Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing…
Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.
LabHost enabled users to set up websites designed to trick victims into revealing personal information – with 70,000 allegedly duped in the UK
La semaine dernière, des menaces d'attentats ont été envoyés aux élèves, aux personnels et aux familles suite au piratage de l'environnement numérique de travail de la région Ile de France. Cette fois, c'est l'académie de Lille qui est touchée, et ce dans un contexte sécuritaire inquiétant.
Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.
Read the new Microsoft Threat Intelligence tax season report to learn about the techniques that threat actors use to mislead taxpayers.
Threat actors are exercising new attack techniques to bypass machine learning security controls.
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America.
"The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production," IBM X-Force said in a report published last week.
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy.
The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
In a report going over the state of malware in 2024, device management firm Jamf says that 9% of mobile users were caught by phishing, while 20% of companies were at risk because of bad smartphone configurations.
Discover the techniques, tactics (TTPs) used by Scattered Spider intrusion set, including social engineering and targeted phishing campaigns.
Over the past weeks, Proofpoint researchers have been monitoring an ongoing cloud account takeover campaign impacting dozens of Microsoft Azure environments and compromising hundreds of user accoun...
While most end users are well-acquainted with the dangers of traditional phishing attacks, such as those delivered via email or other media, a large proportion are likely unaware that Microsoft Teams chats could be a phishing vector. Most Teams activity is intra-organizational, but Microsoft enables External Access by default, which allows members of one organization to add users outside the organization to their Teams chats. Perhaps predictably, this feature has provided malicious actors a new avenue by which to exploit untrained or unaware users.
NCSC says generative AI tools will soon allow amateur cybercriminals to launch sophisticated phishing attacks
Copypasta’d from an email from FW:
Hello,
Keating Consulting, Framework’s primary external accounting partner, brought to our attention at 8:13am PST on January 11th, 2024, that one of their accountants fell victim to…
NSA Cybersecurity Director Rob Joyce said the spy agency has seen hackers use chatbots like ChatGPT to perfect their English for phishing schemes.
Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.
