Accountability, Cybercrime, Information Security and Phishing

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing

Phishing Education Social Engineering Media

FBI: Compromised US academic credentials available on various cybercrime forums

Security Affairs

MAY 27, 2022

The FBI warns organizations in the higher education sector of credentials sold on cybercrime forums that can allow threat actors to access their networks. Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. ” reads the alert published by the FBI.

Cybercrime

Cybercrime Education Accountability Phishing

Hackers abusing the Ngrok platform phishing attacks

Security Affairs

FEBRUARY 16, 2021

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost.

Phishing

Phishing Cybercrime Mobile Internet

EvilProxy used in massive cloud account takeover scheme

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability

Accountability Phishing Authentication Architecture

Phishing, the campaigns that are targeting Italy

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware.

Phishing

Phishing Scams Education Passwords

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Security Affairs

OCTOBER 11, 2022

Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. ” reads the report published by Mandiant.

Phishing

Phishing Cybercrime Accountability Advertising

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

Security Affairs

OCTOBER 4, 2023

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks.

Phishing

Phishing Insurance Manufacturing Banking

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Massive phishing campaign targets users of the Zimbra Collaboration email server

Security Affairs

AUGUST 18, 2023

ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. The phishing messages include a phishing page in the attached HTML file, they warn the recipient of an email server update, account deactivation, or similar issue.

Phishing

Phishing Social Engineering Accountability Engineering

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

German police seized the darknet marketplace Nemesis Market

Security Affairs

MARCH 23, 2024

An operation conducted by the Federal Criminal Police Office in Germany (BKA) and the Frankfurt cybercrime combating unit (ZIT) led to the seizure of the infrastructure of the darknet marketplace Nemesis Market in Germany and Lithuania. The Nemesis Market recently reached over 150,000 users and over 1,100 seller accounts registered worldwide.

Marketing

Marketing Cybercrime DDOS Internet

Police dismantled a gang that used phishing sites to steal credit cards

Security Affairs

FEBRUARY 22, 2022

The Ukrainian police arrested a gang specialized in the sale of stolen payment card data through phishing attacks. The cybercrime unit of the Ukrainian police has arrested a group of cybercriminals who managed to steal payment card data from at least 70,000 people by setting up mobile fake top-up services. Pierluigi Paganini.

Phishing

Phishing Banking Mobile Telecommunications

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Security Affairs

JULY 6, 2021

The alleged perpetrator, who turned out to be a citizen of Morocco, was arrested in May by the Moroccan police based on the data about his cybercrimes that was provided by Group-IB. Almost each of the scripts contained in the phishing kit had its creator’s nickname, Dr HeX, and contact email address.

Cybercrime

Cybercrime Phishing Banking Telecommunications

Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. 8e-sefdea4.um9. ” concludes the experts.

Phishing

Phishing Accountability Authentication Hacking

MailChimp breached, intruders conducted phishing attacks against crypto customers

Security Affairs

APRIL 4, 2022

Threat actors gained access to internal tools of the email marketing giant MailChimp to conduct phishing attacks against crypto customers. Trezor WARNING: Elaborate Phishing attack. Trazor also took the phishing domain used by threat actors offline and launched an investigation to determine how many users have been impacted.

Phishing

Phishing Data breaches Cryptocurrency Social Engineering

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. Palo Alto Network Unit 42 discovered a previously unreported phishing campaign that distributed a Python variant of the NodeStealer. ” reads the analysis published by Palo Alto Networks.

Accountability

Accountability Cryptocurrency Malware Phishing

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing

Phishing Authentication Social Engineering Passwords

Info stealers and how to protect against them

Security Affairs

DECEMBER 18, 2023

. “Cashout bank logs” typically refer to a type of cybercrime where individuals gain unauthorized access to banking information, often through phishing attacks or hacking, and then use that information to withdraw money or make unauthorized transactions.

Banking

Banking Cybercrime Malware Accountability

A new phishing scam targets American Express cardholders

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The subject of the emails reads “Important Notification About Your Account” in an attempt to urge recipients to open it.

Phishing

Phishing Scams Social Engineering Password Management

A massive phishing campaign using QR codes targets the energy sector

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.” com (Cloudflare’s Web3 services).

Phishing

Phishing Energy and Utilities Insurance Manufacturing

Remcos RAT campaign targets US accounting and tax return preparation firms

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability

Accountability Phishing Financial Services Surveillance

Experts spotted a phishing campaign impersonating security firm Proofpoint

Security Affairs

NOVEMBER 7, 2021

The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”. “The email claimed to contain a secure file sent via Proofpoint as a link.” The phishing message was sent from a legitimate individual’s compromised email account. SecurityAffairs – hacking, phishing).

