December 11, 2023 at 04:30PM Cyber attackers used hundreds of convincing fake profiles on LinkedIn to target professionals in Saudi Arabia for financial fraud and obtaining sensitive corporate information. Researchers uncovered nearly a thousand fake profiles, which, due to the platform’s extensive data, were difficult to distinguish from real accounts. LinkedIn’s popularity among cyber attackers … Read more
December 1, 2023 at 06:24AM A Chinese-speaking cyberespionage group has launched a campaign using SugarGh0st RAT to target Uzbekistan’s Foreign Affairs Ministry and South Korean individuals. The malware, delivered via phishing emails with malicious attachments, allows remote control and has been active since August 2023. Connections to Chinese hackers are suggested by RAT’s traits and … Read more
November 28, 2023 at 06:24AM Account credentials are highly valuable in cybercrime, with stolen credentials posing a significant risk to organizations. External parties are responsible for 83% of breaches, with 49% involving stolen credentials. Phishing is a common method of credential theft, with threat actors using multi-channel attacks and targeting mobile devices. Phishing-as-a-service (PhaaS) has … Read more
November 27, 2023 at 06:23PM The Google Cloud Cybersecurity Forecast 2024 highlights several key cybersecurity trends. AI technology will be used to create convincing fake audio, video, and images for phishing and disinformation campaigns. Ransomware attacks are increasing, so organizations should have offline backups, incident response plans, and employee training. Cloud environments are vulnerable, so … Read more
November 22, 2023 at 02:45PM A proof of concept exploit has been developed for a critical zero-day vulnerability in Windows SmartScreen technology that allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit requires a user to click on a maliciously crafted Internet shortcut or link. The vulnerability affects Windows 10, Windows … Read more
November 21, 2023 at 04:32PM A proof-of-concept exploit (PoC) has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit involves tricking users into clicking on a malicious internet shortcut or link. The vulnerability affects various Windows … Read more
November 21, 2023 at 06:24AM QR code-based phishing techniques, known as “quishing,” are becoming popular among cybercriminals. By embedding malicious links in QR codes, attackers can bypass spam filters and evade detection. CAPTCHAs are also being exploited in phishing attacks to mask credential-harvesting forms on fake websites. Additionally, steganography is being used to hide malicious … Read more
November 17, 2023 at 11:11AM Threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. The vulnerability, known as CVE-2023-37580, allowed the hackers to perform email forwarding, steal credentials, and lead victims to phishing pages. The attacks took place before Zimbra released an official … Read more
November 14, 2023 at 10:56AM The Royal ransomware gang is potentially preparing for a rebrand or spinoff, as their ransom demands have already exceeded $275 million. The group has targeted over 350 victims worldwide, demanding between $1 million and $12 million in ransom. They primarily gain access through phishing emails and employ partial encryption and … Read more
November 13, 2023 at 01:32AM The UK’s Royal Mail has been found to have an open redirect flaw on one of its websites, which potentially exposes customers to malware infections and phishing attacks. The vulnerability allows attackers to use the legitimate website to redirect users to malicious sites. The Royal Mail has been notified of … Read more