December 21, 2023 at 07:51AM A new JavaScript malware targets over 40 financial institutions worldwide, compromising users’ banking credentials via web injections. The campaign, detected by IBM Security Trusteer, uses dynamic tactics to bypass security measures and dissuade victims from logging in. Additionally, other online fraud schemes, including investment scams and phishing attacks impersonating postal … Read more
December 21, 2023 at 04:15AM Cryptocurrency scammers are exploiting a Twitter “feature” to create deceptive URLs that appear to belong to legitimate accounts, redirecting users to unrelated posts promoting crypto scams, fake giveaways, and fraudulent channels. This technique targets high-profile accounts and could potentially lead to theft of crypto assets and NFTs. Users are advised … Read more
December 20, 2023 at 04:59PM Israel National Cyber Directorate warns of phishing emails posing as F5 BIG-IP zero-day security updates, deploying data wipers for Windows and Linux. Israeli organizations targeted by pro-Palestinian and Iranian hacktivists since October. New phishing attack delivers data wipers through fake F5 update emails. Wipers communicate with a Telegram channel, posing … Read more
December 20, 2023 at 02:35PM A new phishing campaign targeting Instagram users involves fake ‘copyright infringement’ emails enticing recipients to input account details and backup codes on phishing pages. The elaborate scheme masquerades as Meta’s portal and requests sensitive information. Despite signs of fraud, the convincing approach poses a serious threat to unsuspecting victims. Users … Read more
December 18, 2023 at 03:20PM Attackers have developed a novel method called “SMTP smuggling” to exploit vulnerabilities in email servers, allowing them to send spoofed emails from legitimate domains and bypass email security checks. This technique affects servers from Microsoft, GMX, and Cisco, potentially putting organizations at risk for targeted phishing attacks. Microsoft and GMX … Read more
December 17, 2023 at 04:48PM Database company MongoDB reported a hack of its corporate systems, disclosing that customer account metadata and contact information were part of the stolen data. The company detected suspicious activity on December 13th and confirmed later that hackers had access to its systems before discovery. MongoDB recommended customer vigilance against potential … Read more
December 17, 2023 at 12:24AM On Dec 13, 2023, MongoDB detected unauthorized access to its systems, leading to exposure of customer data. The company recommends customers to watch out for social engineering and phishing attacks, enforce MFA, and rotate their MongoDB Atlas passwords. Additionally, MongoDB is experiencing login issues, unrelated to the security event. Further … Read more
December 16, 2023 at 12:36AM Microsoft is alerting about an increase in malicious activities by an emerging threat group, Storm-0539, targeting retail entities through advanced email and SMS phishing attacks. The attacks aim to steal credentials and session tokens to conduct gift card fraud and theft during the holiday shopping season. The group is financially … Read more
December 13, 2023 at 10:42AM Cybersecurity firm Abnormal Security reported that threat actors behind the BazaCall phishing attacks are now using Google Forms to enhance the credibility of their scheme, demonstrating a new attack variant. This method aims to bypass secure email gateways by leveraging trusted domains and dynamically generated URLs. Additionally, recruiters are being … Read more
December 13, 2023 at 06:24AM Microsoft warns of adversaries using OAuth applications to automate virtual machine deployment for cryptocurrency mining and phishing attacks. Threat actors compromise user accounts to modify OAuth applications and maintain access to applications even if they lose access to accounts. Organizations are advised to enforce multi-factor authentication, conditional access policies, and … Read more