Phishing

Phishing Social Engineering Accountability Engineering

German police identified a gang that stole €4 million via phishing attacks

Security Affairs

OCTOBER 2, 2022

German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. Pierluigi Paganini.

Phishing

Phishing Banking DDOS Accountability

Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks

Security Affairs

SEPTEMBER 15, 2022

Threat actors are exploiting the death of Queen Elizabeth II as bait in phishing attacks to steal Microsoft account credentials from victims. Researchers from Proofpoint are warning of threat actors that are using the death of Queen Elizabeth II as bait in phishing attacks. The phishing page (hxxps://auth[.]royalqueenelizabeth[.]com/?)

Phishing

Phishing Accountability Authentication Technology

0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

Security Affairs

AUGUST 25, 2022

The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported.

Phishing

Phishing Authentication Accountability Passwords

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Security Affairs

OCTOBER 22, 2021

FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, gambling, and hospitality industries in the US to harvest financial information that was used in attacks or sold in cybercrime marketplaces. SecurityAffairs – hacking, cyber security). ” concludes the report.

Cybercrime

Cybercrime Ransomware Cybersecurity Backups

Experts warn of the first known phishing attack against PyPI

Security Affairs

AUGUST 28, 2022

The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The Python Package Index, PyPI, this week warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository.

Phishing

Phishing Hacking Accountability Cybercrime

Fraudster stole $870,000 from 2 US universities with spear-phishing mails

Security Affairs

AUGUST 5, 2019

A crook involved in a spear phishing scheme and that was in Kenya is facing up to 20 years in the US federal prison for stealing thousands of dollars from US universities. Amil Hassan Raage, 48, pleaded guilty last week in a southern California court to fraudulently receiving almost $750,000 as part of a spear phishing scheme.

Phishing

Phishing Banking Advertising Accountability

Attackers abuse open redirects in Snapchat and Amex in phishing attacks

Security Affairs

AUGUST 7, 2022

Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft 365 users. com open redirect. Pierluigi Paganini.

Phishing

Phishing Architecture Hacking Accountability

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

Scams

Scams Phishing Government Passwords

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

Additionally, there are also Russian cybercrime organizations that are not state-sponsored but are allowed to operate. Although there’s no one magic solution to eliminating cyberattacks and cybercrime risks, there are steps you can take to reduce the chances of becoming a victim. Accounting for humans.

Cybersecurity

Cybersecurity Cybercrime Education Passwords

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. Main web-phishing target categories also included payment services, cloud storages, social networks, and dating websites.

Phishing

Phishing Ransomware Spyware Banking

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Security Affairs

OCTOBER 23, 2023

Criminal activities conducted by the group are smishing , phishing and vishing campaigns, and the ‘son in distress’ scam. They then contacted those clients informing them that due to a computer error they had entered a loan and had to return it.” ” said the Spanish Police. ” said the Spanish Police.

Computers and Electronics

Computers and Electronics Scams Cybercrime Phishing

Exposing the "Data Leaks" Paradise – An Analysis

Security Boulevard

DECEMBER 19, 2022

Sample uses of these stolen and compromised databases includes: - setting the foundation for a successful spear-phishing campaigns. setting the foundations for successful targeted malware and exploits serving campaigns. setting the foundations for successful widespread spam and botnet propagation campaigns.

Penetration Testing

Penetration Testing Cybercrime Data breaches Social Engineering

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Security Affairs

APRIL 24, 2023

EvilExtractor is a new “all-in-one” info stealer for Windows that is being advertised for sale on dark web cybercrime forums. FortiGuard Labs observed this malware in a phishing email campaign on 30 March, which we traced back to the samples included in this blog.” ” reads the report published by Fortinet.

Cybercrime

Cybercrime Malware Education Phishing

Defending Against the Threats to Our Security

SecureWorld News

JULY 3, 2023

Human error accounts for 95% of all data breaches. This means that most cyberattacks could be prevented by following simple cybersecurity best practices, such as using strong passwords, updating software, and avoiding phishing emails. Phishing emails are more common than you know. Cybercrime is a highly profitable business.

Cybercrime

Cybercrime Social Engineering Data breaches Cyber threats

Data leak exposes users of car-sharing service Blink Mobility

Security Affairs

DECEMBER 21, 2023

A treasure trove for bad actors Personally identifiable information from car renting companies is highly valued among black-hat hackers and is often sold in batches on cybercrime marketplaces on the dark web. In the wrong hands, this data can be exploited for financial gain.

