Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
Discover Mamba 2FA, a previously unknown adversary-in-the-middle (AiTM) phishing kit and sold as phishing-as-a-service (PhaaS).
Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in Côte d’Ivoire and Nigeria.
The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing.
Phishing scam targets Swiss citizens
In Côte d’Ivoire authorities dismantled a large-scale phishing scam, thanks to a collaborative effort with Swiss police and INTERPOL.
Investigators reported 483 000 victims worldwide, who had attempted to regain access to their phones and been phished in the process. The victims are mainly Spanish-speaking nationals from European, North American and South American countries.The successful operation took place thanks to international cooperation between law enforcement and judiciary authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru.The action week took...
A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new
APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.
Russia-linked phishing campaigns are targeting civil society and NGOs operating in the region and abroad, according to a new investigation by Access Now and the Citizen Lab.
Sous le domaine dleci.ch, une page de phishing a été mise en ligne, reproduisant à l'identique le contenu de dieci.ch.
We uncovered a malvertising campaign where the threat actor hijacks social media pages, renames them to mimic popular AI photo editors, then posts malicious links to fake websites.
In this blog, we investigate a phishing attack that leverages the inherent trust we put in live-human-chat support.
In recent months, a surge in cryptodrainer phishing attacks has been observed, targeting cryptocurrency holders with sophisticated schemes aimed at tricking them into divulging their valuable credentials.
FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack.
See the results of our investigation into the phishing campaign encountered by our company and get information to defend against it.
Here are some key findings:
A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing…
Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.
LabHost enabled users to set up websites designed to trick victims into revealing personal information – with 70,000 allegedly duped in the UK
La semaine dernière, des menaces d'attentats ont été envoyés aux élèves, aux personnels et aux familles suite au piratage de l'environnement numérique de travail de la région Ile de France. Cette fois, c'est l'académie de Lille qui est touchée, et ce dans un contexte sécuritaire inquiétant.
