Security Affairs

OCTOBER 4, 2023

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks.

Phishing 119

Phishing Insurance Manufacturing Banking 119

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 94

Encryption Phishing Accountability Authentication 94

SecureList

AUGUST 14, 2023

Examples include automation with phishing kits or Telegram bots. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation. A lack of maintenance and security patches means they are easy to compromise using a known exploit.

Phishing 74

Phishing Hacking Banking Scams 74

Security Affairs

JANUARY 19, 2022

A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed threat actors to take over accounts. A vulnerability in the implementation of multi-factor authentication (MFA) for Box allowed attackers to take over accounts without having access to the victim’s phone, Varonis researchers reported.

Accountability 117

Accountability Authentication Passwords Data breaches 117

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers.

Phishing 91

Phishing Accountability Authentication Hacking 91

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The subject of the emails reads “Important Notification About Your Account” in an attempt to urge recipients to open it.

Phishing 99

Phishing Scams Social Engineering Password Management 99

Security Affairs

OCTOBER 20, 2021

A Cookie Theft malware was employed in phishing attacks against YouTube creators, Google’s Threat Analysis Group (TAG) warns. Financially motivated threat actors are using Cookie Theft malware in phishing attacks against YouTube creators since late 2019. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Accountability 132

Accountability Malware Phishing Social Engineering 132

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.

Phishing 121

Phishing Data breaches Cryptocurrency Social Engineering 121

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking 104

Hacking Authentication Passwords Accountability 104

Security Affairs

AUGUST 29, 2022

Threat actors behind the Twilio hack also gained access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service. The attackers accessed company systems using employee credentials obtained through a sophisticated SMS phishing attack.

Accountability 96

Accountability Authentication Phishing Data breaches 96

Security Affairs

AUGUST 25, 2022

The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported.

Phishing 95

Phishing Authentication Accountability Passwords 95

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing 130

Phishing Cybercrime Mobile Internet 130

Security Affairs

SEPTEMBER 15, 2022

Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait in phishing attacks. The phishing page (hxxps://auth[.]royalqueenelizabeth[.]com/?)

Phishing 92

Phishing Accountability Authentication Technology 92

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The vulnerability is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass.

Accountability 110

Accountability Government Phishing Authentication 110

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing 91

Phishing Energy and Utilities Insurance Manufacturing 91

Security Affairs

FEBRUARY 4, 2022

Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of brute-force and phishing attacks last year. Microsoft revealed that Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks last year. ” states Microsoft.

Phishing 96

Phishing Authentication Cyber threats Education 96

Security Affairs

OCTOBER 2, 2022

German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. Pierluigi Paganini.

Phishing 96

Phishing Banking DDOS Accountability 96

Security Affairs

OCTOBER 11, 2022

Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. ” reads the report published by Mandiant.

Phishing 95

Phishing Cybercrime Accountability Advertising 95

Security Affairs

JANUARY 14, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) announced that several recent successful cyberattacks hit various organizations’ cloud services. According to the agency, the attackers conducted phishing campaigns and exploited poor cyber hygiene practices of the victims in the management of cloud services configuration.

Accountability 111

Accountability Phishing Authentication Passwords 111

Security Affairs

SEPTEMBER 5, 2022

Resecurity researchers discovered a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised on the Dark Web. Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide.

Phishing 99

Phishing Accountability Hacking Advertising 99

Security Affairs

AUGUST 9, 2020

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. Pierluigi Paganini.

Phishing 145

Phishing Advertising Scams Accountability 145

Security Boulevard

FEBRUARY 5, 2023

The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors.

Password Management 98

Password Management Passwords Accountability Phishing 98

Security Affairs

SEPTEMBER 2, 2023

The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users. The attackers were spotted using anonymizing proxy services and an IP and device not previously associated with the user account to access the compromised account.

Social Engineering 135

Social Engineering Engineering Authentication Accountability 135

Security Affairs

OCTOBER 13, 2021

Threat actors are using mathematical symbols on impersonated company logos to evade detection in phishing campaigns. Researchers from anti-phishing cybersecurity firm INKY have detailed a new technique to evade detection in phishing attacks, it leverages using mathematical symbols on impersonated company logos.

