November 29, 2024 at 02:09PM A new phishing-as-a-service platform called ‘Rockstar 2FA’ has been launched, enabling large-scale adversary-in-the-middle (AiTM) attacks to compromise Microsoft 365 credentials. This service makes it easier for criminals to conduct phishing attacks on a broader scale. ### Meeting Takeaways: 1. **Introduction of ‘Rockstar 2FA’**: A new phishing-as-a-service (PhaaS) platform has been … Read more
November 29, 2024 at 05:33AM Researchers warn of a phishing-as-a-service (PhaaS) toolkit, Rockstar 2FA, targeting Microsoft 365 credentials through email campaigns. Utilizing adversary-in-the-middle (AitM) attacks, it bypasses multi-factor authentication (MFA). Promoted features assist cybercriminals in executing campaigns with minimal expertise, leading to significant potential financial losses for victims. ### Meeting Takeaways – Cybercrime / Cloud … Read more
November 25, 2024 at 05:09PM Recent analysis shows that Russian-language ransomware groups are coordinating closely, sharing tactics and malware. BlackBasta has emerged as a key player, adapting to law enforcement crackdowns. Cybersecurity experts warn of potential cooperation between BlackBasta and the Russian state, emphasizing the need for enhanced defenses against evolving social engineering attacks. ### … Read more
November 23, 2024 at 07:24AM Storm-2077, a new Chinese state-sponsored cyber threat actor, targets U.S. government and NGOs, along with global industries. They utilize phishing and exploits to access sensitive data. Concurrently, Google’s TAG exposed GLASSBRIDGE, a pro-China influence operation using fake news sites to promote state narratives, undermining legitimate news sources. ### Meeting Takeaways … Read more
November 22, 2024 at 04:48AM Meta, Microsoft, and the U.S. Department of Justice are taking action against cybercrime. Microsoft seized 240 fraudulent websites linked to a phishing kit seller. The DoJ shut down PopeyeTools, a marketplace for stolen data, while Meta removed over two million scam accounts. Collaborations aim to combat online fraud globally. ### … Read more
November 21, 2024 at 07:28AM Five individuals linked to the Scattered Spider cybercrime group have been charged with phishing and stealing millions of dollars in cryptocurrency, according to a report by SecurityWeek. **Meeting Takeaways:** 1. **Charges Filed**: The U.S. has charged five individuals alleged to be members of the Scattered Spider cybercrime group. 2. **Crimes … Read more
November 21, 2024 at 05:00AM Five alleged members of the Scattered Spider cybercrime group have been indicted for targeting U.S. companies through social engineering, stealing credentials to access crypto accounts and personal data worth millions. They face multiple charges, including wire fraud and identity theft, with potential sentences of up to 27 years. ### Meeting … Read more
November 21, 2024 at 01:48AM Threat hunters report an updated Python NodeStealer targeting Facebook Ads Manager and web browser credit card data. Developed by Vietnamese actors, it uses advanced techniques for data exfiltration, including avoiding detection in Vietnam. Recent phishing campaigns deploy I2Parcae RAT via ClickFix techniques, endangering users’ security and financial stability. ### Meeting … Read more
November 20, 2024 at 08:37PM The US Department of Justice has indicted five individuals linked to the cyber gang Scattered Spider, accused of stealing millions in cryptocurrency through SMS phishing and social engineering. The group also targeted MGM Resorts and Caesars Entertainment. Arrests were made in the US and Spain, with serious charges facing the … Read more
November 19, 2024 at 03:15PM Ford is investigating a potential data breach involving 44,000 customer records allegedly leaked by a hacker on a forum. The records, which include identifiable information, could facilitate phishing attacks. The company is currently assessing the situation, acknowledging the seriousness of the claims, and advising caution regarding unsolicited communications. ### Meeting … Read more