Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
page 1 / 7
133 résultats taggé phishing  ✕
Microsoft Dynamics 365 Customer Voice Phishing Scam https://blog.checkpoint.com/research/microsoft-dynamics-365-customer-voice-phishing-scam/
08/05/2025 16:24:21
QRCode
archive.org
thumbnail

Overview: Check Point researchers have identified a new phishing campaign that exploits Microsoft’s “Dynamics 365 Customer Voice,” a customer relationship
Overview:

Check Point researchers have identified a new phishing campaign that exploits Microsoft’s “Dynamics 365 Customer Voice,” a customer relationship management software product. It’s often used to record customer calls, monitor customer reviews, share surveys and track feedback.

Microsoft 365 is used by over 2 million organizations worldwide. At least 500,000 organizations use Dynamics 365 Customer Voice, including 97% of Fortune 500 companies.

In this campaign, cyber criminals send business files and invoices from compromised accounts, and include fake Dynamics 365 Customer Voice links. The email configuration looks legitimate and easily tricks email recipients into taking the bait.

As part of this campaign, cyber criminals have deployed over 3,370 emails, with content reaching employees of over 350 organizations, the majority of which are American. More than a million different mailboxes were targeted.

Affected entities include well-established community betterment groups, colleges and universities, news outlets, a prominent health information group, and organizations that promote arts and culture, among others.

checkpoint EN 2025 Microsoft Dynamics 365 Customer Voice Phishing Scam analysis
Sharp rise in reported cyber incidents in Switzerland https://www.swissinfo.ch/eng/swiss-politics/sharp-rise-in-reported-cyber-incidents-in-switzerland/89270346
06/05/2025 19:21:40
QRCode
archive.org
thumbnail

The number of reported cyber incidents and online threats in Switzerland rose sharply last year, according to the National Cyber Security Centre (NCSC).

Last year, almost 63,000 cyber-related incidents were reported to the National Cyber Security Centre (NCSC) in Switzerland, an increase of 13,500 cases over the previous year. Between July and December, the NCSC recorded more than 28,000 incidents, slightly fewer than in the first half of 2024.

Fraud, phishing and spam messages continue to be the most frequently reported incidents. The increase on the previous year is mainly due to the phenomenon of false calls in the name of the authorities, with almost 22,000 reports compared with around 7,000 the previous year.

On the other hand, the number of e-mail threats has dropped. Over the past four years, fraudsters have used the telephone more as a communication channel.

swissinfo EN 2025 Switzerland NCSC phishing Fraud report 204 statistiques
Artificial IntelligenceAI-Powered Polymorphic Phishing Is Changing the Threat Landscape https://www.securityweek.com/ai-powered-polymorphic-phishing-is-changing-the-threat-landscape/
24/04/2025 15:36:58
QRCode
archive.org

Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates.

securityweek EN 2025 AI polymorphic phishing sophisticated evasive messages
Emerging Phishing Techniques: New Threats and Attack Vectors https://intezer.com/blog/emerging-phishing-techniques-new-threats-and-attack-vectors/
24/04/2025 12:09:17
QRCode
archive.org
thumbnail

Discover advanced phishing techniques bypassing email security—Intezer reveals threats hidden in SVGs, PDFs, OneDrive, and OpenXML files.

intezer.com EN 2025 SVG PDF phishing Techniques OneDrive OpenXML
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows https://www.volexity.com/blog/2025/04/22/phishing-for-codes-russian-threat-actors-target-microsoft-365-oauth-workflows/
23/04/2025 08:14:24
QRCode
archive.org
thumbnail

Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) accounts of targeted individuals. This activity comes on the heels of attacks Volexity reported on back in February 2025, where Russian threat actors were discovered targeting users and organizations through Device Code Authentication phishing...

volexity 2025 EN Russia M365 Microsoft365 phishing NGO OAuth UTA0352 login.microsoftonline.com
Google Spoofed Via DKIM Replay Attack https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
21/04/2025 13:31:54
QRCode
archive.org
thumbnail

Learn how a convincing Google spoof used a DKIM replay attack to bypass email security and trick users with a fake subpoena. A real-world phishing example you need to see.

EasyDMARC EN 2025 attack analysis Google Spoofed DKIM phishing fake subpoena
Phishers abuse Google OAuth to spoof Google in DKIM replay attack https://www.bleepingcomputer.com/news/security/phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/
21/04/2025 13:27:52
QRCode
archive.org
thumbnail

In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google's systems, passing all verifications but pointing to a fraudulent page that collected logins.

bleepingcomputer EN 2025 DKIM Google Phishing Scam weakness spoof OAuth
PhaaS actor uses DoH and DNS MX to dynamically distribute phishing https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/
03/04/2025 09:29:20
QRCode
archive.org
thumbnail

