Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

December 13, 2024 at 03:04AM Trend Micro researchers examined a social engineering attack where an attacker impersonated a client during a Microsoft Teams call. The victim was tricked into downloading AnyDesk, allowing remote access, which facilitated the installation of DarkGate malware. The attack was ultimately stopped before any data exfiltration occurred, highlighting security vulnerabilities. **Meeting … Read more

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

December 9, 2024 at 01:18PM Black Basta ransomware is evolving its tactics, utilizing social engineering and various malware like Zbot and DarkGate since October 2024. The group employs email bombing, impersonation on Microsoft Teams, and QR codes to target users. Their ultimate aim includes credential harvesting and VPN file theft for further breaches. ### Meeting … Read more

Recently Charged Scattered Spider Suspect Did Poor Job at Covering Tracks

December 6, 2024 at 06:31AM A 19-year-old California resident, Remington Ogletree, has been charged for his involvement in Scattered Spider cyberattacks, allegedly causing over $4 million in losses. He used social engineering to access networks, steal data, and launch phishing campaigns. Investigators linked him to multiple cybercrimes through various accounts and his own admissions. ### … Read more

US arrests Scattered Spider suspect linked to telecom hacks

December 5, 2024 at 03:35PM U.S. authorities arrested 19-year-old Remington Goy Ogletree, connected to the Scattered Spider cybercrime gang, for breaching a financial institution and telecoms. He exploited phishing tactics, targeting employee credentials, and sent millions of phishing texts to steal cryptocurrency. Investigations reveal his extensive criminal activities and ties to other notorious hackers. ### … Read more

North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks

December 3, 2024 at 04:52AM North Korea-aligned Kimsuky is linked to phishing attacks using Russian sender addresses to steal credentials. These attacks, primarily targeting South Korean users, exploit email services and impersonate institutions like Naver. Kimsuky utilizes compromised servers and tools for spoofing to evade security, aiming for account hijacking and further attacks. ### Meeting … Read more

Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online

December 2, 2024 at 10:04PM A massive data breach linked to the MOVEit file transfer tool has exposed personal data of hundreds of thousands of employees from major corporations, including Xerox and Bank of America. The hacker “Nam3L3ss” leaked employee details such as names, contact information, and job titles, raising concerns over potential social engineering … Read more

BlackBasta Ransomware Brand Picks Up Where Conti Left Off

November 25, 2024 at 05:09PM Recent analysis shows that Russian-language ransomware groups are coordinating closely, sharing tactics and malware. BlackBasta has emerged as a key player, adapting to law enforcement crackdowns. Cybersecurity experts warn of potential cooperation between BlackBasta and the Russian state, emphasizing the need for enhanced defenses against evolving social engineering attacks. ### … Read more

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

November 23, 2024 at 07:24AM The North Korean threat actor Sapphire Sleet has reportedly stolen over $10 million in cryptocurrency through social engineering via fake LinkedIn profiles since 2020. Utilizing malware disguised as skills assessments and AI-generated identities, they target users in job recruitment scams, gaining system access and financial credentials for theft. **Meeting Takeaways … Read more

Ford investgates alleged breach following customer data leak

November 19, 2024 at 03:15PM Ford is investigating a potential data breach involving 44,000 customer records allegedly leaked by a hacker on a forum. The records, which include identifiable information, could facilitate phishing attacks. The company is currently assessing the situation, acknowledging the seriousness of the claims, and advising caution regarding unsolicited communications. ### Meeting … Read more

Iranian Hackers Use “Dream Job” Lures to Deploy SnailResin Malware in Aerospace Attacks

November 13, 2024 at 07:15AM The Iranian threat actor TA455 has mimicked North Korean tactics in a Dream Job campaign, targeting the aerospace industry with fake job offers. The campaign distributes SnailResin malware, enabling remote access and credential theft. This approach includes using social engineering, impostor personas, and multi-stage infection methods to evade detection. **Meeting … Read more