Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems.

Phishing 302

Phishing Data breaches Accountability Technology 302

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 75

Phishing Identity Theft Cryptocurrency Cybercrime 75

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}. Please download and read the attached encrypted document carefully.

Phishing 279

Phishing Antivirus Scams Malware 279

The Hacker News

MARCH 17, 2024

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America.

Phishing 135

Phishing Government 135

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. 16Shop documentation instructing operators on how to deploy the kit. Image: Akamai.com. Image: Akamai. Image: ZeroFox.

Phishing 198

Phishing Passwords Internet Internet 198

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. ” reads the report published by Trellix.

Phishing 144

Phishing DNS Social Engineering Engineering 144

The Hacker News

SEPTEMBER 12, 2023

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A

Phishing 135

Phishing 135

The Hacker News

DECEMBER 22, 2023

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.

Malware 102

Malware Engineering Phishing 102

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 294

Phishing Scams Banking Mobile 294

Security Boulevard

NOVEMBER 20, 2024

A recent threat observed by the Cofense Phishing Defense Center aims to steal an individual’s identity by having them upload screenshots of various government identification documents and turn on their camera for facial recognition.

Phishing 52

Phishing Government Identity Theft Scams 52

Tech Republic Security

APRIL 29, 2020

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Phishing 196

Phishing Malware 196

The Hacker News

FEBRUARY 9, 2023

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The attack

Phishing 96

Phishing 96

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Phishing 135

Phishing Cyber Attacks Malware Internet 135

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 98

Phishing Cybercrime Authentication Advertising 98

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 144

Phishing Cybercrime Advertising Hacking 144

Security Boulevard

JULY 23, 2024

Overview Leveraging our global threat hunting system, NSFOCUS Security Research Labs discovered spear-phishing email attacks by the APT group TransparentTribe targeting Indian government departments on February 2, 2024. The post TransparentTribe’s Spear-Phishing Targeting Indian Government Departments appeared first on Security Boulevard.

Government 64

Government Phishing Cyber Attacks 64

The Hacker News

SEPTEMBER 3, 2021

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S.

Phishing 131

Phishing 131

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 143

Advertising Manufacturing Hacking Cyber Attacks 143

NetSpi Executives

OCTOBER 25, 2024

This year’s theme is “Secure Our World” with an emphasis on recognizing phishing and vishing attempts – two prevalent tactics used by bad actors to exploit unsuspecting individuals. Part of the requirements for a standard phishing test is allowlisting our sending domains. However, no emails were opened during this initial campaign.

Social Engineering 98

Social Engineering Engineering Phishing Penetration Testing 98

The Hacker News

FEBRUARY 3, 2023

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Malware 89

Malware Phishing 89

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Subject lines included “your document” and “photo of you???”. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing 134

Phishing Ransomware Security Awareness Authentication 134

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. DocuSign is a service that allows people to sign documents in the Cloud. DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time.

Phishing 144

Phishing Password Management Passwords Accountability 144

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. OpenSSH is also used for external access.

Phishing 133

Phishing Cybercrime Manufacturing Hacking 133

Joseph Steinberg

DECEMBER 1, 2020

As such, scammers sending bogus Verification messages request that recipients do the same, and exploit the fact that so many people both expect to be asked for copies of such documents as part of the Verification process, and are willing to share such documents in order to become Verified.

Media 246

Media Accountability Phishing Scams 246

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. However, the best defense is always prevention.

Malware 98

Malware Social Engineering Engineering Education 98

Centraleyes

NOVEMBER 7, 2024

But instead of legal documents, victims are met with a decoy and a hidden malware file. Stealth Mode Activated To avoid detection, Rhadamanthys uses a clever trick: it clones itself as a much larger file in the victim’s Documents folder, disguised as a Firefox component.

Phishing 52

Phishing Antivirus Malware Cryptocurrency 52

Malwarebytes

JULY 12, 2023

Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim.

Telecommunications 90

Telecommunications Phishing Software Government 90

SecureWorld News

FEBRUARY 16, 2024

Tripwire explains: Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users’ login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. As he told Threatpost : “This is an untargeted phishing campaign.

Phishing 92

Phishing Scams Security Awareness Encryption 92

CSO Magazine

JANUARY 4, 2023

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. Stolen data used to add credibility to future attacks.

Banking 118

Banking Phishing Data breaches Marketing 118

Bleeping Computer

JUNE 6, 2022

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [.].

Phishing 140

Phishing Government 140

Security Affairs

JANUARY 28, 2021

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users. SecurityAffairs – hacking, Phishing).

Phishing 145

Phishing Cryptocurrency Passwords Hacking 145

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. file classified as MASEPIE.

Phishing 142

Phishing Malware Computers and Electronics Internet 142

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 124

Phishing Marketing Banking Technology 124

Malwarebytes

JULY 19, 2022

This data includes identification documents, spreadsheets related to Roblox creators, and various email addresses. At time of writing, there’s no specifics with regard to the “identification documents” This could mean driving licence, passport, employee ID scan…we simply don’t know at the moment.

Accountability 90

Accountability Phishing Hacking Ransomware 90

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. “Gmail protects your incoming mail against spam, phishing attempts, and malware. The post Data on Detection of Malicious Documents in Gmail are impressive appeared first on Security Affairs.

Malware 143

Malware Advertising Technology Engineering 143

Security Affairs

JANUARY 6, 2022

Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. The attack chain is very simple, attackers create a Google Document using their Google account. SecurityAffairs – hacking, Phishing). The comment mentions the target with an @.

Phishing 133

Phishing Accountability Hacking Information Security 133

SecureWorld News

AUGUST 9, 2024

In today's digital age, phishing has evolved into a sophisticated threat capable of deceiving even the most technically savvy individuals. No longer confined to suspicious emails, phishing now encompasses voice-based attacks (vishing), text-based scams (smishing) automated with phishing kits, and deepfake technologies.

Phishing 83

Phishing Technology Risk Scams 83