August 7, 2024 at 09:28AM Cybercriminals can manipulate Microsoft Outlook’s anti-phishing measure by using CSS to hide the First Contact Safety Tip, making it appear invisible to users, except in the email preview pane. This tactic also allows cybercriminals to add a seemingly legitimate note to phishing emails, posing a security threat despite some formatting … Read more
August 6, 2024 at 09:42AM Ransomware attacks have evolved from indiscriminate victims to targeted, multi-staged attacks. Attackers infiltrate organizations, eavesdrop on emails, and exfiltrate critical data before encrypting computers and demanding a ransom. This modern method renders traditional recovery systems useless. Ransomware has become organized, with syndicates offering ransomware-as-a-service and state-sponsored attackers joining in. Organizations … Read more
August 6, 2024 at 08:25AM Users are calling for Microsoft to reconsider the display of sender email addresses in Outlook, as phishing criminals exploit the friendly name feature to mask malicious intent. Despite attracting over 100 votes in Microsoft’s forums, the issue persists, posing a significant security risk. There is a plea for Microsoft to … Read more
August 5, 2024 at 10:38AM Criminals are targeting Windows users with SnakeKeylogger, a malicious software that records keystrokes, steals credentials, takes screenshots, and sends sensitive information to fraudsters. This malware, known for its sophistication and crafty exfiltration of data, is typically spread through phishing campaigns. It can be hidden in Office documents or PDFs attached … Read more
August 5, 2024 at 09:18AM Kazakhstan organizations are under attack from a threat group called Bloody Wolf, distributing malware called STRRAT, allowing adversaries to control computers and access restricted data. The attacks use phishing emails impersonating government agencies to trick recipients. The malware sets up persistence on Windows machines, exfiltrating sensitive information and allowing the … Read more
August 2, 2024 at 03:24AM Cybersecurity experts have noted a rise in the misuse of Clouflare’s TryCloudflare free service for distributing malware. Attackers are using it to create temporary tunnels to relay traffic from server to local machine. The campaign, targeting organizations globally, uses phishing emails to deliver various malware, with a focus on financial … Read more
August 1, 2024 at 03:03PM Attackers are using hijacked Facebook pages to lure victims into downloading a seemingly legitimate AI photo editor, but ultimately serving up a widely distributed infostealer, the Lumma stealer, to steal user credentials and sensitive information. The malvertising campaign exploits AI’s popularity and various tactics to deliver malware, with phishing being … Read more
July 31, 2024 at 07:27AM Summary: Phishing attacks are increasing in size and complexity, necessitating efficient security operations. Material Security offers a unique email security and data protection approach to save security teams time. Their platform balances precision and recall, identifies and clusters suspicious messages, and automates user reporting, providing advanced protection and operational efficiency. … Read more
July 26, 2024 at 11:38PM A China-based hacking group, Smishing Triad, has targeted iPhone users in India with text-borne phishing attacks, manipulating India Post’s name. The attacks involved deceptive URLs and fraudulent websites. Similar incidents have targeted the US Postal Service and US citizens. Security experts emphasize the need for mobile web threat protection and … Read more
July 26, 2024 at 02:30AM CrowdStrike has detected an attempt by an unknown threat actor to distribute harmful installers to German customers after the Falcon Sensor update failure. The phishing campaign involves an impersonation website, fraudulent JavaScript, and malicious software disguised as a CrowdStrike Crash Reporter. This situation occurs as CrowdStrike works to recover from … Read more