The Hacker News

FEBRUARY 3, 2023

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Malware 80

Malware Phishing 80

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. 16Shop documentation instructing operators on how to deploy the kit. Image: Akamai.com. Image: Akamai. Image: ZeroFox.

Phishing 190

Phishing Passwords Internet Internet 190

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware. Please download and read the attached encrypted document carefully.

Phishing 278

Phishing Antivirus Scams Malware 278

Tech Republic Security

APRIL 29, 2020

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Phishing 196

Phishing Malware 196

Security Affairs

DECEMBER 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882 (CVSS score: 7.8), as part of phishing campaigns to spread the Agent Tesla malware.

Malware 101

Malware Phishing Spyware Cyber threats 101

Bleeping Computer

AUGUST 30, 2022

Threat analysts have spotted a new malware campaign dubbed 'GO#WEBBFUSCATOR' that relies on phishing emails, malicious documents, and space images from the James Webb telescope to spread malware. [.].

Malware 145

Malware Phishing 145

The Hacker News

JANUARY 18, 2024

The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. The lures are

Malware 77

Malware Phishing 77

Bleeping Computer

AUGUST 23, 2021

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [.].

Phishing 145

Phishing Malware 145

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 267

Phishing Scams Banking Mobile 267

Bleeping Computer

DECEMBER 13, 2021

A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. [.].

Phishing 143

Phishing Malware 143

Security Boulevard

DECEMBER 4, 2023

In the ever-evolving landscape of cybersecurity, a recent discovery sheds light on a new phishing attack being dubbed the Konni malware. Identifying The Konni […] The post Konni Malware Alert: Uncovering The Russian-Language Threat appeared first on TuxCare.

Malware 72

Malware Phishing Cybersecurity Cyber threats 72

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S. OpenSSH is also used for external access.

Phishing 110

Phishing Cybercrime Manufacturing Hacking 110

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Phishing 100

Phishing Cyber Attacks Malware Internet 100

Heimadal Security

JULY 15, 2022

Researchers have uncovered a new phishing kit that, under the guise of security controls, injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data. This data includes government documents, photos, and even financial information.

Phishing 102

Phishing Social Engineering Scams Engineering 102

Security Affairs

APRIL 17, 2020

Google says that the Gmail malware scanners have blocked around 18 million phishing and malware emails using COVID-19 lures in just one week. “Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19.

Phishing 122

Phishing Malware Government Small Business 122

Malwarebytes

MARCH 22, 2023

Opening the attachment up reveals a Word document called W-9 form.doc This file’s size is 548,164 KB (548 MB), which is very suspicious. You won’t find many genuine Word documents weighing in at 500MB or more. Opening the document quickly becomes a game of Macro-related risk. This is no exception. File early.

Malware 98

Malware Scams Social Engineering Banking 98

Adam Levin

JUNE 12, 2020

and global protests of the killing of George Floyd are being used to spread malware according to the cybersecurity non-profit organization abuse.ch. . The Zurich-based group identified a phishing campaign that capitalizes on the Black Lives Matter movement to distribute malware. The documented by Abuse.ch

Malware 167

Malware Banking Phishing Ransomware 167

Security Affairs

NOVEMBER 18, 2020

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users of a large e-commerce platform in Latin America with malware tracked as Chaes.

Phishing 118

Phishing Malware Cryptocurrency Information Security 118

SecureWorld News

OCTOBER 30, 2023

When it comes to impactful types of internet-borne crime, phishing is the name of the game. It serves as a vessel for various strains of malware, including ransomware, and underlies data-stealing campaigns that target large organizations and individuals alike. And for good reason. Tactics matter a lot, too.

Phishing 100

Phishing Scams Passwords Wireless 100

The Hacker News

DECEMBER 20, 2023

Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla.

Malware 88

Malware Phishing 88

Bleeping Computer

DECEMBER 22, 2021

A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. [.].

Malware 138

Malware Phishing 138

The Hacker News

JULY 17, 2023

Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher Cara Lin said. "It

Malware 93

Malware Phishing 93

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware. Pierluigi Paganini.

Malware 93

Malware Phishing Banking Hacking 93

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware 95

Malware Phishing Banking Hacking 95

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. DocuSign is a service that allows people to sign documents in the Cloud. DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time.

Phishing 144

Phishing Password Management Passwords Accountability 144

SecureList

JUNE 28, 2023

Introduction Andariel, a part of the notorious Lazarus group, is known for its use of the DTrack malware and Maui ransomware in mid-2022. Their campaign introduced several new malware families, such as YamaBot and MagicRat, but also updated versions of NukeSped and, of course, DTrack.

Malware 133

Malware Cybercrime Phishing Ransomware 133

Malwarebytes

JULY 19, 2022

This data includes identification documents, spreadsheets related to Roblox creators, and various email addresses. At time of writing, there’s no specifics with regard to the “identification documents” This could mean driving licence, passport, employee ID scan…we simply don’t know at the moment.

Accountability 90

Accountability Phishing Hacking Ransomware 90

The Hacker News

AUGUST 17, 2023

The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,

Phishing 83

Phishing Malware 83

Bleeping Computer

JUNE 7, 2022

A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. [.].

Malware 99

Malware Phishing 99

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. The figures revealed by Google are awesome, the company declared that its malware scanner processes more than 300 billion attachments each week. SecurityAffairs – Gmail, malware).

Malware 115

Malware Advertising Technology Engineering 115

The Hacker News

JULY 13, 2023

The intrusion set, which stretches from April 2022 to July 2023, leverages phishing lures and decoy documents to deploy a downloader malware called PicassoLoader, which

Malware 88

Malware Phishing Government 88

Security Boulevard

JULY 28, 2022

Emotet is a Windows-based malware loader operated by the cybercrime group TA542 ( 1 ), also referred to as Mummy Spider ( 2 ). Emotet is primarily distributed through phishing campaigns ( 1 ). Emotet has been observed dropping other malware families such as Qakbot ( 5 ) and CobaltStrike ( 6 ). First Stage: Initial Delivery.

Encryption 59

Encryption Malware Phishing Cybercrime 59

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 134

Advertising Manufacturing Hacking Cyber Attacks 134

Identity IQ

FEBRUARY 7, 2023

What is Phishing? One of the most common techniques used to exploit web users is the phishing scam. This article will cover what phishing is, cybercriminals’ different approaches, and how to prevent yourself from becoming a victim. What is Phishing? How Does Phishing Work? Spear Phishing.

Phishing 98

Phishing Identity Theft Scams Banking 98

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.

Social Engineering 77

Social Engineering Mobile Authentication Engineering 77

Security Boulevard

APRIL 17, 2023

Executive Summary On February 09, 2023, EclecticIQ analysts identified a spear phishing campaign targeting Ukrainian government entities like the Foreign Intelligence Service of Ukraine (SZRU) and Security Service of Ukraine (SSU). The SMTP server contained a web panel designed to create and distribute spear phishing emails.

Phishing 84

Phishing Social Engineering Malware Government 84

Security Affairs

DECEMBER 13, 2020

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. ” confirmed the company. Pierluigi Paganini.

Marketing 136

Marketing Phishing Hacking Data breaches 136