Recherche : [phishing]

Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers https://www.vadesecure.com/fr/blog/campagne-de-phishing-instagram

10/09/2022 11:04:44

Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.

Detecting Scatter Swine: Insights into a relentless phishing campaign https://sec.okta.com/scatterswine

29/08/2022 10:25:04

Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.

Roasting 0ktapus: The phishing campaign going after Okta identity credentials https://blog.group-ib.com/0ktapus

25/08/2022 16:57:14

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits

Legitimate SaaS Platforms Being Used to Host Phishing Attacks https://unit42.paloaltonetworks.com/platform-abuse-phishing/

24/08/2022 15:56:47

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

Bypass phishing detections with Google Translate https://certitude.consulting/blog/en/bypass-phishing-detections-with-google-translate-2/

19/08/2022 09:52:00

A new wave of phishing is currently circulating (a related story from derstandard.at newspaper can be found here). Documents are said to have been sent to you from a scanner, which you can allegedly download, as can be seen in the following image

Disrupting SEABORGIUM’s ongoing phishing operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/

18/08/2022 15:43:50

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.

DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch https://techcrunch.com/2022/08/16/digitalocean-emails-mailchimp-breach/

17/08/2022 12:45:34

Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp. In a scant blog post dated August 12, just two days after the company’s co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting […]

Cisco confirms May attack by Yanluowang ransomware group https://therecord.media/cisco-confirms-may-attack-by-yanluowang-ransomware-group/

14/08/2022 21:40:33

Cisco confirmed on Wednesday that it was attack by the Yanluowang ransomware group in May, but said the hackers were not able to steal sensitive data or impact the company’s operations.

In a statement to The Record, Cisco said the incident occured on their corporate network in late May and that they “immediately took action to contain and eradicate the bad actors.”

Phishers who breached Twilio and targeted Cloudflare could easily get you, too https://arstechnica.com/information-technology/2022/08/phishers-breach-twilio-and-target-cloudflare-using-workers-home-numbers/

14/08/2022 21:37:56

Unusually resourced threat actor has targeted multiple companies in recent days.

The mechanics of a sophisticated phishing scam and how we stopped it https://blog.cloudflare.com/2022-07-sms-phishing-attacks/

14/08/2022 21:36:00

Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.

Large-Scale AiTM Attack targeting enterprise users of Microsoft email services https://www.zscaler.com/blogs/security-research/large-scale-aitm-attack-targeting-enterprise-users-microsoft-email-services

03/08/2022 11:07:53

A ThreatLabz technical analysis of the latest variant of proxy-based AiTM attacks that are phishing enterprise users for their Microsoft credentials.

IPFS: The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/

29/07/2022 09:06:58

We have observed more than 3,000 emails containing phishing URLs that have utilized IPFS for the past 90 days and it is evident that IPFS is increasingly becoming a popular platform for phishing websites.

From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/

17/07/2022 21:33:46

A large-scale phishing campaign that attempted to target over 10,000 organizations since September 2021 used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and skip the authentication process, even if the user had enabled multifactor authentication (MFA).

Ongoing phishing campaign can hack you even when you’re protected with MFA https://arstechnica.com/information-technology/2022/07/microsoft-details-phishing-campaign-that-can-hijack-mfa-protected-accounts/

17/07/2022 21:30:40

Campaign that steals email has targeted at least 10,000 organizations since September.

Verified Twitter accounts phished via hate speech warnings https://blog.malwarebytes.com/social-engineering/2022/07/verified-twitter-accounts-phished-via-hate-speech-warnings/

12/07/2022 18:55:28

We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.

BRATA is evolving into an Advanced Persistent Threat https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat?s=09

20/06/2022 08:49:35

Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.

Phishing tactics: how a threat actor stole 1M credentials in 4 months https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/

17/06/2022 10:50:59

It is rare that the identities of participants and ringleaders in criminal phishing schemes are uncovered. But in many cases, when untangling the web of a cyber criminal group (particularly with financially motivated e-crime actors), there are enough OSINT breadcrumbs left behind by a threat actor, on forums, in code, or elsewhere, to point investigators in the right direction.

Hackers breach MailChimp's internal tools to target crypto customers https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/

05/04/2022 13:15:01

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.

Ongoing phishing attacks on Trezor users https://blog.trezor.io/ongoing-phishing-attacks-on-trezor-users-edd840b17304#4909

04/04/2022 17:35:23

Trezor users have reported being targeted by a malicious phishing attack on April 3.

Behold, a password phishing site that can trick even savvy users https://arstechnica.com/information-technology/2022/03/behold-a-password-phishing-site-that-can-trick-even-savvy-users/

27/03/2022 21:13:38

Just when you thought you'd seen every phishing trick out there, BitB comes along.

Liens par page

Filtres