Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}. Please download and read the attached encrypted document carefully.

Phishing 277

Phishing Encryption Passwords Ransomware 277

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 256

Phishing Authentication Archiving Cybersecurity 256

Data Breach Today

FEBRUARY 6, 2020

Inquiry Posing Interview Questions Designed to Steal Credentials In a recently discovered phishing campaign, hackers attempted to steal victims' passwords and credentials by posing as a former Wall Street Journal reporter and sending documents with potential interview questions, according to security firm Certfa.

Phishing 266

Phishing Passwords Security 266

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption 109

Encryption Military Phishing Communications 109

Data Breach Today

JULY 7, 2020

federal court has issued an injunction that gives Microsoft permission to seize control of several malicious domains being used to operate a COVID-19-themed phishing scam, according to recently unsealed court documents. Software Giant Asked Federal Court for Injunction Against Unnamed Hackers A U.S.

Phishing 233

Phishing 233

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 119

Phishing Ransomware IT Access 119

IT Governance

SEPTEMBER 15, 2023

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. Storm-0324’s phishing lures “typically reference invoices and payments, mimicking services such as DocuSign, Quickbooks, and others”.

Phishing 110

Phishing Mining Education Passwords 110

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 81

Phishing Authentication Sales Passwords 81

Data Breach Today

JULY 29, 2023

military job recruitment documents to lure Korean-speaking victims into downloading malware staged from legitimate but compromised South Korean websites, according to security researchers. Researchers Say APT37 Group Likely Behind Campaign Targeting South Koreans Government-backed North Korean hackers are posting convincing U.S.

Military 221

Military Phishing Government Security 221

IT Governance

JUNE 8, 2023

Phishing is one of the most common and dangerous forms of cyber crime. Despite an array of technological solutions designed to counter phishing attacks – from antimalware software to password protections – the main weapon in anyone’s arsenal should be knowledge and awareness. How common are phishing attacks?

Phishing 111

Phishing Data breaches Communications Government 111

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. file classified as MASEPIE.

Phishing 118

Phishing Computer and Electronics Communications Encryption 118

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Military 96

Military Phishing Communications IT 96

IT Governance

AUGUST 7, 2023

Welcome to our August 2023 catches of the month feature, in which we explore the latest phishing scams and the tactics that cyber criminals use to trick people into handing over personal data. Check Point credits this rise to an extensive phishing campaign that told victims that there has been suspicious activity on their Microsoft account.

Phishing 98

Phishing Passwords Education Personal data 98

IT Governance

JULY 6, 2023

Welcome to our July 2023 catches of the month feature, in which we explore the latest phishing scams and the tactics that cyber criminals use to trick people into handing over personal data. Quishing on the rise Cyber security researchers have discovered an extensive phishing campaign that uses QR codes as bait.

Phishing 98

Phishing Education Government Personal data 98

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 94

Encryption Phishing Authentication Libraries 94

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. That phishing site prompted visitors to enter their account credentials — including usernames, passwords, one-time passcodes and PIN numbers — to unlock their accounts.

Phishing 232

Phishing Passwords IT 232

KnowBe4

JANUARY 4, 2023

Researchers at Check Point have shown that Large Language Models (LLMs) like OpenAI’s ChatGPT can be used to generate entire infection chains, beginning with a spear phishing email. The publicly available AI can be asked to write a targeted phishing email with perfect grammar.

Phishing 89

Phishing 89

Security Affairs

JANUARY 28, 2021

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users. SecurityAffairs – hacking, Phishing).

Phishing 124

Phishing Cloud Passwords IT 124

KnowBe4

AUGUST 7, 2023

As traditional phishing attack attachment types like Office documents dwindle in use, threat actors look for new effective ways to use email as a delivery medium to launch an attack.

Phishing 78

Phishing 78

KnowBe4

APRIL 6, 2023

A newly documented phishing campaign demonstrates how timely themes can be impactful in creating a successful attack that gets the recipient to engage with malicious content.

Phishing 92

Phishing 92

Security Affairs

JANUARY 6, 2022

Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. The attack chain is very simple, attackers create a Google Document using their Google account. SecurityAffairs – hacking, Phishing). The comment mentions the target with an @.

Phishing 112

Phishing Security IT Information Security 112

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. Upon opening the PDF file, it will display a message stating that the document could not be viewed and that they should click on a button to try again.

Phishing 93

Phishing Education Security IT 93

KnowBe4

JANUARY 24, 2023

Researchers at Fortinet warn that a phishing campaign is impersonating the Chinese Ministry of Finance. The phishing emails contain a document with a QR code that leads to a credential-harvesting site.

Phishing 81

Phishing 81

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. Here are four new phishing trends keeping businesses on their toes. Spear phishing. Phishing via texting.

Phishing 124

Phishing Passwords Cybersecurity Government 124

Security Affairs

OCTOBER 24, 2021

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns. com domain to send the phishing messages.

Phishing 118

Phishing Sales Archiving Passwords 118

IT Governance

MARCH 8, 2022

Welcome to our March 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal information. This month, we look at a phishing attack targeting Ukrainian citizens, the latest campaign imitating Tesco and a warning from HSBC.

Phishing 144

Phishing Military Access Education 144

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Military 131

Military Manufacturing Phishing Government 131

Data Breach Today

APRIL 8, 2021

Report: Builder Allows Cybercriminals to Create Specialized Office Documents Cybercriminal gangs are using a newly uncovered malicious document builder called "EtterSilent" to create differentiated and harder-to-discover malicious documents that can be deployed in phishing attacks.

Phishing 306

Phishing 306

Security Affairs

DECEMBER 25, 2021

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan. “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer.

Phishing 128

Phishing Passwords Security IT 128

IT Governance

JANUARY 11, 2023

Welcome to our January 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. A new phishing campaign has been discovered that imitates Flipper Zero, a cyber security tool used by penetration testers and white-hat hackers.

Phishing 105

Phishing Education Access Personal data 105

Security Affairs

DECEMBER 13, 2020

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. The system does not hold any bank or credit card details.”

Phishing 134

Phishing Marketing Data breaches Personal data 134

Data Breach Today

FEBRUARY 10, 2023

Breach Phished Employee Credentials Reddit says hackers penetrated its internal systems via a phishing attack but that user passwords and accounts appear safe. The self-proclaimed "front page of the internet" says the hackers gained access to its internal documents, code and some internal business systems.

Data breaches 190

Data breaches Phishing Passwords Access 190

IT Governance

AUGUST 10, 2021

Welcome to August’s review of phishing scams, in which we look at criminals’ latest tactics and provide examples of successful frauds. Microsoft issues alert about “crafty” phishing scams. Security researchers at Microsoft are again warning users about phishing scams imitating SharePoint.

Phishing 111

Phishing File names Security Risk 111

Data Breach Today

DECEMBER 18, 2017

Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks.

Phishing 162

Phishing 162

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware. EXE which is responsible for the insertion and editing of equations (OLE objects) in documents. The vulnerability affects the MS Office component EQNEDT32.EXE

Phishing 98

Phishing Communications Cybersecurity IT 98

Security Affairs

AUGUST 12, 2021

Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020. com , or api[.]statvoo[.]com Pierluigi Paganini.

Phishing 114

Phishing Passwords Encryption Security 114

Security Affairs

JANUARY 21, 2021

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. . Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation into a large-scale phishing campaign that targeted thousands of global organizations.

Phishing 125

Phishing Passwords Manufacturing Cybersecurity 125