September 16, 2024 at 01:21AM Cybersecurity researchers have identified ongoing phishing campaigns using HTTP header refresh entries to deliver fake email login pages, targeting large corporations in South Korea, U.S. government agencies, and schools. These attacks encompass various sectors and are part of a growing trend of sophisticated tactics to trick recipients and steal sensitive … Read more
September 9, 2024 at 09:51AM A pro-democracy NGO in Russia, the Free Russia Foundation, suspects Kremlin-linked group COLDRIVER behind a recent hack that leaked files. Citizen Lab’s report highlighted personalized phishing attacks on non-profits in Russia and Belarus, suggesting COLDRIVER’s involvement. The attacks aim to steal sensitive information and may lead to repression of pro-democracy … Read more
September 4, 2024 at 07:19AM The report “Why Account Takeover Attacks Still Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” emphasizes the threat of account takeover attacks in SaaS environments and the role of the browser in neutralizing them. It highlights tactics used in account takeovers and recommends a browser security … Read more
September 3, 2024 at 06:48AM A new Android banking trojan named Rocinante targets mobile users in Brazil, capable of keylogging and stealing personal information from victims. The malware can masquerade as various banking apps and is linked to a threat actor known as DukeEugene. Symantec also highlighted a banking trojan campaign targeting Spanish and Portuguese-speaking … Read more
September 2, 2024 at 03:24AM FBI and CISA issued a joint advisory on new ransomware threats, describing a cybercriminal group and methods. The rapid growth in attacks calls for urgent adjustments in cyber defense strategies. Phishing-resistant MFA is crucial, with next-generation solutions and targeted deployments recommended. Organizations need to upgrade defense strategies to protect against … Read more
August 30, 2024 at 07:30AM Cybersecurity researchers have discovered a new network infrastructure set up by Iranian threat actors to support recent targeting of U.S. political campaigns, displaying a meticulously crafted system using dynamic DNS providers for phishing attacks. This comes amid increased Iranian cyber activity against the U.S., including ramped-up malicious cyber activities. After … Read more
August 29, 2024 at 07:48AM Attackers are increasingly using new phishing toolkits, like adversary-in-the-middle (AitM), which lets them bypass traditional prevention controls. AitM phishing uses dedicated tooling to act as a proxy between the target and a legitimate login portal for an application, enabling attackers to steal live sessions. AitM toolkits employ reverse web proxies … Read more
August 28, 2024 at 09:08AM Microsoft fixed flaws in Copilot that allowed attackers to steal users’ emails and personal data through a series of LLM-specific attacks, including prompt injection. Red teamer Johann Rehberger disclosed the exploit, prompting Microsoft to make changes for customer protection. The exploit used prompt injection, automatic tool invocation, and ASCII smuggling … Read more
August 26, 2024 at 12:54AM Researchers have discovered new Android malware, NGate, aimed at stealing contactless payment data from physical credit and debit cards to conduct fraudulent operations. Targeting banks in Czechia, the attack involves social engineering and SMS phishing to trick users. NGate prompts victims to enter sensitive financial details and instigates an NFC … Read more
August 21, 2024 at 07:33AM The Styx Stealer, a new information stealer, was found to have leaked data related to clients, profit information, nicknames, phone numbers, and email addresses due to an operational security lapse by the operator. It is advertised for $75 a month and linked to a Turkey-based threat actor. Check Point uncovered … Read more