Document, Information Security and Phishing

North Korea-linked Konni APT uses Russian-language weaponized documents

Security Affairs

NOVEMBER 24, 2023

North Korea-linked Konni APT group used Russian-language Microsoft Word documents to deliver malware. FortiGuard Labs researchers observed the North Korea-linked Konni APT group using a weaponized Russian-language Word document in an ongoing phishing campaign. The Word document seems to be in the Russian language.

Encryption

Encryption Malware Phishing Hacking

FIN7 targeted a large U.S. carmaker phishing attacks

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. OpenSSH is also used for external access.

Phishing

Phishing Cybercrime Manufacturing Hacking

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing

Phishing Cybercrime Advertising Hacking

Combatting Phishing with Enhanced Cybersecurity Awareness Programs

SecureWorld News

OCTOBER 24, 2023

Phishing is all around us. Attackers use a variety of tricks to get their hands on personal data, payment information, and corporate secrets. They send super-lucrative offers by email, create fake websites and payment pages, and distribute malicious scripts under the guise of useful documents.

Phishing

Phishing Cybersecurity Security Awareness Computers and Electronics

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising

Advertising Manufacturing Hacking Cyber Attacks

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing

Phishing Cybercrime Authentication Mobile

A phishing campaign targets Ukrainian military entities with drone manual lures

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Phishing

Phishing Cyber Attacks Malware Internet

Russia-linked APT28 used new malware in a recent phishing campaign

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. The group employed previously undetected malware such as OCEANMAP, MASEPIE, and STEELHOOK to steal sensitive information from target networks. file classified as MASEPIE.

Phishing

Phishing Malware Computers and Electronics Internet

Phishing attack targets DocuSign and SharePoint users

SC Magazine

JULY 2, 2021

Researchers reported on Friday that cybercriminals are mimicking legitimate correspondence to actively target popular cloud applications DocuSign and SharePoint in phishing attacks designed to steal user log-in credentials. The post Phishing attack targets DocuSign and SharePoint users appeared first on SC Media.

Phishing

Phishing Authentication Security Awareness Media

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption

Encryption Phishing Accountability Authentication

LogoKit, a new phishing kit that dynamically creates phishing forms

Security Affairs

JANUARY 28, 2021

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users. SecurityAffairs – hacking, Phishing).

Phishing

Phishing Cryptocurrency Passwords Hacking

Google Docs comment feature abused in phishing campaign

Security Affairs

JANUARY 6, 2022

Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. The attack chain is very simple, attackers create a Google Document using their Google account. SecurityAffairs – hacking, Phishing). The comment mentions the target with an @.

Phishing

Phishing Accountability Hacking Information Security

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. Pierluigi Paganini.

Phishing

Phishing Accountability Hacking Surveillance

Data on Detection of Malicious Documents in Gmail are impressive

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. “Gmail protects your incoming mail against spam, phishing attempts, and malware. The post Data on Detection of Malicious Documents in Gmail are impressive appeared first on Security Affairs.

Malware

Malware Advertising Technology Engineering

TodayZoo phishing kit borrows the code from other kits

Security Affairs

OCTOBER 24, 2021

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns. com domain to send the phishing messages.

Phishing

Phishing Passwords Hacking Accountability

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Security Affairs

DECEMBER 25, 2021

The phishing messages use weaponized Word or Excel attachments to install the Dridex banking Trojan. “This letter is to inform you that you have been exposed to a coworker who tested positive for OMICRON variant of COVID-19 sometime between December 18th and 20th,” reads a phishing message shared by Bleeping Computer.

Phishing

Phishing Passwords Banking Malware

Hacked Subway UK marketing system used in TrickBot phishing campaign

Security Affairs

DECEMBER 13, 2020

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. The system does not hold any bank or credit card details.”

Marketing

Marketing Phishing Hacking Data breaches

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Security Affairs

AUGUST 12, 2021

Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020. Microsoft revealed that a year-long spear-phishing campaign has targeted Office 365 customers in multiple attacks starting with July 2020. com , or api[.]statvoo[.]com Pierluigi Paganini.

Phishing

Phishing Passwords Encryption Cybercrime

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

Security Affairs

JULY 9, 2021

Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in phishing attacks. Most of the phishing attacks leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. SecurityAffairs – hacking, phishing).

Phishing

Phishing Social Engineering Banking Engineering

Passwords stolen via phishing campaign available through Google search

Security Affairs

JANUARY 21, 2021

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. . Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation into a large-scale phishing campaign that targeted thousands of global organizations.

Phishing

Phishing Passwords Manufacturing Healthcare

Homoglyph attacks used in phishing campaign and Magecart attacks

Security Affairs

AUGUST 9, 2020

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. ” continues the analysis.

Phishing

Phishing Advertising Scams Accountability

CISA warns of phishing attacks delivering KONNI RAT

Security Affairs

AUGUST 17, 2020

Threat actors used a decoy document titled “Pyongyang e-mail lists – April 2017” and it contained the email addresses and phone numbers of individuals working at organizations such as the United Nations, UNICEF and embassies linked to North Korea. The KONNI malware also employed in at least two campaigns in 2017. Pierluigi Paganini.

Phishing

Phishing Malware Advertising Architecture

Your colleague was infected with Coronavirus, this is the latest phishing lure

Security Affairs

MARCH 30, 2020

Security experts uncovered a new Coronavirus-themed phishing campaign, the messages inform recipients that they have been exposed to the virus. Upon opening the file, victims will need to ‘Enable Content’ to view the content of the protected document, but this action will trigger the infection process.

Phishing

Phishing Advertising Cryptocurrency Malware

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

Security Affairs

MAY 28, 2021

The phishing campaign detected by MSTIC leveraged the Google Firebase platform to provide an ISO file containing the malicious code. MSTIC also spotted the nation-state hackers experimenting with attacks that don’t leverage the ISO from Firebase, and instead encoding it within the HTML document. ” continues the report.

Phishing

Phishing Threat Detection Telecommunications Malware

COVID-19 – Phishing attacks target employees that come back to the office

Security Affairs

MAY 30, 2021

Workers are going back to offices after months of remote working and crooks are attempting to exploit the situation by conducting spear-phishing attacks against their organizations. The messages pretend to provide information about changes to business operations the company is taking relative to the COVID-19 pandemic.

Phishing

Phishing Authentication Government Accountability

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The post Phishing attacks using the topic “Azovstal” targets entities in Ukraine appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Phishing

Phishing Cybercrime Ransomware Encryption

Russia behind a massive spear-phishing campaign that hit Ukraine

Security Affairs

JUNE 7, 2021

Ukraine warned of a “massive” spear-phishing campaign carried out by Russia-linked threat actors against its government and private businesses. This is the third massive spear-phishing campaign that the Ukrainian government attributed to Russia-linked threat actors this year. Follow me on Twitter: @securityaffairs and Facebook.

Phishing

Phishing Government Antivirus Passwords

APWG: Phishing maintained near-record levels in the first quarter of 2021

Security Affairs

JUNE 13, 2021

The Anti-Phishing Working Group (APWG) revealed that the number of phishing websites peaked at record levels in the first quarter of 2021. The Anti-Phishing Working Group (APWG) has published its new Phishing Activity Trends Report related to the first quarter of 2021. Reported Phishing Websites for Q1 2021.

Phishing

Phishing Advertising Cryptocurrency Encryption

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Security Affairs

NOVEMBER 18, 2020

Chaes is also able to take screenshots of the victim’s machine, and hook and monitor the Chrome web browser to collect user information from infected hosts. The kill chain starts with phishing messages that use a.docx file that once is opened triggers a template injection attack. ” concludes the report.

Phishing

Phishing Malware Cryptocurrency Information Security

Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week

Security Affairs

APRIL 17, 2020

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. Google announced that its anti-malware solutions implemented to defend its Gmail users have blocked around 18 million phishing and malware emails using COVID-19 lures within the last seven days.

Phishing

Phishing Malware Government Small Business

Coldriver threat group targets high-ranking officials to obtain credentials

Malwarebytes

JANUARY 22, 2024

These targets are approached in spear phishing attacks. The group uses social engineering techniques to persuade their targets to open documents or download malware. Once a relationship has been established, the target will receive a phishing link or a document containing such a link.

Social Engineering

Social Engineering Government Media DNS

ICANN Launches Service to Help With WHOIS Lookups

Krebs on Security

DECEMBER 6, 2023

ICANN contends that the use of a standardized request form makes it easier for the correct information and supporting documents to be provided to evaluate a request. Accredited registrars don’t have to participate, but ICANN is asking all registrars to join and says participants can opt out or stop using it at any time.

Phishing

Phishing Internet Internet Scams

Experts uncovered an advanced phishing campaign delivering the Quasar RAT

Security Affairs

AUGUST 27, 2019

Researchers at Cofense uncovered an advanced phishing campaign delivering Quasar RAT via fake resumes. Experts at security firm Cofense observed an advanced phishing campaign delivering Quasar RAT via fake resumes. The fake resumes distributed in this phishing campaign detected are password-protected Microsoft Word documents.

Phishing

Phishing Passwords Advertising Malware

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Security Affairs

SEPTEMBER 20, 2019

Cofense researchers spotted a phishing campaign that is targeting taxpayers in the United States to infect them with the Amadey malware. Security experts at Cofense uncovered a phishing campaign that is targeting taxpayers in the United States attempting to infect them with a new piece of malware named Amadey. The post U.S.

Phishing

Phishing Social Engineering Malware Advertising

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Security Affairs

SEPTEMBER 18, 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic , it accounted for 46 percent of the total number of fake web pages. Secure web- phishing. In the light of global pandemic and the businesses’ dive into online world, the share of this phishing category increased to remarkable 46 percent.

Phishing

Phishing Ransomware Spyware Banking

Threat actors hacked the Dropbox Sign production environment

Security Affairs

MAY 2, 2024

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data.

Hacking

Hacking Authentication Passwords Accountability

Threat actors leak Activision employee data on hacking forum

Security Affairs

FEBRUARY 27, 2023

The Threat Actors successfully phished a privileged user on the network. They exfiltrated sensitive work place documents as well as scheduled to be released content dating to November 17th, 2023. “The security of our data is paramount and we have comprehensive information security protocols in place to ensure its confidentiality.

Hacking

Hacking Cybercrime Social Engineering Data breaches

Real estate agency exposes details of 690k customers

Security Affairs

DECEMBER 21, 2023

Businesses employ MongoDB to organize and store large swaths of document-oriented information. The exposed database hosted over 100K links with scanned documents hosted on a Goyzer domain. The data was leaked via a publicly exposed and passwordless MongoDB database, which has since been closed.

Identity Theft

Identity Theft Scams Phishing Accountability

China-linked APT uses a new backdoor in attacks at Russian defense contractor

Security Affairs

APRIL 30, 2021

The state-sponsored hackers sent spear-phishing messages to a general director working at the Rubin Design Bureau , in Saint Petersburg, which is one of three main Russian centers of submarine design. The spear-phishing messages used a malicious Rich Text File (RTF) document that included descriptions of an autonomous underwater vehicle.

