SecurityWeek
In Other News: National Laboratory Breach, Airplane GPS Attacks, Russia Accuses Allies of Hacking
Idaho National Laboratory breach, GPS attacks target airplanes, Russian accuses China and North Korea of hacking.
Bleeping Computer
DarkGate and Pikabot malware emerge as Qakbot’s successors
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
Infosecurity News
DarkGate and PikaBot Activity Surge in the Wake of QakBot Takedown
DarkGate and PikaBot have been observed as part of phishing campaigns using the same tactics as the ones used by QakBot perpetrators
The Hacker News
DarkGate and PikaBot Malware Resurrect QakBot's Tactics in New Phishing Attacks
New high-volume phishing campaigns mimic tactics of defunct QakBot trojan, hijacking email threads and using unique URLs to deliver DarkGate & PikaBot
CyberNews
Be careful what you scan: QR scams increase by 51%
Threat actors are using malicious QR codes to steal valuable data and money. Experts say it’s still difficult to detect and mitigate the threats spread by this method.
Infosecurity News
New Phishing Campaign Uses LinkedIn Smart Links in Blanket Attack
Email security provider Cofense has unveiled a large-scale phishing campaign leveraging LinkedIn Smart Links
SecurityWeek
LinkedIn Smart Links Abused in Phishing Campaign Targeting Microsoft Accounts
A recently observed phishing campaign targeting Microsoft accounts is using LinkedIn smart links to bypass defenses.
Bleeping Computer
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
The Hacker News
Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
Using Bing Chat? Stay alert! Researchers reveal malicious ads lurking in Bing's AI chatbot, leading users to install malware unknowingly.
CSO
Perception Point tackles QR code phishing attacks
A detection engine aims to stop malicious QR code email quishing campaigns at their source, preventing them from reaching the user’s inbox.
The Hacker News
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Hackers are now using a sneaky "MalDoc in PDF" technique to hide malicious Word files within PDFs.
SecurityWeek
Industry Reactions to Qakbot Botnet Disruption: Feedback Friday
Industry professionals comment on the law enforcement operation targeting the Qakbot botnet and its implications.
-1.webp)
Cyber Security News
Attackers Weaponizing QR Codes to Steal Employees Microsoft Credentials
A recent discovery highlights a significant QR code phishing campaign that targets Microsoft credentials across various industries.
Infosecurity News
QR Code Campaign Targets Major Energy Firm
Cofense said that over 29% of the malicious emails were directed at the energy sector giant
SecurityWeek
Malicious QR Codes Used in Phishing Attack Targeting US Energy Company
A widespread phishing campaign using malicious QR codes has hit organizations in various industries, including am energy company in the US.
Security Affairs
A massive phishing campaign using QR codes targets the energy sector
A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries One of the organizations targeted by hackers is a […]
Bleeping Computer
Major U.S. energy org targeted in QR code phishing attack
A phishing campaign was observed predominantly targeting a notable energy company in the US, employing QR codes to slip malicious emails into inboxes and bypass security.
DarkReading
QR Code Phishing Campaign Targets Top US Energy Company
Attackers sent more than 1,000 emails with 2FA, MFA, and other security-related lures aimed at stealing Microsoft credentials.
The Record
Phishing campaign used QR codes to target large energy company
A large phishing campaign uncovered by cybersecurity researchers used malicious QR codes to target a U.S. energy firm.
The Hacker News
Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign
Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
SecurityWeek
Google AMP Abused in Phishing Attacks Aimed at Enterprise Users
Threat actors are using Google AMP URLs in phishing campaigns aimed at enterprises as a new detection evasion tactic.
Bleeping Computer
Threat actors abuse Google AMP for evasive phishing attacks
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.
DarkReading
DOS Attacks Dominate, but System Intrusions Cause Most Pain
In the latest Verizon "Data Breach Investigations Report," denial-of-service attacks are the most common type of security incident, but when it comes to breaches, nearly four-in-ten attackers compromise systems.
DarkReading
SuperMailer Abuse Bypasses Email Security for Super-Sized Credential Theft
Secure email gateways and end users alike are being fooled by a cyberattack campaign that's enjoying skyrocketing volumes against businesses in every industry, globally.
The Hacker News
Researchers Uncover Thriving Phishing Kit Market on Telegram Channels
Telegram becoming a hub for cybercrime! Researchers find threat actors using the platform to sell phishing kits and set up campaigns.
Infosecurity News
Threat Actors Increasingly Use Telegram For Phishing Purposes
The findings come from cybersecurity experts at Kaspersky
DarkReading
Phishing Emails Up a Whopping 569% in 2022
Credential phishing emails are the clear favorite of threat actors, with a 478% spike last year, new research shows.
Security Affairs
Emotet is back after a three-month hiatus
The infamous Emotet malware is back after a short hiatus, threat actors are spreading it via Microsoft OneNote email attachments. The Emotet malware returns after a three-month hiatus and threat actors are distributing it via Microsoft OneNote email attachments to avoid detection. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked […]
DarkReading
Pig Butchering & Investment Scams: The $3B Cybercrime Threat Overtaking BEC
A novel take on investment scams mixes romance and the lure of crypto riches to con targets out of "the whole hog" of their assets.
DarkReading
Emotet Resurfaces Yet Again After 3-Month Hiatus
More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts.
