Cybercriminals Exploit Docusign With Customizable Phishing Templates
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing…
Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams
Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.
Students turning to cyberfraud as huge phishing
LabHost enabled users to set up websites designed to trick victims into revealing personal information – with 70,000 allegedly duped in the UK
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Verified Twitter accounts phished via hate speech warnings
We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.
BRATA is evolving into an Advanced Persistent Threat
Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.
Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
Ongoing phishing attacks on Trezor users
Trezor users have reported being targeted by a malicious phishing attack on April 3.
Behold, a password phishing site that can trick even savvy users
Just when you thought you'd seen every phishing trick out there, BitB comes along.
Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
Ukraine links phishing targeting military to Belarusian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days.
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since September.
Verified Twitter accounts phished via hate speech warnings
We take a look at reports that verified Twitter accounts are being targeted by scammers with claims of hate speech.
BRATA is evolving into an Advanced Persistent Threat
Here we go with another episode about our (not so) old friend, BRATA. In almost one year, threat actors (TAs) have further improved the capabilities of this malware. In our previous blog post [1] we defined three main BRATA variants, which appeared during two different waves detected by our telemetries at the very end of 2021. However, during the last months we have observed a change in the attack pattern commonly used.
Hackers breach MailChimp's internal tools to target crypto customers
Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks.
Ongoing phishing attacks on Trezor users
Trezor users have reported being targeted by a malicious phishing attack on April 3.
Behold, a password phishing site that can trick even savvy users
Just when you thought you'd seen every phishing trick out there, BitB comes along.
Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
Ukraine links phishing targeting military to Belarusian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel.
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
An exploit in the Google Docs comment feature allows hackers to easily spread malware and phishing.
Les attaques informatiques contre les ENT continuent dans le Nord ...
La semaine dernière, des menaces d'attentats ont été envoyés aux élèves, aux personnels et aux familles suite au piratage de l'environnement numérique de travail de la région Ile de France. Cette fois, c'est l'académie de Lille qui est touchée, et ce dans un contexte sécuritaire inquiétant.
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
Tycoon 2FA has become one of the most widespread adversary-in-The-Middle (AiTM) phishing kits over the last few months.
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Read the new Microsoft Threat Intelligence tax season report to learn about the techniques that threat actors use to mislead taxpayers.
New Attack Techniques Bypassing ML Security
Threat actors are exercising new attack techniques to bypass machine learning security controls.
APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme
The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. "The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production," IBM X-Force said in a report published last week.
Google Chrome gets real-time phishing protection later this month
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.
Threat actors leverage document publishing sites for ongoing credential and session token theft
Talos IR has responded to several recent incidents in which threat actors used legitimate digital document publishing sites such as Publuu and Marq to host phishing documents as part of ongoing credential and session harvesting attacks.