June 19, 2024 at 01:29PM A phishing-as-a-service operation is targeting financial firms using advanced tactics such as 2FA bypass, QR codes, and typosquatting to compromise Microsoft 365 accounts. The origin of the campaign was traced to a platform called ONNX Store, which operates through Telegram bots. Countermeasures include blocking unverified PDF and HTML attachments, implementing … Read more
June 19, 2024 at 07:00AM A threat actor known as markopolo has been identified as behind a large-scale cross-platform scam targeting digital currency users using social media. The attack involves using a virtual meeting software, Vortax, to deliver malware. The article also highlights cybercriminals’ exploitation of cloud storage services to direct users to phishing landing … Read more
June 17, 2024 at 10:22AM A 22-year-old British national, allegedly linked to the Scattered Spider hacking group, was arrested in Palma de Mallorca, Spain. He is suspected of leading a cybercrime gang and stealing data and cryptocurrencies from U.S. companies. The arrest resulted from a joint investigation by the FBI and Spanish police. His association … Read more
June 14, 2024 at 03:12AM North Korean threat actors have been increasingly targeting Brazil, mainly focusing on government, aerospace, technology, and financial sectors. These attacks involve using job-themed social engineering campaigns and spreading malware through cryptocurrency professionals and fake npm packages. Google and Microsoft have highlighted tactics used by different North Korean groups, shedding light … Read more
June 12, 2024 at 05:15AM Cybersecurity researchers have uncovered an ongoing phishing campaign using job-themed lures to distribute a backdoor named WARMCOOKIE. The backdoor, deployed via email, is capable of capturing information, executing commands, and downloading additional malicious programs. Additionally, another phishing campaign was detailed, utilizing invoice-related decoys to deploy malware through the Windows search … Read more
June 4, 2024 at 03:00AM The DarkGate malware-as-a-service (MaaS) operation has shifted to using an AutoHotkey mechanism for delivering its final stages, underscoring ongoing efforts to evade detection. Developed by RastaFarEye, it includes remote access trojan (RAT) capabilities and various malicious modules. Cyber criminals have been found abusing Docusign for phishing and business email compromise … Read more
June 3, 2024 at 06:33PM Microsoft India’s Twitter account, with over 211,000 followers, was hijacked by cryptocurrency scammers impersonating Roaring Kitty. The account, verified by Twitter, gave more legitimacy to the scam posts. Scammers aimed to lure victims to a malicious website and steal cryptocurrency assets. Verified organizations have been increasingly targeted by threat actors … Read more
May 30, 2024 at 01:27PM Cloudflare disrupted a phishing campaign by Russia-aligned threat actor FlyingYeti targeting Ukraine. The campaign used debt-themed lures to distribute the PowerShell malware COOKBOX. Cloudforce One identified the campaign in mid-April 2024, involving Cloudflare Workers and GitHub, and exploiting a WinRAR vulnerability. Another financially motivated group, UAC-0006, was also identified by … Read more
May 30, 2024 at 03:09AM Okta warns of credential stuffing susceptibility in Customer Identity Cloud, mentioning proactive communication with impacted customers. Users are advised to review tenant logs for unusual login events, rotate credentials, and restrict cross-origin authentication. Other mitigations include breached password detection, strong password enforcement, and passwordless, phishing-resistant authentication. The warning follows an … Read more
May 29, 2024 at 11:09AM A new campaign targets Brazilian banks with a Windows-based AllaSenha RAT, using Azure cloud as C2 infrastructure. The attack begins with a malicious LNK file disguised as a PDF, hosted since March 2024. The BPyCode launcher fetches and executes malicious files to steal banking credentials. Additionally, Anatsa Android Banking Trojan … Read more