SC Magazine

JULY 2, 2021

Researchers reported on Friday that cybercriminals are mimicking legitimate correspondence to actively target popular cloud applications DocuSign and SharePoint in phishing attacks designed to steal user log-in credentials. The post Phishing attack targets DocuSign and SharePoint users appeared first on SC Media.

Phishing 136

Phishing Authentication Security Awareness Media 136

Security Affairs

MARCH 31, 2025

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Armageddon , Primitive Bear , ACTINIUM , Callisto ) targets Ukraine with a phishing campaign. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a.

Phishing 114

Phishing Antivirus Encryption Hacking 114

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. ” reads the report published by Trellix.

Phishing 144

Phishing DNS Social Engineering Engineering 144

Security Affairs

DECEMBER 13, 2020

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. The system does not hold any bank or credit card details.”

Marketing 145

Marketing Phishing Hacking Data breaches 145

Security Affairs

JANUARY 6, 2022

Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. The attack chain is very simple, attackers create a Google Document using their Google account. SecurityAffairs – hacking, Phishing). The comment mentions the target with an @.

Phishing 133

Phishing Accountability Hacking Information Security 133

Security Affairs

JANUARY 21, 2021

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. . Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation into a large-scale phishing campaign that targeted thousands of global organizations.

Phishing 145

Phishing Passwords Manufacturing Healthcare 145

Security Affairs

APRIL 17, 2020

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days.

Phishing 145

Phishing Malware Government Small Business 145

Security Affairs

JULY 30, 2024

The domains and documents employed in the campaign as part of the first stage of the attack suggest threat actors are targeting of Pakistan, Egypt and Sri Lanka. In recent campaign, the threat actors used meticulously crafted documents that appear to be legitimate and familiar to the target.

Phishing 123

Phishing Malware Hacking Information Security 123

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 144

Phishing Cybercrime Advertising Hacking 144

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Phishing 135

Phishing Cyber Attacks Malware Internet 135

Security Affairs

AUGUST 17, 2020

Threat actors used a decoy document titled “Pyongyang e-mail lists – April 2017” and it contained the email addresses and phone numbers of individuals working at organizations such as the United Nations, UNICEF and embassies linked to North Korea. The KONNI malware also employed in at least two campaigns in 2017. Pierluigi Paganini.

Phishing 139

Phishing Malware Advertising Architecture 139

Security Affairs

AUGUST 9, 2020

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. ” continues the analysis.

Phishing 145

Phishing Advertising Scams Accountability 145

Security Affairs

JUNE 7, 2025

Cybersecurity researcher Bob Dyachenko and the Cybernews team discovered a massive data leak in China that exposed billions of documents, including financial, WeChat, and Alipay data, likely affecting hundreds of millions.

Surveillance 131

Surveillance Banking Phishing Passwords 131

Krebs on Security

DECEMBER 6, 2023

ICANN contends that the use of a standardized request form makes it easier for the correct information and supporting documents to be provided to evaluate a request. Accredited registrars don’t have to participate, but ICANN is asking all registrars to join and says participants can opt out or stop using it at any time.

Phishing 308

Phishing Internet Internet Scams 308

Security Affairs

OCTOBER 25, 2024

Cisco warned customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. The company published a document containing recommendations against password spray attacks aimed at Remote Access VPN (RAVPN) services.

VPN 114

VPN Firewall Technology Passwords 114

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Dubai Police have warned against calls from scammers asking for financial details, reminding residents that official institutions will never request this information over the phone.

Social Engineering 112

Social Engineering Phishing Banking DNS 112

Security Affairs

AUGUST 12, 2021

Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020. com , or api[.]statvoo[.]com Pierluigi Paganini.

Phishing 130

Phishing Passwords Encryption Cybercrime 130

Security Affairs

NOVEMBER 18, 2020

Chaes is also able to take screenshots of the victim’s machine, and hook and monitor the Chrome web browser to collect user information from infected hosts. The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. ” concludes the report.

Phishing 135

Phishing Malware Cryptocurrency Information Security 135

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing 142

Phishing Malware Computers and Electronics Internet 142

Security Affairs

FEBRUARY 12, 2025

The threat actor impersonates a South Korean government official to build trust with the target before sending a spear-phishing email with a bait PDF attachment. The IT giant recommends training users about phishing and employing attack surface reduction rules. LNK shortcut files, disguised as Office documents.

