Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 98

Encryption Phishing Accountability Authentication 98

Malwarebytes

DECEMBER 6, 2024

A network of fake online shops set up to phish for payment information provided one of the sources of stolen data. The scammers participated in fraudulent phone calls in which they impersonated bank employees to extract sensitive information, such as addresses and security answers, from their victims.

Marketing 119

Marketing Banking Encryption Phishing 119

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 143

Phishing Marketing Banking Technology 143

SecureWorld News

JUNE 9, 2025

Much of the industry still relies on legacy operational tech (OT) systems that lack modern security features such as automated patch management and encryption by default. Additionally, a distributed workforce, ranging from remote maintenance technicians to cabin crews, multiplies entry points for social-engineering tactics like phishing.

Cybersecurity 117

Cybersecurity Social Engineering Computers and Electronics Risk 117

SecureList

DECEMBER 23, 2024

Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor ( CVE-2018-0802 ) to download and execute malware code. dat Encrypted VBShower backdoor AppCache028732611605321388.log:AppCache0287326116053213889292.vbs See below for the infection pattern.

Encryption 135

Encryption Penetration Testing Malware Phishing 135

Security Affairs

AUGUST 12, 2021

Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020. com , or api[.]statvoo[.]com

Phishing 130

Phishing Passwords Encryption Cybercrime 130

eSecurity Planet

DECEMBER 4, 2024

With cyberattacks on operating systems, applications, and networks becoming more sophisticated, the tech giant formulated a strategy to enhance the protection of Windows systems, focusing strongly on phishing attacks. Data Protection Windows 11 Enterprise introduced a new Personal Data Encryption feature.

Encryption 107

Encryption Phishing Authentication Passwords 107

Security Affairs

MAY 29, 2025

” APT41 used spear phishing emails with a ZIP file hosted on a hacked government site. The ZIP pretended to be a document about export declarations and included a disguised LNK file and images of arthropods. The malware encrypts both data and commands using XOR keys and compresses messages with LZNT1.

Malware 118

Malware Government Encryption Hacking 118

eSecurity Planet

APRIL 8, 2025

Called Xanthorox AI, the tool was first spotted earlier this year on darknet forums and encrypted chat groups, where its being marketed as the killer of WormGPT and all EvilGPT variants. These tools allow hackers to plan and launch fully automated attacks, including phishing campaigns , ransomware drops, and malware development.

Social Engineering 109

Social Engineering Phishing Engineering Cybercrime 109

Schneier on Security

AUGUST 30, 2019

Together with poorly-deployed application isolation on personal computers, such malware can not only steal or encrypt documents for extortion, but also act on the user's behalf, e.g., sending phishing emails or mounting denial-of-service attacks.

Malware 250

Malware Architecture Encryption Phishing 250

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing 127

Phishing Advertising Cryptocurrency Encryption 127

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. file classified as MASEPIE.

Phishing 142

Phishing Malware Computers and Electronics Internet 142

Adam Levin

JANUARY 15, 2019

This effectively leaves victims unable to file reports or get documentation of their stolen identities, which is typically a first step for mitigating damage to credit and financial accounts. . Government websites will also become a more attractive avenue for scams and phishing.

Identity Theft 219

Identity Theft Scams Government Phishing 219

SecureList

FEBRUARY 21, 2025

Technical details Initial attack vector The initial attack vector used by Angry Likho consists of standardized spear-phishing emails with various attachments. Contents of spear-phishing email inviting the victim to join a videoconference The archive includes two malicious LNK files and a legitimate bait file. averageorganicfallfaw[.]shop

Phishing 87

Phishing Encryption Banking Malware 87

SecureWorld News

FEBRUARY 16, 2024

Tripwire explains: Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users’ login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. As he told Threatpost : “This is an untargeted phishing campaign.

Phishing 104

Phishing Scams Security Awareness Encryption 104

SecureList

MAY 3, 2021

Banking phishing: new version of an old scheme. Clients of several Dutch banks faced a phishing attack using QR codes. The links in their messages took the victim to a well-designed phishing pages with official emblems, business language and references to relevant laws. Quarterly highlights. Vaccine with cyberthreat.

Phishing 137

Phishing Banking Accountability Computers and Electronics 137

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. Subject lines included “your document” and “photo of you???”.

Phishing 134

Phishing Ransomware Security Awareness Authentication 134

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). Image: Wikipedia.

Antivirus 331

Antivirus VPN Encryption Malware 331

Security Affairs

APRIL 20, 2025

BPFDoors Hidden Controller Used Against Asia, Middle East Targets Gorilla, a newly discovered Android malware Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia Unmasking the new XorDDoS controller and infrastructure Byte Bandits: How (..)

Malware 80

Malware Cryptocurrency Encryption Phishing 80

eSecurity Planet

DECEMBER 7, 2023

Encryption scrambles data to make it unreadable to those without decryption keys. Proper use of encryption preserves secrecy and radically lowers the potential damage of a successful cybersecurity attack. Encryption algorithm types will provide an overview of the mathematical algorithms used to encrypt data (AES, RSA, etc.),

Encryption 109

Encryption Authentication Passwords Password Management 109

Krebs on Security

JANUARY 30, 2024

” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

Security Affairs

NOVEMBER 18, 2020

The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. Experts observed several variants over the recent months, it authors have improved encryption and implemented new functionality of the final Node.js SecurityAffairs – hacking, malware).