Bleeping Computer
Emotet malware attacks return after three-month break
The Emotet malware operation is again spamming malicious emails as of Tuesday morning after a three-month break, rebuilding its network and infecting devices worldwide.
Bleeping Computer
PureCrypter malware hits govt orgs with ransomware, info-stealers
A threat actor has been targeting government entities with PureCrypter malware downloader that has been seen delivering multiple information stealers and ransomware strains.
Infosecurity News
Crypto-Stealing Campaign Deploys MortalKombat Ransomware
The attacks mainly targeted victims in the US but also in the UK, Turkey, and the Philippines
DarkReading
Exclu Shutdown Underscores Outsized Role Messaging Apps Play in Cybercrime
Apps like Telegram, WhatsApp, and Discord are a hotbed of cybercriminal communication and scams.
Infosecurity News
Threat Actors Use ClickFunnels to Bypass Security Services
They created pages with malicious links and ultimately conducted credential-harvesting attacks
DarkReading
Riot Games Latest Video-Game Maker to Suffer Breach
Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.
DarkReading
$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims
In the ad, cybercriminals are offering to sell employee-level access to Telegram, researchers warn.
Infosecurity News
Telegram Bot Abuse For Phishing Increased By 800% in 2022
The growth is associated with using HTML attachments as a delivery method in credential phishing
DarkReading
Threat Actor Abuses LinkedIn's Smart Links Feature to Harvest Credit Cards
The tactic is just one in a constantly expanding bag of tricks that attackers are using to get users to click on links and open malicious documents.
Bleeping Computer
LinkedIn Smart Links abused in evasive email phishing attacks
Phishing actors are abusing LinkedIn's Smart Link feature to bypass email security products and successfully redirect targeted users to phishing pages that steal login credentials.
SecurityWeek
US Government Contractors Targeted in Evolving Phishing Campaign
US government contractors targeted in phishing campaigns claiming to invite them to bid for projects at various government departments.
Bleeping Computer
Microsoft 365 phishing attacks impersonate U.S. govt agencies
An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents.
Bleeping Computer
Lampion malware returns in phishing attacks abusing WeTransfer
The Lampion malware is being distributed in greater volumes lately, with threat actors abusing WeTransfer as part of their phishing campaigns.
DarkReading
Unusual Microsoft 365 Phishing Campaign Spoofs eFax Via Compromised Dynamics Voice Account
In a widespread campaign, threat actors use a compromised Dynamics 365 Customer Voice business account and a link posing as a survey to steal Microsoft 365 credentials.
The Hacker News
Hackers Using Fake DDoS Protection Pages to Distribute Malware
Researchers uncover a widespread campaign in which hackers use compromised WordPress sites to display fraudulent Cloudflare DDoS protection pages.
Bleeping Computer
Phishing attacks abusing SaaS platforms see a massive 1,100% growth
Threat actors are increasingly abusing legitimate software-as-a-service (SaaS) platforms like website builders and personal branding spaces to create malicious phishing websites that steal login credentials.
Infosecurity News
Countdown Clock Puts Pressure on Phishing Targets
New campaign is a masterclass in social engineering
ThreatPost
DOJ Says Doctor is Malware Mastermind
The U.S. Department of Justice indites middle-aged doctor, accusing him of being a malware mastermind.
SecurityWeek
Learn to Use This First: Four Fundamental Tactics to Protect Email Ecosystems
As email security is an ever-changing landscape, focusing on the most relevant issues in the threat landscape is where organizations need to start.
Bleeping Computer
Emotet malware infects users again after fixing broken installer
The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.
CyberScoop
Emotet's tax-season phishing is back with new tricks
Researchers at Cofense say the operators behind the Emotet botnet "have upped their game" for 2022's tax season.
Bleeping Computer
Emotet malware campaign impersonates the IRS for 2022 tax season
The Emotet malware botnet is taking advantage of the 2022 U.S. tax season by sending out malicious emails pretending to be the Internal Revenue Service sending tax forms or federal returns.
CyberScoop
Cybercriminals are posing as Ukraine fundraisers to steal cryptocurrency
The scams have picked up on Telegram.
SecurityWeek
Hacked Ukrainian Military Emails Used in Attacks on European Governments
Hacked email accounts belonging to members of the Ukrainian military have been used in attacks targeting European government personnel.
ThreatPost
Shipment-Delivery Scams a Fav Way to Spread Malware
Attackers increasingly are spoofing the courier DHL and using socially engineered messages related to packages to trick users into downloading Trickbot and other malicious payloads.
Bleeping Computer
Phishing campaign targets CoinSpot cryptoexchange 2FA codes
A new phishing campaign that targets users of the CoinSpot cryptocurrency exchange employs a new theme that revolves around withdrawal confirmations.
The Record
Meta (Facebook) sues operators of 39,000 phishing sites
Meta, the parent company for Facebook, Instagram, and WhatsApp, has filed a lawsuit today in a California court against the operators of more than 39,000 phishing sites that have been hosted through the Ngrok service.
Bleeping Computer
Phishing attacks use QR codes to steal banking credentials
A new phishing campaign that targets German e-banking users has been underway in the last couple of weeks, involving QR codes in the credential-snatching process.
Bleeping Computer
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent.