Telegram is becoming an increasingly popular platform for users as well as cyber-criminals. It has become a Mini Dark-web since 2021 when cyber threat actors have been using them. The services these threat actors offer vary from Automation of Phishing, selling Phishers kits, and setting up a custom phishing campaign for everyone willing to pay. […]
In what’s a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. “The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another,” Checkmarx researcher Yehuda Gelb said in a Tuesday report. “The attackers […]
It’s never been easier to write a convincing message that can trick you into handing over your money or personal data
The email account of domain registrar Namecheap was compromised which led to a flood of DHL and MetaMask phishing emails that sought to steal the victims’ personal information and cryptocurrency wallets. Reports say the phishing attacks began at 4:30 PM ET and came from SendGrid, a company that Namecheap has previously utilized to send renewal […]
OneNote is one of the most popular components of the Microsoft 365 package, which the firm is still working to improve even as we speak by releasing new updates. However, as a consequence of the product undergoing continuous beta testing, hackers have discovered and exploited weaknesses in order to launch malware attacks based on phishing. […]
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. “When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated,” AhnLab Security Emergency Response Center (ASEC) […]
Cyble Research and Intelligence Labs (CRIL) detected threat Actors (TAs) distributing the malware DarkTortilla. Since 2015, the complex .NET-based malware known as DarkTortilla has been operating. Researchers say that numerous stealers and Remote Access Trojans (RATs) including AgentTesla, AsyncRAT, NanoCore, etc. are known to be dropped by the malware. DarkTortilla and Its Specific Actions Security researchers […]
A Meta-Phish attack that could lead to the loss of personally identifiable information (PII), login information, and a Facebook profile link was discovered by Trustwave SpiderLabs. This recent phishing campaign tricks victims by using Facebook posts in its chain of attacks. The emails that were sent to the targets made it appear as though one […]
The following techniques have been made public by a researcher who wishes to remain anonymous. They can be used to bypass certain of Cisco’s Secure Email Gateway appliance’s filters and spread malware using carefully written emails. The researcher acknowledged communicating with the vendor, but said they were unable to get a suitable answer in a timely […]
The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. The attacks are notable for employing a technique called callback phishing or telephone-oriented attack delivery (TOAD), wherein the victims are social engineered into making a phone call through phishing emails containing invoices and subscription-themed lures. […]
An extensive phishing campaign targeting businesses in numerous upright markets, including retail, was discovered by Cyjax recently in which the attackers exploited the reputation of renowned brands, and this includes the following business sectors:- Banking Travel Pharmaceuticals Travel Energy Transport Fangxiao is a group classified as a financially motivated threat actor suspected of being based […]
Microsoft’s Dynamics 365 Customer Voice is a software that is primarily used to collect customer feedback.It may be utilized to gather data into actionable insights, track consumer feedback, and conduct polls of client satisfaction. To communicate with victims, hackers are exploiting the Static Expressway. In a nutshell, it’s a method for evading security scanners that […]
By deploying phishing-resistant multi-factor authentication (MFA) and number matching in MFA applications, organisations may defend themselves against phishing and other attacks, according to recommendations provided by the US Cybersecurity and Infrastructure Security Agency (CISA). MFA requires users to submit a combination of two or more separate authenticators to prove their identity. MFA is a security […]
Threat actors used employee login information they had obtained through phishing to log into one of Dropbox’s GitHub accounts, where they stole 130 code projects. As a result, Dropbox announced a security breach. Both some of Dropbox’s private repositories and its public repositories are hosted on GitHub. Additionally, they employ CircleCI for a few internal […]
Cybersecurity experts at Cyble Research and Intelligence Labs (CRIL) have recently identified a fake AnyDesk website (hxxp://anydesk[.]ml). They found this website was spreading Mitsu Stealer, and it’s a sophisticated custom-made 64-bit malware. This malware is primarily designed to steal all sensitive information from unsuspecting victims. One of the most surprising aspects of this malware is […]
With the release of the PhaaS platform called ‘Caffeine’, threat actors can now easily launch their own sophisticated phishing attacks. Anyone who wants to start their own phishing campaign will be able to register on this platform through an open registration process. Caffeine has been thoroughly tested by the analysts at Mandiant. This is a […]
Cybercriminals are taking advantage of the death of Queen Elizabeth II to launch phishing attacks, specifically these scammers directing users to malicious pages that are designed to steal Microsoft credentials. Proofpoint (cybersecurity company) has detected fraudulent emails where cybercriminals pose as the Microsoft team to try to deceive recipients, thus getting victims to sign a […]
With an enterprise-grade iPhone protection app, mobile phishing defense firm novoShield has come out of hiding. According to novoShield, the new solution was created to shield organizations and end users against the rising amount of phishing attempts. With its real-time protection solution, novoShield seeks to address the considerable rise in cybercrime, including phishing, brought by […]
A trio of offshoots from the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. “Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology,” cybersecurity firm AdvIntel said in a […]
Researchers at Resecurity noticed threat actors leveraging Open Redirect Vulnerabilities which is popular in online services and apps to evade spam filters to deliver phishing content. Trusted service domains like Snapchat and other online services make special URLs that lead to malicious resources with phishing kits. The kit identified is named ‘LogoKit’ that was earlier […]
The decentralized file system solution known as IPFS is becoming the new “hotbed” for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for […]