#EmailSecurity

New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT

by

March 19, 2024 at 02:15AM A new phishing campaign dubbed Operation PhantomBlu is using a sophisticated technique to deploy NetSupport RAT, targeting U.S. organizations with salary-themed phishing emails and exploiting Microsoft Office document templates. Additionally, threat actors are increasingly abusing public cloud services and data-hosting platforms to generate undetectable phishing URLs, sold on underground platforms. … Read more

Chinese Earth Krahang hackers breach 70 orgs in 23 countries

by

March 18, 2024 at 04:53PM Summary: A sophisticated hacking campaign by the Chinese APT group Earth Krahang has targeted 70 organizations in 45 countries since early 2022, primarily focusing on government entities. The attackers exploit vulnerabilities and use spear-phishing to deploy custom backdoors for cyber espionage, abusing breached government infrastructure to target other governments and … Read more

IMF Emails Hacked

by

March 18, 2024 at 04:51AM The IMF uncovered a cybersecurity incident involving nearly a dozen hacked email accounts. Discovered on February 16, 2024, an investigation revealed 11 compromised accounts, which were promptly secured. The IMF emphasized its serious approach to cybersecurity and the absence of further unauthorized access. The attackers’ motives and potential data obtained … Read more

International Monetary Fund email accounts hacked in cyberattack

by

March 15, 2024 at 03:50PM The IMF disclosed a cyber incident involving the breach of 11 email accounts. They are currently investigating the impact and have not found any evidence of further compromise outside of the breached accounts. The organization uses Microsoft’s Office 365 email system, which has been targeted by various hacking groups. IMF … Read more

Tuta Mail adds new quantum-resistant encryption to protect email

by

March 11, 2024 at 05:28PM Tuta Mail introduced TutaCrypt, a novel post-quantum encryption protocol to safeguard communications from anticipated decryption attacks. This open-source email service, with ten million users, is based in Germany and involved in developing secure cloud storage and file-sharing solutions for the government. TutaCrypt combines quantum-safe algorithms with traditional ones to ensure … Read more

Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

by

March 7, 2024 at 09:34AM Since 2021, US organizations have faced phishing and BEC attacks from threat actor TA4903. Spoofing government and private businesses, the attacks aimed at obtaining corporate credentials for BEC activities. The threat actor registered new domains, spoofing various sectors. TA4903 targeted government departments and SMBs, using diverse phishing tactics and adopting … Read more

Hackers impersonate U.S. government agencies in BEC attacks

by

March 6, 2024 at 03:41PM TA4903, a gang of hackers specializing in business email compromise attacks, has been impersonating U.S. government entities to carry out malicious activities through fake bidding processes. Proofpoint has been tracking their campaign, noting intensified activities since mid-2023 and a shift to impersonating small businesses. They pose a significant threat and … Read more

Warning: Thread Hijacking Attack Targets IT Networks, Stealing NTLM Hashes

by

March 5, 2024 at 05:46AM TA577 threat actor employs ZIP archive attachments in phishing emails to obtain NTLM hashes, facilitating sensitive info gathering and follow-on activities. Delivery of the phishing waves on Feb 26 and 27, 2024, targeted hundreds of global organizations through thread hijacking technique. The actor aims to capture NTLMv2 Challenge/Response pairs for … Read more

Hackers steal Windows NTLM authentication hashes in phishing attacks

by

March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound … Read more

Hijacked subdomains of major brands used in massive spam campaign

by

February 27, 2024 at 09:29AM The “SubdoMailing” ad fraud campaign utilizes over 8,000 legitimate domains and 13,000 subdomains to send up to five million fraudulent emails daily. Notable brands like MSN, VMware, and eBay have been unknowingly involved, aiding in bypassing spam filters. The threat actors profit from ad views and scams, with Guardio Labs … Read more