Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads. Microsoft 365 Defender Threat Intelligence Team, in a new report published Thursday, disclosed that it identified infiltrations distributing […]
The hack took place after one of the bZx’s employees was sent a phishing email embedded with a malicious macro hidden in an MS word document, which, when downloaded, ran a script allowing the attacker to obtain the developer’s personal mnemonic cryptocurrency wallet phrase. A decentralized finance (DeFi) lending platform called bZx has suffered a […]
Researchers at security firm Proofpoint recently spotted a malicious campaign deployed by the cybercriminal group identified as TA575 in which the Dridex malware variant is distributed using a theme from “The Squid Game”, the popular Netflix series. Apparently, hackers send phishing emails offering random users supposed early access to the new season of the series […]
Cybersecurity specialists from Abnormal Security report the detection of at least 200 malicious emails as part of a phishing campaign targeting Microsoft Office 365 users. Apparently, the primary goal of the attackers was to intercept login credentials. An unusual feature of this campaign is the use of QR codes embedded in the content of the […]
Microsoft on Thursday disclosed an “extensive series of credential phishing campaigns” that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant’s Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the […]
Avanan cybersecurity specialists report the detection of a new phishing method in which threat actors look for susceptible targets among low-ranking employees who have access to an organization’s IT structure. Usually, a phishing attack involves the usurpation of the identity of a senior executive in an organization, which makes sense if we remember that in […]
Cybersecurity specialists report the finding of 6 critical vulnerabilities in OpenOffice, a discontinued open-source office suite developed by Apache Software Foundation. According to the report, successful exploitation of these flaws would allow the deployment of several attack variants. Below is a brief description of the reported flaws, in addition to their respective tracking keys and […]
Through a letter sent via email, Google has notified some 14,000 Gmail users that during the past months they could have been the target of a sophisticated spear phishing campaign operated by a hacking group identified as APT28. The letter is signed by Shane Huntley, director of the Google Threat Analysis Group. Huntley emphasizes the […]
So far, the ongoing phishing attack has utilized more than 350 unique domains to target Microsoft Office 365 users. Microsoft has warned about a new widespread phishing campaign in which scammers are abusing open redirect links to divert users to malicious websites and steal MS Office 365 credentials. In a detailed report, the IT security researchers […]
The phishing email claims that WeTransfer has shared two files with the victim, and there’s a link to view them. According to a report from Armorblox, cybercriminals are spoofing the WeTransfer file hosting system to carry out credential phishing attacks in which spoofed email leads to a phishing page featuring Microsoft Excel branding. The primary […]
LA County resident booked in iCloud phishing scam pretended to be an Apple representative. A Los Angeles County man identified as Hao Kuo Chi was arrested for breaching thousands of Apple iCloud accounts and obtaining over 620,000 private photos and 9,000 videos of nearly 306 young women. According to the feds, the 40-year-old La Puente, […]
According to researchers, cybercriminals are abusing legitimate challenge and response services like Google’s reCAPTCHA or deploying customized fake CAPTCHA-like validation. Palo Alto Networks’ Unit 42 researchers have published a detailed report on how cybercriminals exploit CAPTCHA features including Google’s I Am Not A Robot Function dubbed reCAPTCHA to carry out their scams against unsuspected users. These […]
Phishing is getting smarter. A type of social engineering attack in which the attacker uses fraudulent messages that are designed to fool the would-be victim into sharing sensitive information or clicking a particular link, phishing has long been part of life on the internet. The term was first coined a quarter-century ago, using a purposeful […]
In the latest LinkedIn phishing scam, the sender’s email address appears to be from Paul University which is based in Nigeria. Phishing scams are one of the most often done owing to their simplicity and sadly, reliability as well. In the latest, researchers from ArmorBlox have discovered a new LinkedIn phishing campaign that targeted approximately […]
“Dr. Hex” is accused of defacing websites, carrying out phishing attacks and malware campaigns. An alleged malicious hacker and a cybercriminal who goes by the alias “Dr. Hex” has been arrested in Morocco after a two-year-long investigation. Dubbed Op Lyrebird; authorities involved in the Operation included Moroccan police, International Criminal Police Organization – INTERPOL, and […]
Cybercriminals have started employing a new phishing attack that abuses the popularity of Google Drive and Docs to bypass security filters. In a report published by the IT security researchers at Avanan, it has been revealed that threat actors are using a Google Docs exploit in a new phishing campaign. The researchers explained how an […]
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. “Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking,” Microsoft 365 Defender […]
Phishing remains one of the most common and dangerous criminal practices for users in general, and every day new and dangerous tools emerge to deploy this attack variant. On this occasion, the experts of the cybersecurity awareness course of the International Institute of Cyber Security (IICS) will show you the operation of Shark, a powerful […]
Microsoft has disclosed details of an evasive year-long social engineering campaign wherein the operators kept changing their obfuscation and encryption mechanisms every 37 days on average, including relying on Morse code, in an attempt to cover their tracks and surreptitiously harvest user credentials. The phishing attacks take the form of invoice-themed lures mimicking financial-related business […]
Europol announced that it will initiate legal proceedings against 23 people accused of participating in a business email engagement (BEC) operation that would have resulted in losses of up to $1.2 million USD. The charges against the suspects were filed after multiple raids in Ireland, Romania and the Netherlands. This campaign began with the sending […]
A report by researchers at Heimdal Security points to the detection of a phishing campaign targeting Office 365 users and administrators that could put the security of an entire business environment at risk. As some users may recall, phishing is an attack variant in which an unauthorized user tries to gain access to a system […]