The Hacker News

DECEMBER 22, 2023

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.

Malware 90

Malware Engineering Phishing 90

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems.

Phishing 281

Phishing Data breaches Accountability Technology 281

The Hacker News

SEPTEMBER 12, 2023

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A

Phishing 119

Phishing 119

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 267

Phishing Scams Banking Mobile 267

Tech Republic Security

APRIL 29, 2020

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Phishing 196

Phishing Malware 196

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. OpenSSH is also used for external access.

Phishing 108

Phishing Cybercrime Manufacturing Hacking 108

SecureWorld News

FEBRUARY 16, 2024

Tripwire explains: Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users’ login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. As he told Threatpost : “This is an untargeted phishing campaign.

Phishing 90

Phishing Scams Security Awareness Encryption 90

The Hacker News

FEBRUARY 9, 2023

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The attack

Phishing 90

Phishing 90

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Subject lines included “your document” and “photo of you???”. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing 77

Phishing Ransomware Security Awareness Authentication 77

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 121

Phishing Cybercrime Advertising Hacking 121

Malwarebytes

JULY 12, 2023

Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim.

Telecommunications 93

Telecommunications Phishing Software Government 93

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. However, the best defense is always prevention.

Malware 98

Malware Social Engineering Engineering Education 98

The Hacker News

SEPTEMBER 3, 2021

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S.

Phishing 122

Phishing 122

Bleeping Computer

JULY 23, 2023

Microsoft is further enhancing the Windows 11 Enhanced Phishing Protection by testing a new feature that warns users when they copy and paste their Windows password into websites and documents. [.]

Phishing 98

Phishing Passwords 98

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. DocuSign is a service that allows people to sign documents in the Cloud. DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time.

Phishing 144

Phishing Password Management Passwords Accountability 144

The Hacker News

FEBRUARY 3, 2023

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Malware 80

Malware Phishing 80

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 79

Phishing Cybercrime Authentication Mobile 79

CSO Magazine

JANUARY 4, 2023

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. Stolen data used to add credibility to future attacks.

Banking 118

Banking Phishing Data breaches Marketing 118

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 135

Advertising Manufacturing Hacking Cyber Attacks 135

Joseph Steinberg

DECEMBER 1, 2020

As such, scammers sending bogus Verification messages request that recipients do the same, and exploit the fact that so many people both expect to be asked for copies of such documents as part of the Verification process, and are willing to share such documents in order to become Verified.

Media 246

Media Accountability Phishing Scams 246

Bleeping Computer

JUNE 6, 2022

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [.].

Phishing 144

Phishing Government 144

SecureWorld News

OCTOBER 30, 2023

When it comes to impactful types of internet-borne crime, phishing is the name of the game. According to Verizon's 2023 Data Breach Investigations Report (DBIR), a whopping 74% of breaches involve a human element, which is exactly what phishing aims to exploit. And for good reason. Tactics matter a lot, too.

Phishing 98

Phishing Scams Passwords Wireless 98

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Phishing 97

Phishing Cyber Attacks Malware Internet 97

Malwarebytes

JULY 19, 2022

This data includes identification documents, spreadsheets related to Roblox creators, and various email addresses. At time of writing, there’s no specifics with regard to the “identification documents” This could mean driving licence, passport, employee ID scan…we simply don’t know at the moment.

Accountability 93

Accountability Phishing Hacking Ransomware 93

Bleeping Computer

DECEMBER 13, 2021

A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. [.].

Phishing 144

Phishing Malware 144

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. file classified as MASEPIE.

Phishing 120

Phishing Malware Computers and Electronics Internet 120

Heimadal Security

OCTOBER 18, 2021

A fresh variant of a phishing campaign has been recently detected. The attack methods it uses consist of malicious Excel documents that are almost untraceable. The researchers who discovered this new phishing campaign were those from Morphisec Labs and according to […]. MirrorBlast: How Does It Work?

Phishing 119

Phishing Cybersecurity 119

Heimadal Security

JULY 15, 2022

Researchers have uncovered a new phishing kit that, under the guise of security controls, injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data. This data includes government documents, photos, and even financial information.

Phishing 102

Phishing Social Engineering Scams Engineering 102

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 92

Encryption Phishing Accountability Authentication 92

Bleeping Computer

AUGUST 23, 2021

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [.].

Phishing 145

Phishing Malware 145

Bleeping Computer

SEPTEMBER 19, 2022

An ongoing phishing campaign targeting U.S. government contractors has expanded its operation to push higher-quality lures and better-crafted documents. [.].

Phishing 97

Phishing Government 97

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. That phishing site prompted visitors to enter their account credentials — including usernames, passwords, one-time passcodes and PIN numbers — to unlock their accounts.

Phishing 237

Phishing Banking Scams Accountability 237

Bleeping Computer

JANUARY 19, 2023

An unusual phishing technique has been observed in the wild, hiding empty SVG files inside HTML attachments pretending to be DocuSign documents. [.]

Phishing 98

Phishing 98

Security Affairs

JANUARY 28, 2021

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users. SecurityAffairs – hacking, Phishing).

Phishing 124

Phishing Cryptocurrency Passwords Hacking 124

Identity IQ

FEBRUARY 7, 2023

What is Phishing? One of the most common techniques used to exploit web users is the phishing scam. This article will cover what phishing is, cybercriminals’ different approaches, and how to prevent yourself from becoming a victim. What is Phishing? How Does Phishing Work? Spear Phishing.

Phishing 98

Phishing Identity Theft Scams Banking 98

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 107

Phishing Marketing Banking Technology 107

Bleeping Computer

OCTOBER 1, 2022

A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. [.].

Phishing 106

Phishing 106