August 28, 2024 at 03:03AM Cybersecurity researchers have identified a new QR code phishing campaign using Microsoft Sway to host fake pages, exploiting legitimate cloud services. These attacks have targeted users in Asia and North America, particularly in technology, manufacturing, and finance sectors. The phishing tactic involves tricking users into scanning QR codes to steal … Read more
August 27, 2024 at 03:47PM A recent “quishing” campaign targeted Microsoft Office credentials, resulting in a 2,000-fold increase in traffic to malicious Microsoft Sway phishing pages. The campaign mainly targeted victims in Asia and North America across various industries. Researchers warn users to verify URLs and type them directly in the browser to avoid falling … Read more
August 27, 2024 at 10:05AM A massive QR code phishing campaign exploited Microsoft Sway to host landing pages, targeting Microsoft 365 users primarily in Asia and North America. The attacks dramatically surged in July 2024, contrasting minimal activity in the first half of the year. Tactics included using QR codes to direct users to malicious … Read more
August 20, 2024 at 04:21PM A novel phishing campaign in the Czech Republic targets mobile users through Progressive Web Applications to steal banking account credentials from banks such as CSOB, OTP, and TBC. The phishing websites are distributed through voice calls, SMS, and social media. The attack is notable for deceiving users into installing PWAs … Read more
August 9, 2024 at 09:30AM Iran is ramping up online activity to potentially influence the U.S. election, including phishing attacks on a presidential campaign. Microsoft’s report reveals Iran’s evolving tactics, such as creating fake news sites and impersonating activists. The report also indicates Russia and China exploiting U.S. political polarization. As Election Day approaches, foreign … Read more
August 8, 2024 at 06:45AM Cybersecurity researchers found a new phishing campaign using Google Drawings and WhatsApp links to trick users into clicking on malicious links. Attackers disguise the phishing email as an Amazon account verification link, directing users to a fake Amazon login page to steal their information. The campaign exploits loopholes in Microsoft … Read more
July 29, 2024 at 02:48PM Guardio Labs reported that threat actors exploited a misconfiguration in Proofpoint’s email protection service to conduct a large-scale phishing campaign. The vulnerability, named EchoSpoofing, allowed attackers to send millions of phishing emails per day and bypass security measures, spoofing well-known brands. Proofpoint has been working to address the issue and … Read more
July 22, 2024 at 08:55AM FLUXROOT, a financially motivated threat actor, abused Google Cloud serverless projects to conduct phishing attacks, targeting Latin America. This highlights the trend of threat actors exploiting cloud computing for malicious purposes. Google has taken measures to mitigate such activities, emphasizing the challenges in detecting and countering threats facilitated by cloud … Read more
July 10, 2024 at 06:52AM Google is now offering passkeys for high-risk users to enroll in the Advanced Protection Program (APP), providing a more secure and phishing-resistant alternative to passwords. This technology, based on the FIDO Authentication standard, eliminates the need for traditional passwords and is already being used by over 400 million Google accounts. … Read more
July 8, 2024 at 11:48AM A threat actor hacked into Ethereum Foundation’s account on a mailing list platform, using it to send phishing emails to over 35,794 addresses. The emails, appearing to be from a legitimate source, promoted a Lido scam and contained a link to a malicious site. The Foundation took immediate action to … Read more