September 16, 2024 at 01:21AM Cybersecurity researchers have identified ongoing phishing campaigns using HTTP header refresh entries to deliver fake email login pages, targeting large corporations in South Korea, U.S. government agencies, and schools. These attacks encompass various sectors and are part of a growing trend of sophisticated tactics to trick recipients and steal sensitive … Read more
August 7, 2024 at 02:02AM A threat intelligence firm discovered a malicious Android program, BlankBot, targeting Turkish-language speakers. It can capture screen grabs, keystrokes, and create custom overlays to gather sensitive information. The program is under active development and mostly undetected by anti-malware scanners. Its motive for targeting Turkey is unclear, but it appears to … Read more
August 1, 2024 at 05:15AM A malvertising campaign targeting social media pages was discovered, with threat actors utilizing fake AI photo editor websites to execute credential theft. By hijacking and renaming social media pages to mimic legitimate AI photo editors, the threat actors post malicious links to phishing websites. These websites prompt users for their … Read more
March 11, 2024 at 10:51AM A new banking trojan called CHAVECLOAK targets users in Brazil via phishing emails with PDF attachments. The attack involves deceptive DocuSign lures leading to an installer file, which installs CHAVECLOAK malware. This sophisticated malware steals sensitive information, monitors financial portals, and connects to a command-and-control server. Additionally, a mobile banking … Read more
February 13, 2024 at 10:47AM The Bumblebee malware, previously attributed to cybercrime syndicates Conti and Trickbot, has resurfaced in phishing campaigns targeting organizations in the U.S. The recent campaign uses fake voicemail notifications and malicious documents with VBA macros to introduce the Bumblebee DLL into victims’ systems. This marks a departure from previous distribution methods … Read more
November 30, 2023 at 07:18AM Since 2017, North Korean hackers have targeted the crypto sector to bypass sanctions, stealing $3 billion in assets, significantly impacting DeFi platforms. The U.S. imposed sanctions against a mixer used by DPRK’s Lazarus Group for money laundering, which funds their WMD programs. Recorded Future suggests increased industry cybersecurity is necessary. … Read more