Found 256 bookmarks
Custom sorting
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads | Malwarebytes
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads | Malwarebytes
Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials — ironically — via fraudulent Google ads. The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages. We believe their goal is to resell those accounts on blackhat forums, while also keeping some to themselves to perpetuate these campaigns. This is the most egregious malvertising operation we have ever tracked, getting to the core of Google’s business and likely affecting thousands of their customers worldwide. We have been reporting new incidents around the clock and yet keep identifying new ones, even at the time of publication.
#malwarebytes#EN#2025#GoogleAds#malvertising#phishing
·malwarebytes.com·
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads | Malwarebytes
New details reveal how hackers hijacked 35 Google Chrome extensions
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
#bleepingcomputer#EN#2024#Chrome-extension#Cyberhaven#Data-Theft#Facebook#OAuth#Phishing#Supply-Chain-Attack
·bleepingcomputer.com·
New details reveal how hackers hijacked 35 Google Chrome extensions
Effective Phishing Campaign Targeting European Companies and Organizations
Effective Phishing Campaign Targeting European Companies and Organizations
A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover. A phishing campaign targeting European companies used fake forms made with HubSpot's Free Form Builder, leading to credential harvesting and Azure account takeover.
#unit42#EN#2024#Phishing#Campaign#EU#Azure#takeover#HubSpot#analysis
·unit42.paloaltonetworks.com·
Effective Phishing Campaign Targeting European Companies and Organizations
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
  • Check Point Research is tracking an ongoing, large scale and sophisticated phishing campaign deploying the newest version of the Rhadamanthys stealer (0.7). We dubbed this campaign CopyRh(ight)adamantys. This campaign utilizes a copyright infringement theme to target various regions, including the United States, Europe, East Asia, and South America. The campaign impersonates dozens of companies, while each email is sent to a specific targeted entity from a different Gmail account, adapting the impersonated company and the language per targeted entity. Almost 70% of the impersonated companies are from Entertainment /Media and Technology/Software sectors. Analysis of the lures and targets in this campaign suggests the threat actor uses automation for lures distribution. Due to the scale of the campaign and the variety of the lures and sender emails, there is a possibility that the threat actor also utilized AI tools. One of the main updates in the Rhadamanthys stealer version according to claims by the author, is AI-powered text recognition. However, we discovered that the component introduced by Rhadamanthys does not incorporate any of the modern AI engines, but instead uses much older classic machine learning, typical for OCR software.
#checkpoint#EN#2024#phishing#Rhadamantys#analysis#Property#Intellectual#Infringement#Baits
·research.checkpoint.com·
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Cybercriminals impersonate OpenAI in large-scale phishing attack
Cybercriminals impersonate OpenAI in large-scale phishing attack
Since the launch of ChatGPT, OpenAI has sparked significant interest among both businesses and cybercriminals. While companies are increasingly concerned about whether their existing cybersecurity measures can adequately defend against threats curated with generative AI tools, attackers are finding new ways to exploit them. From crafting convincing phishing campaigns to deploying advanced credential harvesting and malware delivery methods, cybercriminals are using AI to target end users and capitalize on potential vulnerabilities. Barracuda threat researchers recently uncovered a large-scale OpenAI impersonation campaign targeting businesses worldwide. Attackers targeted their victims with a well-known tactic — they impersonated OpenAI with an urgent message requesting updated payment information to process a monthly subscription.
#barracuda#EN#2024#phishing#ChatGPT#OpenAI#large-scale#impersonation
·blog.barracuda.com·
Cybercriminals impersonate OpenAI in large-scale phishing attack
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. #Accounts #Computer #Fake #Honeypot #InfoSec #Microsoft #Phishing #Security
#InfoSec#Accounts#Computer#Phishing#Honeypot#Security#Microsoft#Fake
·bleepingcomputer.com·
Microsoft creates fake Azure tenants to pull phishers into honeypots
File hosting services misused for identity phishing
File hosting services misused for identity phishing
Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.
#microsoft#EN#2024#File#hosting#SharePoint#OneDrive#Dropbox#social-engineering#identity#phishing#research
·microsoft.com·
File hosting services misused for identity phishing
Arrests in international operation targeting cybercriminals in West Africa
Arrests in international operation targeting cybercriminals in West Africa
Eight individuals have been arrested as part of an ongoing international crackdown on cybercrime, dealing a major blow to criminal operations in Côte d’Ivoire and Nigeria. The arrests were made as part of INTERPOL’s Operation Contender 2.0, an initiative aimed at combating cyber-enabled crimes, primarily in West Africa, through enhanced international intelligence sharing. Phishing scam targets Swiss citizens In Côte d’Ivoire authorities dismantled a large-scale phishing scam, thanks to a collaborative effort with Swiss police and INTERPOL.
#interpol#EN#2024#phishing#busted#romance-scam#cybercriminals#Swiss#Operation-Contender-2.0
·interpol.int·
Arrests in international operation targeting cybercriminals in West Africa
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America | Europol
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America | Europol
Investigators reported 483 000 victims worldwide, who had attempted to regain access to their phones and been phished in the process. The victims are mainly Spanish-speaking nationals from European, North American and South American countries.The successful operation took place thanks to international cooperation between law enforcement and judiciary authorities from Spain, Argentina, Chile, Colombia, Ecuador and Peru.The action week took...
#europol#EN#2024#phishing#busted#operacion-kaerb#seized#spain
·europol.europa.eu·
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America | Europol