Search cyberveille.decio.ch

Found 264 bookmarks

Custom sorting

New phishing-as-a-service tool “Greatness” already seen in the wild

A previously unreported phishing-as-a-service (PaaS) offering named “Greatness” has been used in several phishing campaigns since at least mid-2022. Greatness incorporates features seen in some of the most advanced PaaS offerings, such as multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots. * Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages. It contains features such as having the victim’s email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization’s real Microsoft 365 login page. This makes Greatness particularly well-suited for phishing business users. * An analysis of the domains targeted in several ongoing and past campaigns revealed the victims were almost exclusively companies in the U.S., U.K., Australia, South Africa, and Canada, and the most commonly targeted sectors were manufacturing, health care and technology. The exact distribution of victims in each country and sector varies slightly between campaigns. * To use Greatness, affiliates must deploy and configure a provided phishing kit with an API key that allows even unskilled threat actors to easily take advantage of the service’s more advanced features. The phishing kit and API work as a proxy to the Microsoft 365 authentication system, performing a “man-in-the-middle” attack and stealing the victim’s authentication credentials or cookies.

#talosintelligence #EN #2023 #Greatness #Phishing #phishing-kits #analysis

·blog.talosintelligence.com·May 11, 2023

New phishing-as-a-service tool “Greatness” already seen in the wild

Can Better Training Reduce the Success Rate of Phishing Attacks?

A review of Arun Vishwanath, “The Weakest Link: How to Diagnose, Detect, and Defend Users From Phishing Attacks” (MIT Press, 2022) Many elements of the cyber threat landscape have changed significantly over the past two decades. For one, the number of attackers has grown dramatically, aided by the increasing availability of hacking tools and services as commodities for purchase in online marketplaces. The value of the losses cyber criminals have been able to inflict on their victims has also grown, though the dollar estimates vary widely in absolute terms. In recent years, the popularity of ransomware has increased substantially, prompting the Biden administration to initiate an ongoing diplomatic effort to foster cross-border efforts to curb this dangerous form of cyber-enabled extortion.

#lawfareblog #EN #2023 #Phishing #Training

·lawfareblog.com·May 6, 2023

Can Better Training Reduce the Success Rate of Phishing Attacks?

Investigating ChatGPT phishing detection capabilities

Kaspersky research on ChatGPT capabilities to tell a phishing link from a legitimate one by analyzing the URL, as well as extract target organization name.

#securelist #2023 #EN #Machine-learning #Phishing #Phishing-websites #phishing #detection #capabilities

·securelist.com·May 1, 2023

Investigating ChatGPT phishing detection capabilities

Alerte sur des tentatives de piratage de comptes bancaires en Suisse

Le Centre national pour la cybersécurité lance un avertissement: les cybercriminels ont accès à des comptes bancaires, malgré des mesures de protection élevées, en incitant les victimes à leur fournir des informations. Raiffeisen est notamment concernée

#letemps #CH #2023 #phishing #tempsréel

·letemps.ch·Mar 9, 2023

Alerte sur des tentatives de piratage de comptes bancaires en Suisse

A Noteworthy Threat: How Cybercriminals are Abusing OneNote

Threat actors are taking advantage of Microsoft OneNote's ability to embed files and use social engineering techniques, such as phishing emails and lures inside the OneNote document, to get unsuspecting users to download and open malicious files.

#trustwave #EN #2023 #Microsoft #OneNote #phishing #malicious #analysis

·trustwave.com·Mar 8, 2023

A Noteworthy Threat: How Cybercriminals are Abusing OneNote

The Growing Threat of ChatGPT-Based Phishing Attacks

Cyble analyzes how Threat Actors are using the recent buzz around ChatGPT to launch Phishing attacks using various methods.

#Cyble #2023 #EN #ChatGPT #ChatGPT-Based #Phishing #Attacks

·blog.cyble.com·Feb 23, 2023

The Growing Threat of ChatGPT-Based Phishing Attacks

HTML Smuggling: The Hidden Threat in Your Inbox

Last October, Trustwave SpiderLabs blogged about the use and prevalence of HTML email attachments to deliver malware and phishing for credentials.

#trustwave #EN #2023 #HTML #Threat #SpiderLabs #email #phishing #malware

·trustwave.com·Feb 9, 2023

HTML Smuggling: The Hidden Threat in Your Inbox

Bitwarden password vaults targeted in Google ads phishing attack

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials.

#bleepingcomputer #EN #2023 #1Password #Bitwarden #GoogleAds #googleads #MFA #Multi-Factor-Authentication #Password-Manager #Passwords #Phishing

·bleepingcomputer.com·Feb 8, 2023

Bitwarden password vaults targeted in Google ads phishing attack

Cost of data breaches to surpass US$5mn per incident in 2023

Acronis’ end-of-year cyberthreats report found that the proportion of phishing attacks has risen by 1.3x, accounting for 76% of all cyber attacks

#technologymagazine #2022 #EN #Acronis #end-of-year #report #phishing

·technologymagazine.com·Dec 28, 2022

Cost of data breaches to surpass US$5mn per incident in 2023

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Cluster25 researchers analyzed several campaigns (also publicly reported by CERT-AGID) that used phishing emails to spread an InfoStealer malware written in .NET through an infection chain that involves Windows Shortcut (LNK) files and Batch Scripts (BAT). Taking into account the used TTPs and extracted evidence, the attacks seem perpetrated by the same adversary (internally named AUI001).

#cluster25 #EN #2022 #infostealer #Italy #phishing #Campaigns #analysis #Alibaba2044 #IoCs

·blog.cluster25.duskrise.com·Dec 23, 2022

An infostealer comes to town: Dissecting a highly evasive malware targeting Italy

Meddler-in-the-Middle Phishing Attacks Explained MitM

Meddler-in-the-Middle (MitM) phishing attacks show how threat actors find ways to get around traditional defenses and advice.

#unit42 #EN #2022 #MitM #phishing #Meddler-in-the-Middle #explanation #analysis

·unit42.paloaltonetworks.com·Dec 22, 2022

Meddler-in-the-Middle Phishing Attacks Explained MitM

Using OpenAI Chat to Generate Phishing Campaigns

OpenAI chat has exploded in popularity over the last couple of weeks. People are using it to do all sorts of interesting things. If you are unfamiliar with OpenAI Chat and GPT-3, you can find a primer here. The gist is that it’s an artificial intelligence model that you can chat with as if it were a person. It can do all kinds of things like answer questions, write code, find bugs in code, and more. It also remembers context, so you can refer to something you already mentioned at it is able to follow along. I thought maybe this could be a useful tool for building email phishing campaigns for my pentesting work, so I thought I’d try it out and see what I could get it to do.

#richardosgood #ChatGPT #Phishing #Campaigns

·richardosgood.com·Dec 16, 2022

Using OpenAI Chat to Generate Phishing Campaigns

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

The InterPlanetary File System (IPFS) is an emerging Web3 technology that is currently seeing widespread abuse by threat actors. * Cisco Talos has observed multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks. * IPFS is often used for legitimate

#talosintelligence #EN #2022 #IPFS #Phishing #Malware #Campaigns

·blog.talosintelligence.com·Nov 12, 2022

Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns

How we handled a recent phishing incident that targeted Dropbox

We were recently the target of a phishing campaign that successfully accessed some of the code we store in GitHub. No one’s content, passwords, or payment information was accessed, and the issue was quickly resolved. Our core apps and infrastructure were also unaffected, as access to this code is even more limited and strictly controlled. We believe the risk to customers is minimal. Because we take our commitment to security, privacy, and transparency seriously, we have notified those affected and are sharing more here.

#dropbox #EN #2022 #incident #phishing #GitHub

·dropbox.tech·Nov 2, 2022

How we handled a recent phishing incident that targeted Dropbox

Cyble Phishing ERMAC Android Malware Increasingly Active

CRIL Investigates the resurgence of ERMAC Android Malware as an increasing number of users are falling prey to their phishing attacks.

#cyble #EN #2022 #ERMAC #Android #Malware #phishing #Analysis

·blog.cyble.com·Oct 18, 2022

Cyble Phishing ERMAC Android Malware Increasingly Active

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

The Void Balaur cyber mercenary group has thrived throughout 2022, attacking targets on a global scale with new phishing campaigns.

#sentinelone #EN #2022 #mercenary #Void-Balaur #phishing #hack-for-hire

·sentinelone.com·Sep 23, 2022

Void Balaur | The Sprawling Infrastructure of a Careless Mercenary

Revolut hack exposes data of 50,000 users, fuels new phishing wave

Revolut is sending out notices of a data breach to a small percentage of impacted users, informing them of a security incident where an unauthorized third party accessed internal data.

#bleepingcomputer #EN #2022 #Data-Breach #Phishing #Revolut #Smishing

·bleepingcomputer.com·Sep 19, 2022

Revolut hack exposes data of 50,000 users, fuels new phishing wave

Charming Kitten: “Can We Have A Meeting?”

Our recent investigation at Certfa Lab, the APT42 has been running multiple phishing campaigns since late 2021 and some of them are ongoing and still active.

#certfa #EN #2022 #Charming-Kitten #APT #Iran #Phishing #Espionage-Operations #Sophisticated-Attacks #investigation

·blog.certfa.com·Sep 14, 2022

Charming Kitten: “Can We Have A Meeting?”

Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing

Analysts at the Cofense Phishing Defense Center (PDC) have recently analyzed an email asking users to download a “Proof of Payment” as well as other documents. While it is important to never click on the link(s) or download the attachment(s) of any suspicious email, if the recipient interacts with the link, it downloaded the malware Lampion.

#cofense #EN #2022 #Phishing #Lampion #malware #IoCs

·cofense.com·Sep 12, 2022

Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing

Corte dei conti e l'hacker che ha violato account WhatsApp

La violazione dell'account WhatsApp di un magistrato della Corte dei Conti ha un effetto domino: hacker hanno accesso a diverse informazioni

#giornalettismo #IT #2022 #Corte-dei-conti #WhatsApp #Phishing

·giornalettismo.com·Sep 10, 2022

Corte dei conti e l'hacker che ha violato account WhatsApp

Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers

Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.

#vadesecure #FR #2022 #phishing #Instagram #certification #scam

·vadesecure.com·Sep 10, 2022

Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers

Detecting Scatter Swine: Insights into a relentless phishing campaign

Twilio recently identified unauthorized access to information related to 163 Twilio customers, including Okta.

#okta #2022 #EN #unauthorized #access #Twilio #phishing

·sec.okta.com·Aug 29, 2022

Detecting Scatter Swine: Insights into a relentless phishing campaign

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Over 130 organizations have been compromised in a sophisticated attack using simple phishing kits

#group-ib #EN #2022 #phishing #Okta #0ktapus #identity #campaign

·blog.group-ib.com·Aug 25, 2022

Roasting 0ktapus: The phishing campaign going after Okta identity credentials

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Platform-abuse phishing is on the rise. We analyze how attackers use services such as website builders to host phishing pages.

#unit42 #paloaltonetworks #EN #2022 #phishing #attack #SaaS #abuse #website-builders

·unit42.paloaltonetworks.com·Aug 24, 2022

Legitimate SaaS Platforms Being Used to Host Phishing Attacks

Bypass phishing detections with Google Translate

A new wave of phishing is currently circulating (a related story from derstandard.at newspaper can be found here). Documents are said to have been sent to you from a scanner, which you can allegedly download, as can be seen in the following image

#certitude #EN #2022 #phishing #Google #translate #bypass #detection #Technique

·certitude.consulting·Aug 19, 2022

Bypass phishing detections with Google Translate

Disrupting SEABORGIUM’s ongoing phishing operations

The Microsoft Threat Intelligence Center (MSTIC) has observed and taken actions to disrupt campaigns launched by SEABORGIUM in campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft.

#microsoft #MSTIC #EN #2022 #SEABORGIUM #phishing #Russia

·microsoft.com·Aug 18, 2022

Disrupting SEABORGIUM’s ongoing phishing operations

DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch

Cloud giant DigitalOcean says that some customers’ email addresses were exposed because of a recent “security incident” at email marketing company Mailchimp. In a scant blog post dated August 12, just two days after the company’s co-founder and long-time CEO Ben Chestnut stepped down, Mailchimp said a recent but undated attack saw threat actors targeting […]

#techcrunch #EN #2022 #digitalocean #mailchimp #password #phishing #sms #twilio

·techcrunch.com·Aug 17, 2022

DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch

Cisco confirms May attack by Yanluowang ransomware group

Cisco confirmed on Wednesday that it was attack by the Yanluowang ransomware group in May, but said the hackers were not able to steal sensitive data or impact the company’s operations. In a statement to The Record, Cisco said the incident occured on their corporate network in late May and that they “immediately took action to contain and eradicate the bad actors.”

#therecord #EN #2022 #Yanluowang #Cisco #talos #phishing #voicemail

·therecord.media·Aug 14, 2022

Cisco confirms May attack by Yanluowang ransomware group

Phishers who breached Twilio and targeted Cloudflare could easily get you, too

Unusually resourced threat actor has targeted multiple companies in recent days.

#arstechnica #EN #2022 #Twilio #cloudflare #phishing #threat

·arstechnica.com·Aug 14, 2022

Phishers who breached Twilio and targeted Cloudflare could easily get you, too

The mechanics of a sophisticated phishing scam and how we stopped it

Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.

#cloudflare #EN #2022 #phishing #scam #Twilio #okra

·blog.cloudflare.com·Aug 14, 2022

The mechanics of a sophisticated phishing scam and how we stopped it