Large-scale phishing attacks use DoH and DNS MX records to dynamically serve fake login pages

infoblox EN 2025 PhaaS DoH DNS MX dynamically distribute phishing fake
Pulling the Threads on the Phish of Troy Hunt https://www.validin.com/blog/pulling_threads_on_phishing_campaign/
31/03/2025 19:36:08
QRCode
archive.org
thumbnail

Connecting a successful phishing attempt to Scattered Spider through Validin pivoting

validin EN 2025 phishing Scattered-Spider troyhunt
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware https://www.microsoft.com/en-us/security/blog/2025/03/13/phishing-campaign-impersonates-booking-com-delivers-a-suite-of-credential-stealing-malware/
23/03/2025 10:56:48
QRCode
archive.org
thumbnail

Starting in December 2024, leading up to some of the busiest travel days, Microsoft Threat Intelligence identified a phishing campaign that impersonates online travel agency Booking.com and targets organizations in the hospitality industry. The campaign uses a social engineering technique called ClickFix to deliver multiple credential-stealing malware in order to conduct financial fraud and theft. […]

microsoft EN 2025 microsoft Phishing campaign credential-stealing malware Booking.com ClickFix
Apple's Passwords app was vulnerable to phishing attacks for nearly three months after launch https://9to5mac.com/2025/03/18/apples-passwords-app-was-vulnerable-to-phishing-attacks-for-nearly-three-months-after-launch/?ref=metacurity.com
19/03/2025 21:02:20
QRCode
archive.org

In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called...

9to5mac EN 2025 iOS apple passwords http app vulnerable phishing Keychain
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
16/03/2025 20:04:30
QRCode
archive.org
thumbnail

A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake
#Computer #GitHub #InfoSec #Issue #OAuth #Phishing #Repository #Security

InfoSec Phishing GitHub Repository Computer OAuth Issue Security
Storm-2372 conducts device code phishing campaign https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/#Update-February-14
16/02/2025 14:34:05
QRCode
archive.org
thumbnail

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372. Our ongoing investigation indicates that this campaign has been active since August 2024 with the actor creating lures that resemble messaging app experiences including WhatsApp, Signal, and Microsoft Teams. Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East. Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.

microsoft EN 2025 Storm-2372 phishing campaign Russia
Hackers spoof Microsoft ADFS login pages to steal credentials https://www.bleepingcomputer.com/news/security/hackers-spoof-microsoft-adfs-login-pages-to-steal-credentials/
05/02/2025 19:57:15
QRCode
archive.org
thumbnail

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections.
#ADFS #Account #Computer #InfoSec #Lateral #MFA #Microsoft #Notification #Phishing #Push #Security #Takeover

Computer MFA Phishing Microsoft InfoSec Account Lateral ADFS Takeover Notification Security Push
X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams https://www.sentinelone.com/labs/phishing-on-x-high-profile-account-targeting-campaign-returns/
01/02/2025 15:24:00
QRCode
archive.org
thumbnail

SentinelLABS has observed an active phishing campaign targeting high-profile X accounts to hijack and exploit them for fraudulent activity.

sentinelone EN 2025 X Phishing Campaign High-Profile Accounts
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads | Malwarebytes https://www.malwarebytes.com/blog/news/2025/01/the-great-google-ads-heist-criminals-ransack-advertiser-accounts-via-fake-google-ads
19/01/2025 10:44:55
QRCode
archive.org
thumbnail

Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials — ironically — via fraudulent Google ads.

The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages. We believe their goal is to resell those accounts on blackhat forums, while also keeping some to themselves to perpetuate these campaigns.

This is the most egregious malvertising operation we have ever tracked, getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.

malwarebytes EN 2025 GoogleAds malvertising phishing
Recruitment Phishing Scam Imitates Hiring Process https://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/
12/01/2025 21:00:16
QRCode
archive.org
thumbnail

A phishing campaign is using CrowdStrike recruitment branding to deliver malware disguised as a fake application. Learn more.

crowdstrike EN 2024 Phishing Scam fake Hiring Process
New details reveal how hackers hijacked 35 Google Chrome extensions https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/
02/01/2025 10:47:03
QRCode
archive.org
thumbnail

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.

bleepingcomputer EN 2024 Chrome-extension Cyberhaven Data-Theft Facebook OAuth Phishing Supply-Chain-Attack
Effective Phishing Campaign Targeting European Companies and Organizations https://unit42.paloaltonetworks.com/european-phishing-campaign/
22/12/2024 20:46:06
QRCode
archive.org
thumbnail

A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.

unit42 EN 2024 Phishing Campaign EU Azure takeover HubSpot analysis
Google Calendar Notifications Bypassing Email Security Policies https://blog.checkpoint.com/securing-user-and-access/google-calendar-notifications-bypassing-email-security-policies/
20/12/2024 09:23:11
QRCode
archive.org
thumbnail

Google Calendar is a tool for organizing schedules and managing time, designed to assist individuals and businesses in planning their days efficiently.

checkpoint EN 2024 Google Calendar Notifications phishing bypass
page 1 / 7
4252 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio