November 11, 2024 at 04:31PM A data breach has exposed personal information of over 56 million customers from Hot Topic, Box Lunch, and Torrid. The stolen data includes names, emails, addresses, and credit card details. The breach, allegedly linked to a threat actor named “Satanic,” occurred around October 19, 2024. Customers are advised to stay … Read more
November 11, 2024 at 01:02PM Threat actors exploit zip file concatenation in phishing attacks, using it to hide Trojan malware like SmokeLoader undetected. Different zip readers handle concatenated files variably, impacting detection effectiveness. Users are advised to be cautious with unsolicited attachments, while enterprises should employ advanced security tools to uncover hidden threats within zip … Read more
November 10, 2024 at 06:43PM Hackers are exploiting ZIP file concatenation to deliver malware undetected on Windows machines. This method involves merging multiple ZIP archives, camouflaging a trojan within a phishing email. Perception Point recommends security solutions capable of recursive unpacking and cautions against trusting emails with ZIP attachments to enhance protection. ### Meeting Takeaways … Read more
November 7, 2024 at 05:26PM Organizations should be wary of phishing emails falsely claiming copyright infringement, which deploy the Rhadamanthys malware. The campaign uses AI for automation, targeting various countries. Attackers aim to steal sensitive data, including cryptocurrency wallet seed phrases, indicating a financially motivated effort by lower-level cybercriminals rather than state-sponsored groups. ### Meeting … Read more
November 7, 2024 at 05:04AM A phishing campaign named CopyRh(ight)adamantys is exploiting copyright themes to distribute the Rhadamanthys information stealer across various global regions. The attackers impersonate well-known companies and use sophisticated methods, including AI for targeted spear-phishing. Additionally, the SteelFox malware, posing as legitimate software, targets users worldwide through malicious links and data theft. … Read more
November 5, 2024 at 05:34PM Securonix identified a novel cyberattack campaign, CRON#TRAP, where attackers use an emulated Linux environment to stage malware undetected. This technique, utilizing QEMU and Tiny Core Linux, allows covert data harvesting. Targeting North America, the campaign highlights the need for stronger phishing defenses and endpoint monitoring by organizations. ### Meeting Takeaways … Read more
November 5, 2024 at 01:43PM Business email compromise scammers are leveraging the DocuSign API to create seemingly legitimate e-signature requests, leading to fraud. These attackers use custom templates to send invoices, bypassing spam filters. In 2023, BEC scams have cost US businesses $2.9 billion, highlighting the need for vigilance and sender verification. **Meeting Takeaways:** 1. … Read more
November 5, 2024 at 11:12AM Cybercriminals are exploiting a Docusign API in a phishing campaign, sending convincing fake invoices to companies. By creating legitimate Docusign accounts, attackers bypass typical security measures. This innovative scam leverages authentic-looking e-sign requests, prompting organizations to verify document origins to prevent fraud, while urging service providers to bolster API security. … Read more
November 5, 2024 at 08:49AM Cybercriminals are exploiting DocuSign APIs to send fraudulent emails, including fake invoices, that evade spam and phishing filters. This highlights vulnerabilities in the platform, posing significant risks for users. The information was reported by SecurityWeek. **Meeting Takeaways:** 1. **Issue Identified**: Cybercriminals are exploiting DocuSign APIs. 2. **Method of Attack**: They … Read more
November 4, 2024 at 04:01AM Barracuda has identified a widespread phishing campaign impersonating OpenAI, aiming to steal ChatGPT credentials from businesses globally. This large-scale effort poses significant security risks as it targets various organizations. **Meeting Takeaways:** 1. **Observation of Campaign**: Barracuda has identified a significant impersonation campaign targeting OpenAI. 2. **Objective of the Campaign**: The … Read more