#phishing

Money-grubbing crooks abuse OAuth – and baffling absence of MFA – to do financial crimes

by

December 14, 2023 at 06:07AM Miscreants are using OAuth to automate financially motivated cyber crimes, such as BEC, phishing, and deploying virtual machines for crypto mining, as highlighted by Microsoft. These criminals leverage compromised accounts to create OAuth applications and manipulate user permissions. Microsoft suggests monitoring Azure audit logs for illicit mining activities and enabling … Read more

Microsoft Takes Legal Action to Crack Down on Storm-1152’s Cybercrime Network

by

December 14, 2023 at 01:12AM Microsoft obtained a court order to seize infrastructure set up by cybercriminal group Storm-1152, which sold approximately 750 million fraudulent Microsoft accounts and tools to other criminal actors, netting millions of dollars. This cybercrime-as-a-service operation facilitated mass phishing, identity theft, DDoS attacks, ransomware, and fraud. The group was attributed to … Read more

BazarCall attacks abuse Google Forms to legitimize phishing emails

by

December 13, 2023 at 03:41PM A recent surge in BazarCall attacks includes the exploitation of Google Forms to fabricate and dispatch fraudulent payment receipts, augmenting the appearance of authenticity. Initially surfaced in 2021, BazarCall employs phishing tactics via sham payment notifications from reputable companies. The updated method entails sending false payment confirmations using Google Forms, … Read more

IT Pros Worry Generative AI Will Be a Major Driver of Cybersecurity Threats

by

November 17, 2023 at 08:40AM A report from Fastly reveals that organizations see generative AI as a significant cybersecurity threat. Data breaches, identity-based threats, and generative AI are viewed as the top cybersecurity threats in the next year. Although generative AI is seen as both positive and negative, concerns exist about new attack opportunities and … Read more

Threat Actors Leverage File-Sharing Service and Reverse Proxies for Credential Harvesting

by

November 9, 2023 at 03:50AM A phishing campaign has been discovered where threat actors send emails with a link to a file-sharing solution called DRACOON.team. When victims click on the link, they are directed to a PDF document containing a secondary link that leads to a fake Microsoft 365 login page. The attackers use reverse … Read more

NodeStealer Malware Hijacking Facebook Business Accounts for Malicious Ads

by

November 3, 2023 at 09:42AM Facebook business accounts have been compromised and used to run fake ads featuring revealing photos of young women as bait to trick victims into downloading malware called NodeStealer. Clicking on the ads downloads a malicious .exe file that steals browser cookies and passwords. The malware is part of a growing … Read more

MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile 

by

November 1, 2023 at 08:49AM MITRE has released version 14 of its ATT&CK knowledge base, which includes improvements in detections, industrial control systems (ICS), and mobile. This version covers 760 software pieces, 143 activity clusters, and 24 campaigns across enterprise, mobile, and ICS. Notable updates include expanded detection notes and analytics, technique alignments to data … Read more

Massive cybercrime URL shortening service uncovered via DNS data

by

October 31, 2023 at 11:29AM Prolific Puma, an actor known by researchers for providing link shortening services, has been assisting cybercriminals for over four years without attracting attention. The actor has registered thousands of domains, particularly on the US top-level domain, to facilitate phishing, scams, and malware distribution. Prolific Puma’s service involves short links that … Read more

Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks

by

October 26, 2023 at 04:48AM The Iranian threat actor Tortoiseshell is responsible for a new series of watering hole attacks. They use a malware called IMAPLoader, which acts as a downloader for additional payloads. The attacks target various sectors, including maritime, shipping, logistics, and nuclear industries. Tortoiseshell has a history of strategic website compromises and … Read more

Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

by

October 25, 2023 at 12:50PM The Winter Vivern cyber spy group has targeted European governments by exploiting an XSS zero-day vulnerability in the Roundcube webmail client. The group, linked to Russia and Belarus, used a convincing phishing email to launch a malicious payload, allowing them to access victims’ Roundcube accounts. Researchers warn that the group’s … Read more