DocuSign’s Envelopes API abused to send realistic fake invoices

November 4, 2024 at 03:26PM Threat actors are exploiting DocuSign’s Envelopes API to send fake invoices impersonating brands like Norton and PayPal. By using a legitimate DocuSign domain, they bypass email security measures, misleading targets into e-signing documents that authorize fraudulent payments. This abuse has been reported extensively by concerned users. ### Meeting Takeaways 1. … Read more

31.5M invoices, contracts, patient consent forms, and more exposed to the internet

August 26, 2024 at 09:07AM Nearly 2.7 TB of sensitive data, including invoices, contracts, HIPPA patient consent forms, belonging to various businesses, has been exposed due to a non-password protected database. The exposed files, traced by security researcher Jeremiah Fowler, belonged to ServiceBridge and contained personal information from numerous clients. The database has since been … Read more

Cybercriminals Spoof US Government Organizations in BEC, Phishing Attacks

March 7, 2024 at 09:34AM Since 2021, US organizations have faced phishing and BEC attacks from threat actor TA4903. Spoofing government and private businesses, the attacks aimed at obtaining corporate credentials for BEC activities. The threat actor registered new domains, spoofing various sectors. TA4903 targeted government departments and SMBs, using diverse phishing tactics and adopting … Read more