#phishing

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

by

October 30, 2024 at 10:03AM Cybersecurity researchers uncovered a malvertising campaign exploiting Meta’s platform, using hijacked Facebook accounts to spread SYS01stealer malware. The campaign targets users with deceptive ads, stealing login credentials and affecting Facebook business accounts. Additionally, phishing scams on Eventbrite and cryptocurrency job fraud are increasing, leveraging brand recognition for illicit gains. ### … Read more

Russian spies use remote desktop protocol files in unusual mass phishing drive

by

October 30, 2024 at 08:48AM Microsoft reports a two-week mass phishing campaign by Russia’s SVR, targeting over 100 organizations through novel techniques, including remote desktop protocol (RDP) configuration files. The campaign, which began on October 22, impersonates Microsoft and other providers, primarily affecting entities in the UK, Europe, Australia, and Japan. ### Meeting Takeaways 1. … Read more

Russia’s APT29 Mimics AWS to Steal Windows Credentials

by

October 25, 2024 at 04:29PM APT29, a notorious Russian cyber threat group, has targeted military, government, and private sectors through phishing campaigns. They recently aimed to steal Windows credentials by disguising emails as AWS communications. Experts advise blocking RDP files at email gateways and monitoring outgoing connections to thwart future attacks. **Meeting Takeaways: APT29 Phishing … Read more

Amazon seizes domains used in rogue Remote Desktop campaign to steal data

by

October 25, 2024 at 12:44PM Amazon has seized domains utilized by the Russian hacking group APT29, known for sophisticated cyber-espionage targeting government entities. The phishing campaign aimed to steal Windows credentials via deceptive RDP files masquerading as AWS domains. Amazon clarified it and its cloud services were not direct targets of these attacks. **Meeting Takeaways: … Read more

AWS Seizes Domains Used by Russia’s APT29

by

October 25, 2024 at 05:56AM AWS has seized domains utilized by the Russian hacker group APT29, known for phishing attacks against Ukraine and other nations. This action aims to disrupt their malicious activities. The announcement was made in a post on SecurityWeek. **Meeting Takeaways:** 1. **Event Announcement**: AWS has announced the seizure of domains associated … Read more

Bumblebee Malware Is Buzzing Back to Life

by

October 23, 2024 at 09:40AM Bumblebee, a malware downloader previously targeted by Europol’s Operation Endgame, has resurfaced, indicating its resilience. New methods make it harder to detect, posing significant risks to corporate networks by enabling credential harvesting. Despite law enforcement efforts, cybercriminals demonstrate adaptability, necessitating robust cybersecurity measures and user training. ### Meeting Takeaways: 1. … Read more

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

by

October 22, 2024 at 02:15PM A new phishing campaign targets Russian-speaking users, using the Gophish toolkit to distribute DarkCrystal RAT and PowerRAT trojans. Attackers employ malicious documents and HTML links to trigger infections that allow remote access and data exfiltration. The evolving threats emphasize advanced techniques to evade detection and enhance malware effectiveness. ### Meeting … Read more

GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks

by

October 11, 2024 at 02:00PM A new malware campaign targets the finance and insurance sectors using GitHub links in phishing emails to deliver Remcos RAT, exploiting trusted repositories. This technique, involving malware uploads to GitHub issues, allows attackers to bypass security. Recent research reveals expanded phishing tactics targeting accommodation platforms, improving scam effectiveness through automation. … Read more

Mamba 2FA Cybercrime Kit Targets Microsoft 365 Users

by

October 9, 2024 at 04:44PM The Mamba 2FA phishing kit targets Microsoft 365 users with deceptive login pages, sneaking past two-factor authentication. Priced at $250/month in cybercrime forums, it mimics various Microsoft services and collects credentials through Telegram. Active since November 2023, it previously operated on ICQ before moving to Telegram. ### Meeting Takeaways on … Read more

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

by

October 9, 2024 at 01:03AM Microsoft warns of cyber attack campaigns exploiting file hosting services like SharePoint and OneDrive. These attacks aim to compromise identities and conduct business email compromise (BEC) fraud. Phishing tactics include using view-only files requiring OTP authentication, leading to credential theft through adversary-in-the-middle (AitM) phishing pages. ### Meeting Takeaways – Oct … Read more