defraud people have gone to such an extent that threat actors were found running scams by impersonating biotechnology companies involved in the development of COVID-19 vaccines.Cyware Alerts - Hacker News
December 23, 2020
PSA: Active Chase phishing scam pretends to be fraud alerts Full Text
Abstract
A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked.BleepingComputer
December 23, 2020
Credential phishing attack impersonating USPS targets consumers over the holidays Full Text
Abstract
The credential phishing attack impersonated the U.S. Postal Service that sought to get victims to give up their credit card credentials and pay a special delivery fee within three days to ensure package delivered.SCMagazine
December 23, 2020
Emotet Returns to Hit 100K Mailboxes Per Day Full Text
Abstract
Just in time for the Christmas holiday, Emotet is sending the gift of Trickbot.Threatpost
December 23, 2020
Does a friend “need money urgently”? Check your facts before paying out Full Text
Abstract
In this scam, the cybercriminals were using stolen Messenger passwords to phish for yet more Messenger passwords by sending messages that genuinely seemed to come from friends and family.Sophos
December 23, 2020
Emotet Campaign Restarts After Seven-Week Hiatus Full Text
Abstract
Multiple security researchers note the return of an email campaign attempting to spread the malware, which is often used to drop the Ryuk ransomware and Trickbot banking Trojan.Dark Reading
December 22, 2020
Holiday Puppy Swindle Has Consumers Howling Full Text
Abstract
Those buying German Shepherd puppies for Bitcoin online are in for a ruff ride.Threatpost
December 22, 2020
Phishers Spoof New York Department of Labor Full Text
Abstract
Attacker impersonates New York State to steal sensitive data from seekers of COVID-19 financial reliefInfosecurity Magazine
December 22, 2020
Researchers Warn Consumers to Not Use Bitcoin to Buy “Hatched” German Shepherds This Holiday Season Full Text
Abstract
Anomali found 17 websites engaging in pet fraud activities for birds and cats, as well as one phone number match for a Facebook page car fraud scheme, and one number for an essential oils scam.Anomali
December 22, 2020
Phishing Campaign Uses New York Department of Labor Logo and Pandemic Aid Info to Steal Private Information Full Text
Abstract
Security researchers have identified a new phishing campaign using a message purportedly from the New York Department of Labor to trick people into giving the attackers personal data.Bit Defender
December 21, 2020
Subway UK Marketing System Hacked to Send TrickBot-Laden Phishing Emails Full Text
Abstract
The threat actors were successful in gaining access to Subway UK customers' names and email addresses by hacking a Subcard server responsible for its email campaigns.Cyware Alerts - Hacker News
December 21, 2020
US seizes domains used for COVID-19 vaccine phishing attacks Full Text
Abstract
The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines.BleepingComputer
December 19, 2020
US officials shut down scam websites impersonating Moderna, Regeneron Full Text
Abstract
U.S. Justice Department officials said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors’ personal data as part of a scam.Cyberscoop
December 18, 2020
Feeling Lucky This Holiday Season? COVID-19, Google and Microsoft ‘Lotteries’ are Out for Your Info and Money Full Text
Abstract
Fraudsters are using popular brand names, existing lottery names and the coronavirus to mislead recipients into believing that they have won millions of dollars in various online lotteries.Bit Defender
December 17, 2020
Two-Thirds of Orgs Expect Increase in #COVID19 Phishing Attacks Next Year Full Text
Abstract
64% of business leaders are anticipating a rise in phishing attacks in 2021Infosecurity Magazine
December 17, 2020
Experts Urge Users to Ignore Facebook Christmas Bonus Scam Full Text
Abstract
Messages from ‘friends’ are fake, says Identity Theft Resource CenterInfosecurity Magazine
December 17, 2020
BEC Hits Double Digits as COVID-19 Scams Abound Full Text
Abstract
Barracuda Networks reveals latest spear-phishing trendsInfosecurity Magazine
December 15, 2020
Subway Sandwich Loyalty-Card Users Suffer Ham-Handed Phishing Scam Full Text
Abstract
Subway loyalty program members in U.K. and Ireland have been sent scam emails to trick them into downloading malware.Threatpost
December 14, 2020
Text messages promising $1,200 stimulus checks are actually scams, IRS warns Full Text
Abstract
Scammers are sending texts promising a $1,200 stimulus check. The IRS and a coalition of state tax agencies and tax industry officials are warning individuals who receive such messages not to respond.CNBC
December 12, 2020
Subway marketing system hacked to send TrickBot malware emails Full Text
Abstract
Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday.BleepingComputer
December 11, 2020
Massive Subway UK phishing attack is pushing TrickBot malware Full Text
Abstract
A massive phishing campaign pretending to be a Subway order confirmation is underway distributing the notorious TrickBot malware.BleepingComputer
December 10, 2020
Fake data breach alerts used to steal Ledger cryptocurrency wallets Full Text
Abstract
A phishing scam is underway that targets Ledger wallet users with fake data breach notifications used to steal cryptocurrency from recipients.BleepingComputer
December 9, 2020
Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame? Full Text
Abstract
Researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft’s servers were not enforcing protective DMARC authentication protocols when communications were received – and perhaps still are not.SCMagazine
December 07, 2020
Microsoft O365 Fails to Block Spoofed Emails Sent from Microsoft.com Full Text