June 10, 2024 at 06:25PM Threat actors are impersonating GitHub’s teams in phishing attacks, aiming to hijack repositories using malicious OAuth apps. These attackers have been targeting developers with fake job offers or security alerts via phishing emails and redirecting them to fake GitHub landing pages, leading to compromised accounts and wiped repositories. GitHub advises … Read more
June 7, 2024 at 12:14PM A threat actor known as “Sticky Werewolf” is targeting organizations in Russia’s aviation industry, with a focus on espionage related to the Russia-Ukraine conflict. The group has evolved its infection methods to include complex phishing emails and multi-stage malware, aiming to gain access to sensitive information and facilitate data exfiltration. … Read more
May 30, 2024 at 11:06AM Cooler Master, a well-known computer hardware manufacturer, experienced a data breach on May 19, allowing a threat actor to access and steal customer data, including personal information of over 500,000 customers. The breach involved the company’s Fanzone website, prompting the company to engage security experts and notify affected customers while … Read more
May 27, 2024 at 09:06AM Microsoft has highlighted a cybercrime group, Storm-0539, responsible for sophisticated email and SMS phishing attacks, primarily aimed at stealing and selling gift cards. The group targets large retailers and utilizes tactics to evade detection, such as using cloud infrastructure and legitimate platforms. Microsoft advises companies to implement additional security measures … Read more
May 27, 2024 at 08:06AM The article discusses the increasing risk of phishing attacks due to cloud transition, poor password hygiene, and advancements in webpage technologies. LayerX’s report highlights the rising magnitude of phishing attacks and suggests methods for organizations to protect against them, focusing on browser security platforms and deep session inspection as effective … Read more
May 23, 2024 at 03:33PM Microsoft has released a “Cyber Signals” report revealing information about the hacking group Storm-0539 and an increase in gift card theft leading up to the Memorial Day holiday in the United States. The report highlights the group’s advanced techniques and a rise in their activity before major holidays. Microsoft also … Read more
May 23, 2024 at 03:08PM Google’s Matt Linton argues against federally mandated phishing tests, comparing them to early fire drills. He points out the increasing phishing attacks despite anti-phishing controls, arguing for a different approach. Current tests are criticized for lack of evidence in reducing successful phishing campaigns, eroding trust, and burdening incident responders. Linton … Read more
May 19, 2024 at 04:18AM The Grandoreiro banking trojan, previously targeted at Latin America, has reemerged in a global campaign, expanding its reach to over 1,500 banks across 60+ countries. The large-scale phishing attacks utilize a sophisticated malware, employing tactics to avoid detection and compromising victims’ systems, including the abuse of Microsoft Outlook to spread … Read more
May 17, 2024 at 05:35PM Summary: – Black Basta ransomware operation breached over 500 organizations worldwide from April 2022 to May 2024, causing disruption at Ascension Healthcare. – Inc Ransomware attempted to sell its source code for $300,000, while Phorpiex botnet conducted LockBit Black ransomware campaigns. – MediSecure in Australia suffered a large-scale ransomware data … Read more
May 15, 2024 at 04:44PM Phishing attacks mimicking legitimate DocuSign requests are on the rise due to the availability of fake templates and login credentials in the underground market. Attackers leverage the familiarity of DocuSign emails to trick users into revealing sensitive information. Companies are at risk of data theft and extortion, and employees should … Read more