Phishing 90

Phishing Malware Security Intelligence Hacking 90

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 98

Phishing Cybercrime Authentication Advertising 98

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing 127

Phishing Advertising Cryptocurrency Encryption 127

SecureWorld News

OCTOBER 24, 2023

Phishing is all around us. Attackers use a variety of tricks to get their hands on personal data, payment information, and corporate secrets. They send super-lucrative offers by email, create fake websites and payment pages, and distribute malicious scripts under the guise of useful documents.

Phishing 109

Phishing Cybersecurity Security Awareness Computers and Electronics 109

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Subject lines included “your document” and “photo of you???”. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing 134

Phishing Ransomware Security Awareness Authentication 134

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. OpenSSH is also used for external access.

Phishing 133

Phishing Cybercrime Manufacturing Hacking 133

Security Affairs

FEBRUARY 8, 2025

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware.

Phishing 74

Phishing Malware Security Intelligence Hacking 74

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Beware before you share Phishing scams Avoid clicking on malicious links in emails and social media.

Consumer Protection 101

Consumer Protection Identity Theft Scams Social Engineering 101

Security Affairs

APRIL 21, 2025

Experts observed Kimsuky sending phishing emails targeting Korea and Japan from compromised systems. Their activity includes phishing campaigns against South Korea and Japan and attacks on South Koreas software, energy, and financial sectors starting in October 2023. LNK shortcut files, disguised as Office documents.

Phishing 80

Phishing Malware Security Intelligence Hacking 80

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 98

Encryption Phishing Accountability Authentication 98

Security Affairs

JUNE 21, 2024

French information security agency ANSSI reported that Russia-linked threat actor Nobelium is behind a series of cyber attacks that targeted French diplomatic entities. The French information security agency ANSSI reported that Russia-linked APT Nobelium targeted French diplomatic entities. ” continues the report.

Phishing 135

Phishing Accountability Information Security Cyber Attacks 135

Security Affairs

APRIL 20, 2025

BPFDoors Hidden Controller Used Against Asia, Middle East Targets Gorilla, a newly discovered Android malware Cascading Shadows: An Attack Chain Approach to Avoid Detection and Complicate Analysis IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia Unmasking the new XorDDoS controller and infrastructure Byte Bandits: How (..)

Malware 80

Malware Cryptocurrency Encryption Phishing 80

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle.

Phishing 142

Phishing Malware Encryption Antivirus 142

Security Affairs

APRIL 21, 2023

Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims. The infographic below outlines the most common types of phishing attacks used against individuals or businesses. The eight most common forms of phishing-based cyberattacks.

Phishing 98

Phishing Social Engineering Security Awareness Passwords 98

Security Affairs

MAY 21, 2025

APT28 used various methods for initial access, including brute-force attacks, spear-phishing, and exploiting known vulnerabilities in Outlook, Roundcube , WinRAR , VPNs, and SOHO devices. Attackers sent emails mimicking government/cloud providers, often in the target language, and used lures like legit documents. Germany, and France.

Technology 78

Technology Malware Phishing Government 78

Krebs on Security

APRIL 14, 2019

But when the interested party inquires about the listing, they are sent a link to a site that looks like Airbnb.com but which is actually a phishing page. The price is € 250 + €500 secure deposit. In the case of these particular fraudsters, their fake page was “ airbnb.longterm-airbnb[.]co[.]uk

Scams 277

Scams Advertising Accountability Phishing 277

SecureWorld News

DECEMBER 30, 2024

Physical security must also be addressed. Be sure to secure server rooms, document archives, and other sensitive areas that could be involved in the incident. Update door access codes and verify that all physical security measures are functioning properly.

Data breaches 111

Data breaches Social Engineering Passwords Accountability 111

Security Affairs

AUGUST 14, 2020

The campaigns were classified as either phishing or malware. This report provides intelligence and indicators of compromise (IOCs) that organizations can use to fight current attacks, anticipating emerging threats, and manage security awareness in a better way. Phishing and Malware Q2 2020.

Threat Reports 145

Threat Reports Phishing Banking Malware 145