article thumbnail

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. ” continues the report.

Phishing 293
article thumbnail

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. ” Manipulaters advertisement for Office 365 Private Page with Antibot phishing kit sold via Heartsender. Image: DomainTools. ” U.S.

Phishing 267
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Tycoon2FA phishing kit rolled out significant updates

Security Affairs

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. ” reported Trustwave.

Phishing 208
article thumbnail

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs

Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240 sites. Microsoft has tracked Nady, linked to phishing services since 2017.

Phishing 189
article thumbnail

The Business Cost of Phishing

Phishing is a problem that's plagued organizations for years. IT and Security teams will tell you that they’re spending too much time and money on phishing, but what does that mean? This report quantifies the financial impacts of phishing.

article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. ”

Phishing 295
article thumbnail

Phish-Friendly Domain Registry “.top” Put on Notice

Krebs on Security

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 333