Mobile

Mobile Identity Theft Passwords Phishing

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Security Affairs

SEPTEMBER 26, 2023

Resecurity research found that the ‘Smishing Triad’ cybercrime group has expanded its phishing campaign into the United Arab Emirates (UAE). Specifically, the threat actor acquires UAE resident databases from the Dark Web and launches their smishing attacks from iCloud accounts they have previously compromised.

Phishing

Phishing Scams Cybercrime Accountability

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Security Affairs

AUGUST 20, 2023

Over 3,000 Android Malware spotted using unsupported/unknown compression methods to avoid detection WinRAR flaw enables remote code execution of arbitrary code #OpFukushima: Anonymous group protests against the plan to dump Fukushima RADIOACTIVE wastewater into Pacific Massive phishing campaign targets users of the Zimbra Collaboration email server (..)

Cybercrime

Cybercrime Hacking Malware Phishing

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

Security Affairs

DECEMBER 20, 2023

The six-month operation (July-December 2023) targeted organizations involved in seven types of online scams: business email compromise (BEC), ecommerce fraud, investment fraud, voice phishing , money laundering associated with illegal online gambling, romance scams , and online sextortion schemes.

Scams

Scams eCommerce Banking Cybercrime

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

One of the most important ways to protect against data breaches is to increase employee security awareness. Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. This includes accounting, sales, and other teams.

Passwords

Passwords Security Awareness Data breaches Cybersecurity

Hackers stole a six-figure amount from Swiss universities

Security Affairs

OCTOBER 5, 2020

“According to our information, several universities in Switzerland have been affected,” explained Martina Weiss, Secretary General of the Rectors’ Conference of the Swiss Universities. The hackers carried out spear-phishing attacks against the Swiss universities in an attempt of tricking its employees into providing their access data.

Advertising

Advertising Phishing Cybercrime Hacking

Okta warns of unprecedented scale in credential stuffing attacks on online services

Security Affairs

APRIL 28, 2024

A credential stuffing attack is a type of cyber attack where hackers use large sets of username and password combinations, typically obtained from previous data breaches, phishing campaigns, or info-stealer infections, to gain unauthorized access to user accounts on various online services. ” continues the advisory.

VPN

VPN Accountability Firewall Data breaches

Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

Security Affairs

MARCH 31, 2023

million with phishing campaigns. “Some of the people involved, who live in Ukraine, created more than 100 phishing sites aimed at European users. . “Some of the people involved, who live in Ukraine, created more than 100 phishing sites aimed at European users. Later, they appropriated money from their accounts.”

Banking

Banking Phishing Scams Cybercrime

“My Slice”, an Italian adaptive phishing campaign

FBI: Compromised US academic credentials available on various cybercrime forums

Trending Sources

Hackers abusing the Ngrok platform phishing attacks

EvilProxy used in massive cloud account takeover scheme

Phishing, the campaigns that are targeting Italy

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

Cybercriminals Use Azure Front Door in Phishing Attacks

Massive phishing campaign targets users of the Zimbra Collaboration email server

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

German police seized the darknet marketplace Nemesis Market

Police dismantled a gang that used phishing sites to steal credit cards

Operation Lyrebird: Group-IB assists INTERPOL in identifying suspect behind numerous cybercrimes worldwide

Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign

MailChimp breached, intruders conducted phishing attacks against crypto customers

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021?

Info stealers and how to protect against them

A new phishing scam targets American Express cardholders

A massive phishing campaign using QR codes targets the energy sector

Remcos RAT campaign targets US accounting and tax return preparation firms

Experts spotted a phishing campaign impersonating security firm Proofpoint

German police identified a gang that stole €4 million via phishing attacks

Crooks are using lures related to Her Majesty Queen Elizabeth II in phishing attacks

0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

Experts warn of the first known phishing attack against PyPI

Fraudster stole $870,000 from 2 US universities with spear-phishing mails

Attackers abuse open redirects in Snapchat and Amex in phishing attacks

Cybercriminals Deliver IRS Tax Scams & Phishing Campaigns By Mimicking Government Vendors

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Spain police dismantled a cybercriminal group who stole the data of 4 million individuals

Exposing the "Data Leaks" Paradise – An Analysis

EvilExtractor, a new All-in-One info stealer appeared on the Dark Web

Defending Against the Threats to Our Security

Data leak exposes users of car-sharing service Blink Mobility

Smishing Triad Stretches Its Tentacles into the United Arab Emirates

Security Affairs newsletter Round 433 by Pierluigi Paganini – International edition

Law enforcement Operation HAECHI IV led to the seizure of $300 Million

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Hackers stole a six-figure amount from Swiss universities

Okta warns of unprecedented scale in credential stuffing attacks on online services

Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

Stay Connected