Phishing 135

Phishing Malware Cryptocurrency Information Security 135

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. This move prompted malware authors to seek out new ways to distribute their payloads, resulting in an increase in the use of other infection vectors, such as password-encrypted zip files and ISO files.

Malware 98

Malware Social Engineering Engineering Education 98

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle.

Phishing 142

Phishing Malware Encryption Antivirus 142

SecureWorld News

OCTOBER 30, 2023

When it comes to impactful types of internet-borne crime, phishing is the name of the game. According to Verizon's 2023 Data Breach Investigations Report (DBIR), a whopping 74% of breaches involve a human element, which is exactly what phishing aims to exploit. And for good reason. Tactics matter a lot, too.

Phishing 109

Phishing Scams Passwords Wireless 109

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. Here are four new phishing trends keeping businesses on their toes. Spear phishing. Phishing via texting.

Phishing 124

Phishing Scams Cybercrime Passwords 124

IT Security Guru

MARCH 26, 2025

Verified Identity, access permission controls, data encryption are all challenges for the cybersecurity industry in a world of autonomous machines! Therefore, the cybersecurity community must upskill in network security, threat detection, post-quantum ready encryption, and uncovering vulnerabilities to minimise zero-day scenarios.

Cybersecurity 113

Cybersecurity Encryption Threat Detection Authentication 113

Webroot

APRIL 11, 2025

For most of us, tax season is all about finding documents, filling out forms, and crossing your fingers youre getting a refund. Phishing emails and text messages: Phishing schemes can happen through emails, texts or social media. You can learn how to report suspected phishing here. Carbonite is the perfect solution.

Scams 65

Scams Identity Theft Backups Phishing 65

Security Affairs

OCTOBER 15, 2024

To exploit this vulnerability, the attacker needed GitHub Enterprise Server’s encrypted assertions feature enabled, direct network access, and a signed SAML response or metadata document. “Please note that encrypted assertions are not enabled by default. The flaw affects all versions of Enterprise Server prior to 3.15

Encryption 127

Encryption Phishing Authentication Hacking 127

Malwarebytes

APRIL 19, 2021

In one of their most recent campaigns Lazarus used a complex targeted phishing attack against security researchers. On April 13, we identified a document used by this actor to target South Korea. This attack likely started by distributing phishing emails that were weaponized with a malicious document. Document Analysis.

Encryption 145

Encryption Phishing Malware Media 145

Malwarebytes

NOVEMBER 6, 2024

Train your employees in security awareness, so they can recognize phishing attempts and know what they can and can’t do on company-issued hardware. Very important files and documents can be encrypted or stored in password protected folders to keep them safe from prying eyes.

Small Business 106

Small Business Backups Firewall VPN 106

Krebs on Security

DECEMBER 27, 2019

20 warned against the dangers of phishing-based cyberattacks, less than three days prior to their (apparently phishing-based) Sodinokibi ransomware infestation. The company has nearly a thousand employees and brought in more than $100 million in revenue in the past year, according to their Web site.

Ransomware 238

Ransomware Financial Services Media Phishing 238

Webroot

FEBRUARY 21, 2025

Cybercriminals are constantly developing new malware , ransomware , and phishing attacks that can steal identities, encrypt memorable family photos and documents for ransom, and turn home computers into devices that criminals take over to send spam or steal data. This is where data encryption and automated backups come in.

Identity Theft 70

Identity Theft Backups Antivirus Encryption 70

Security Affairs

JANUARY 18, 2024

In the past, the group’s activity involved persistent phishing and credential theft campaigns leading to intrusions and data theft. Recently, TAG has observed COLDRIVER delivering custom malware via phishing campaigns using PDFs as lure documents. When the victims opens the PDF, an encrypted text is displayed.

Phishing 134

Phishing Malware Encryption Accountability 134

SecureList

OCTOBER 15, 2024

SideWinder’s most recent campaign schema Infection vectors The SideWinder attack chain typically starts with a spear-phishing email with an attachment, usually a Microsoft OOXML document (DOCX or XLSX) or a ZIP archive, which in turn contains a malicious LNK file. APP_DLL_URL URL used to download the encrypted payload.

Malware 143

Malware Encryption Architecture Phishing 143

SecureList

NOVEMBER 29, 2024

The campaign, which we dubbed EastWind , used phishing emails with malicious shortcuts attached to deliver malware to target computers. The attack starts with phishing emails purporting to be a court order or summons from an institution in Colombia’s judicial system.

Energy and Utilities 104

Energy and Utilities Ransomware Malware Government 104

Krebs on Security

AUGUST 19, 2021

. “According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote. For example, the Lockbit 2.0 “Would you like to earn millions of dollars?

Ransomware 363

Ransomware Social Engineering Cybercrime Scams 363