Phishing 95

Phishing Telecommunications Accountability Marketing 95

Security Affairs

APRIL 15, 2024

Cisco Duo warns that a data breach involving one of its telephony suppliers exposed multifactor authentication (MFA) messages sent by the company via SMS and VOIP to its customers. The security breach occurred on April 1, 2024, the threat actors used a Provider employee’s credentials that illicitly obtained through a phishing attack.

Data breaches 121

Data breaches Social Engineering Engineering Authentication 121

Security Affairs

JANUARY 19, 2021

The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts. ” Once gained access to the network, crooks expand their network access, for example, escalating privileges of the compromised employees’ accounts. Pierluigi Paganini.

Accountability 107

Accountability VPN Social Engineering Phishing 107

Security Affairs

MAY 30, 2021

Workers are going back to offices after months of remote working and crooks are attempting to exploit the situation by conducting spear-phishing attacks against their organizations. The messages pretend to provide information about changes to business operations the company is taking relative to the COVID-19 pandemic. .

Phishing 101

Phishing Authentication Government Accountability 101

Security Affairs

FEBRUARY 12, 2024

They might even lock you out of your own accounts by resetting your passwords. Avoid entering any data if you see a warning message about a site’s authenticity. Most browsers will alert you if a site isn’t secure. Check your social media accounts for active sessions and log out of any you don’t recognize.

DNS 129

DNS VPN Encryption Passwords 129

Security Affairs

APRIL 28, 2024

From March 18, 2024, to April 16, 2024, Duo Security and Cisco Talos observed large-scale brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services. This method poses a risk of exposing sensitive data or enabling fraudulent activities.

VPN 115

VPN Accountability Firewall Data breaches 115

Security Affairs

JANUARY 26, 2023

National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors based in Russia and Iran. The are increasingly targeting organizations and individuals.

Phishing 82

Phishing Media Hacking Education 82

Security Affairs

JULY 22, 2019

Last week, hackers published a list of Discord credentials (email addresses/passwords) that were allegedly phished from the users of the gaming chat platform. Last week, a group of hackers published a list of Discord login credentials (email addresses and passwords) that were allegedly phished from the users of the gaming chat platform.

Phishing 81

Phishing Data breaches Passwords Advertising 81

Security Affairs

NOVEMBER 2, 2022

According to the advisory published by Dropbox, the company was the target of a phishing campaign that resulted in access to the GitHub repositories. The company pointed out that no one’s content, passwords, or payment information were accessed, it also remarked that the issue was quickly resolved. Pierluigi Paganini.

Phishing 123

Phishing Authentication Passwords Accountability 123

Security Affairs

DECEMBER 17, 2023

MongoDB on Saturday announced it is investigating a cyberattack that exposed customer account metadata and contact information. The cyber attack was discovered on December 13, 2023, and led to the exposure of customer account metadata and contact information. We detected suspicious activity on Wednesday (Dec.

Social Engineering 123

Social Engineering Data breaches Cyber Attacks Accountability 123

Security Affairs

DECEMBER 17, 2023

Threat actors launched a phishing attack against a former employee obtaining his credentials and access to the Ledger’s NPMJS account. This is a good example of the industry working swiftly together to address security challenges.” of its npm module. that included a crypto drainer malware. and 1.1.7).”

Phishing 123

Phishing Accountability Malware Authentication 123

Security Affairs

JUNE 5, 2022

The hacker conducted a phishing attack, they set up a phishing site that impersonated the official BAYC site claiming that BAYC, MAYC and OthersideMeta holders were able to claim a free NFT for a short period of time. This then granted the scam the appearance of authenticity and made it easier to dupe the NFT holders.”

Phishing 136

Phishing Hacking Accountability Scams 136

Security Affairs

DECEMBER 16, 2022

Gemini crypto exchange warns users of an ongoing phishing campaign after a third-party vendor suffered a security breach. Gemini crypto exchange is warning of phishing campaigns targeting its users after a threat actor obtained their data by breaching a third-party vendor. SecurityAffairs – hacking, phishing).

Hacking 88

Hacking Phishing Accountability Authentication 88

Security Affairs

OCTOBER 2, 2021

Threat actors stole funds from the accounts of more than 6,000 users of the crypto exchange Coinbase exploiting a flaw to bypass 2FA authentication. Threat actors have exploited a vulnerability in the SMS-based two-factor authentication (2FA) system implemented by the crypto exchange Coinbase to steal funds from more than 6,000 users.

Cryptocurrency 122

Cryptocurrency Data breaches Authentication Accountability 122