Krebs on Security

APRIL 6, 2022

“Someone was trying to phish employee credentials, and they were good at it,” Wired reported. “They were calling up consumer service and tech support personnel, instructing them to reset their passwords. ” Twitter revealed that a key tactic of the group was “phone spear phishing” (a.k.a.

Social Engineering 263

Social Engineering Phishing Engineering Accountability 263

SecureList

MAY 12, 2021

Hackers who are on the lookout for publicly disclosed vulnerabilities (1-days) in internet facing software, such as VPN appliances or email gateways. The ransomware is now distributed mainly through compromised RDP accesses, phishing, and software vulnerabilities. Access sellers.

Ransomware 132

Ransomware Encryption Malware Cybercrime 132

SecureList

APRIL 23, 2021

In certain cases, they used spear-phishing campaigns to install Cobalt Strike RAT, while other attacks involved exploiting a vulnerable internet-facing service (e.g., Citrix ADC/NetScaler or Pulse Secure VPN) or weak RDP credentials to breach the network. Maze primarily targeted businesses and large organizations. Conclusion.

Ransomware 115

Ransomware Mobile Malware Encryption 115