Phishing

Phishing Malware Antivirus Encryption

US Utilities Targeted with LookBack RAT in a new phishing campaign

Security Affairs

SEPTEMBER 24, 2019

Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. Security experts at Proofpoint have discovered a new series of phishing attacks targeting entities US utilities in an attempt to deliver the LookBack RAT. nceess [. ] Nceess [. ]

Phishing

Phishing Energy and Utilities Advertising Engineering

Recent DarkGate campaign exploited Microsoft Windows zero-day

Security Affairs

MARCH 14, 2024

In the campaign observed by ZDI, threat actors used PDF documents lures that contained Google DoubleClick Digital Marketing (DDM) open redirects. “The phishing campaign employed open redirect URLs from Google Ad technologies to distribute fake Microsoft software installers (.MSI) MSI) installers. net domain inside the PDF file.

Phishing

Phishing Malware Software Internet

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

OCTOBER 20, 2022

The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) The malicious document was uploaded from Jordan on August 25, 2022. . The experts believe the backdoor is distributed as a part of a spear phishing campaign conducted by a sophisticated threat actor. posing as a LinkedIn-based job application.

Encryption

Encryption Phishing Hacking Cybersecurity

New Woody RAT used in attacks aimed at Russian entities

Security Affairs

AUGUST 4, 2022

The attackers were delivering the malware using archive files and Microsoft Office documents exploiting the Follina Windows flaw ( CVE-2022-30190 ). “The earliest versions of this Rat was typically archived into a zip file pretending to be a document specific to a Russian group.

Malware

Malware Information Security Encryption Phishing

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC. Automotive Industry Chinese Organized Crime’s Latest U.S.

Data breaches

Data breaches Phishing Ransomware Malware

North Korea-linked Konni APT uses Russian-language weaponized documents

FIN7 targeted a large U.S. carmaker phishing attacks

Trending Sources

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform

Combatting Phishing with Enhanced Cybersecurity Awareness Programs

Researchers found alleged sensitive documents of NATO and Turkey

DEV-1101 AiTM phishing kit is fueling large-scale phishing campaigns

A phishing campaign targets Ukrainian military entities with drone manual lures

Russia-linked APT28 used new malware in a recent phishing campaign

Phishing attack targets DocuSign and SharePoint users

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

LogoKit, a new phishing kit that dynamically creates phishing forms

Google Docs comment feature abused in phishing campaign

Microsoft disrupts SEABORGIUM ’s ongoing phishing operations

Data on Detection of Malicious Documents in Gmail are impressive

TodayZoo phishing kit borrows the code from other kits

Omicron-themed phishing attacks spread Dridex and taunt with funeral helpline

Hacked Subway UK marketing system used in TrickBot phishing campaign

Microsoft warns of a evasive year-long spear-phishing campaign targeting Office 365 users

Hackers use a new technique in phishing attacks to disable Macro security warnings in weaponized docs

Passwords stolen via phishing campaign available through Google search

Homoglyph attacks used in phishing campaign and Magecart attacks

CISA warns of phishing attacks delivering KONNI RAT

Your colleague was infected with Coronavirus, this is the latest phishing lure

Microsoft details new sophisticated spear-phishing attacks from NOBELIUM

COVID-19 – Phishing attacks target employees that come back to the office

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Russia behind a massive spear-phishing campaign that hit Ukraine

APWG: Phishing maintained near-record levels in the first quarter of 2021

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Gmail blocked 18 Million phishing and malware emails using COVID-19 lures in a week

Coldriver threat group targets high-ranking officials to obtain credentials

ICANN Launches Service to Help With WHOIS Lookups

Experts uncovered an advanced phishing campaign delivering the Quasar RAT

U.S. taxpayers hit by a phishing campaign delivering the Amadey bot

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Threat actors hacked the Dropbox Sign production environment

Threat actors leak Activision employee data on hacking forum

Real estate agency exposes details of 690k customers

China-linked APT uses a new backdoor in attacks at Russian defense contractor

US Utilities Targeted with LookBack RAT in a new phishing campaign

Recent DarkGate campaign exploited Microsoft Windows zero-day

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

New Woody RAT used in attacks aimed at Russian entities

Security Affairs newsletter Round 468 by Pierluigi Paganini – INTERNATIONAL EDITION

Stay Connected