Researchers at security firm Proofpoint recently spotted a malicious campaign deployed by the cybercriminal group identified as TA575 in which the Dridex malware variant is distributed using a theme from “The Squid Game”, the popular Netflix series. Apparently, hackers send phishing emails offering random users supposed early access to the new season of the series […]
Cybersecurity specialists from Abnormal Security report the detection of at least 200 malicious emails as part of a phishing campaign targeting Microsoft Office 365 users. Apparently, the primary goal of the attackers was to intercept login credentials. An unusual feature of this campaign is the use of QR codes embedded in the content of the […]
Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to […]
The email contains varying subject lines revolving around “order shipping” with messages instructing users to install the patch released by Microsoft. A few days ago, Hackread.com covered how the REvil Ransomware gang attacked an IT company named Kaseya which led to over 1000 businesses being victimized. Although ransom demands were made for publishing the decryptor […]
Earlier this week the SEC (Securities and Exchange Commission) in the USA penalized various companies due to cyber security breakdowns. Hackers took advantage of the mishap to gain unauthorized access to email accounts and lots of customer’s data was exposed. A statement from the SEC read as follows: “According to SEC, it has penalized eight […]
Microsoft has reported the correction of a critical vulnerability in Exchange Server detected at the beginning of 2021 and whose exploitation would have allowed threat actors to establish forwarding rules in the affected accounts, which would eventually allow access to incoming emails. Known as ProxyToken and tracked as CVE-2021-33766, the flaw received a score of […]
Telegram has become one of the best instant messaging tools, currently being the main counterpart of WhatsApp thanks to its advanced privacy and anonymity capabilities. Even today, there are many features on the platform that might be unknown to the most inexperienced users, although they are certainly quite useful in various cases. On this occasion, […]
The Department of Justice (DOJ) has revealed that the Microsoft Office 365 email accounts of employees at all U.S. prosecutors’ offices were compromised by Russia’s Foreign Intelligence Service (SVR) during the SolarWinds supply chain attack: “This threat group has access to compromised accounts from approximately May 7 to December 27, 2020.” , the statement said. […]
An Iran-based hacking group has spent about a year and a half operating a hacking campaign in which they pose as aerobics instructors in order to spy on and infect defense employees and contractors and aerospace agencies with malware trying to steal sensitive information. According to Proofpoint specialists, the operators of this campaign created a […]
Microsoft’s cyber threat detection team, MSTIC (Microsoft Threat Intelligence Center) has recently discovered a large-scale malicious email campaign. MSTIC claimed that this large-scale malicious email campaign is operated by Nobelium it’s the same hacker group that is behind the SolarWinds attack, and linked to Russia. Nobelium is the same hacker group that hacked several govt. […]
It is difficult to protect yourself from spammers. You can register on the site and leave your mail, subscribe to the newsletter, and become a victim of pranksters. In any case, your email address will be publicly available, which will lead to spam in your inbox. However, it is not a reason to panic – […]
A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what’s one of the largest data dumps of breached usernames and passwords. In addition, the leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of […]
You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says
A new phishing campaign targets specific targets by trying to distribute various remote access Trojan (RAT) variants. According to Cisco Talos Intelligence researchers, this hacking campaign was identified as “Fajan” and could be being operated from an Arabic-speaking country. Experts believe this campaign would have started in early March, starting with a commitment to “low-profile” […]
SonicWall security teams launched an emergency alert asking their users to install the released security patches to fix three zero-day flaws in their email security solution. SonicWall ES is a solution designed to protect traffic and email communication, capable of containing any phishing emails and other business email compromise (BEC) attempts. The risk increases as […]
SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security (ES) product that are being actively exploited in the wild. Tracked as CVE-2021-20021 and CVE-2021-20022, the flaws were discovered and reported to the company by FireEye’s Mandiant subsidiary on March 26, 2021, after the cybersecurity firm detected post-exploitation web shell activity […]
A cybercriminal group is deploying a phishing campaign that uses a fraudulent website to collect Microsoft Office 365 credentials by creating html snippets stored locally and remotely. This method involves integrating various hidden HTML pieces into JavaScript files to get the fake login interface in which the victim delivers their sensitive information. Potential victims receive […]
Like other festivities, Valentine’s Day is an ideal opportunity for threat actors to deploy ambitious cyberattacks. This time, experts report that a hacking group is sending emails with information about alleged orders to flower and lingerie stores; actually these messages include links or attachments for downloading the BazaLoader malware. This malware variant was identified in […]
A script that can see if an email address is valid in Office365. This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don’t. Microsoft does not consider “email enumeration” a vulnerability, so this is taking advantage of a “feature”. […]
MOSINT is an OSINT Tool for emails. It helps you gather information about the target email. Features: Verification Service { Check if email exist } Check social accounts with Socialscan Check data breaches [need API] Find related emails Find related phone numbers Find related domains Scan Pastebin Dumps Google Search DNS Lookup You can […]
The U.S. law enforcement agency shares a sampling of more than 90 spoofed FBI-related domains registered recently