The Hacker News

DECEMBER 22, 2023

A new phishing campaign is leveraging decoy Microsoft Word documents as bait to deliver a backdoor written in the Nim programming language.

Malware 89

Malware Engineering Phishing 89

Krebs on Security

MAY 22, 2019

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}. Please download and read the attached encrypted document carefully.

Phishing 277

Phishing Antivirus Scams Malware 277

The Hacker News

SEPTEMBER 12, 2023

A sophisticated phishing campaign is using a Microsoft Word document lure to distribute a trifecta of threats, namely Agent Tesla, OriginBotnet, and RedLine Clipper, to gather a wide range of information from compromised Windows machines. "A

Phishing 118

Phishing 118

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. And spear-phishing others that frequently interact with the SCO via email could land the bad guys even more access to state systems.

Phishing 270

Phishing Data breaches Accountability Technology 270

Tech Republic Security

APRIL 29, 2020

Application Guard for Office and Safe Documents will make phishing attacks harder and the Office experience better for users, starting with Office 365 Pro Plus and E5 licences.

Phishing 199

Phishing Malware 199

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 256

Phishing Scams Banking Mobile 256

The Hacker News

FEBRUARY 9, 2023

Popular social news aggregation platform Reddit has disclosed that it was the victim of a security incident that enabled unidentified threat actors to gain unauthorized access to internal documents, code, and some unspecified business systems. The attack

Phishing 92

Phishing 92

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 126

Phishing Cybercrime Advertising Hacking 126

SecureWorld News

FEBRUARY 16, 2024

Tripwire explains: Attackers are using fake encrypted PDF documents to try to phish for unsuspecting users’ login credentials. John Bambenek, a handler at SANS Internet Storm Center, disclosed the phishing campaign on 4 January. As he told Threatpost : “This is an untargeted phishing campaign.

Phishing 83

Phishing Scams Security Awareness Encryption 83

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 87

Phishing Cybercrime Authentication Mobile 87

CyberSecurity Insiders

MAY 11, 2023

Intro In February 2022, Microsoft disabled VBA macros on documents due to their frequent use as a malware distribution method. OneNote documents have emerged as a new infection vector, which contain malicious code that executes when the document is interacted with. However, the best defense is always prevention.

Malware 98

Malware Social Engineering Engineering Education 98

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin. ” concludes the report.

Phishing 103

Phishing Cyber Attacks Malware Internet 103

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. file classified as MASEPIE.

Phishing 125

Phishing Malware Computers and Electronics Internet 125

The Hacker News

FEBRUARY 3, 2023

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Malware 82

Malware Phishing 82

Malwarebytes

JULY 12, 2023

Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents. An attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim.

Telecommunications 88

Telecommunications Phishing Software Government 88

The Hacker News

SEPTEMBER 3, 2021

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S.

Phishing 119

Phishing 119

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. DocuSign is a service that allows people to sign documents in the Cloud. DocuSign is a service that allows people to sign documents in the Cloud. Signing documents electronically saves a lot of paper and time.

Phishing 143

Phishing Password Management Passwords Accountability 143

CSO Magazine

JANUARY 4, 2023

In a case that highlights how attackers can leverage information from data breaches to enhance their attacks, a group of attackers is using customer information stolen from a Colombian bank in phishing attacks with malicious documents, researchers report. Stolen data used to add credibility to future attacks.

Banking 118

Banking Phishing Data breaches Marketing 118

Joseph Steinberg

DECEMBER 1, 2020

As such, scammers sending bogus Verification messages request that recipients do the same, and exploit the fact that so many people both expect to be asked for copies of such documents as part of the Verification process, and are willing to share such documents in order to become Verified.

Media 246

Media Accountability Phishing Scams 246

Bleeping Computer

JULY 23, 2023

Microsoft is further enhancing the Windows 11 Enhanced Phishing Protection by testing a new feature that warns users when they copy and paste their Windows password into websites and documents. [.]

Phishing 92

Phishing Passwords 92

Security Affairs

OCTOBER 12, 2020

Security experts from Cyble found alleged sensitive documents of NATO and Turkey, is it a case of cyber hacktivism or cyber espionage? The post Researchers found alleged sensitive documents of NATO and Turkey appeared first on Security Affairs. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Advertising 133

Advertising Manufacturing Cyber Attacks Hacking 133

Bleeping Computer

JUNE 6, 2022

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [.].

Phishing 139

Phishing Government 139

SecureWorld News

OCTOBER 30, 2023

When it comes to impactful types of internet-borne crime, phishing is the name of the game. According to Verizon's 2023 Data Breach Investigations Report (DBIR), a whopping 74% of breaches involve a human element, which is exactly what phishing aims to exploit. And for good reason. Tactics matter a lot, too.

Phishing 93

Phishing Scams Passwords Wireless 93

Malwarebytes

JULY 19, 2022

This data includes identification documents, spreadsheets related to Roblox creators, and various email addresses. At time of writing, there’s no specifics with regard to the “identification documents” This could mean driving licence, passport, employee ID scan…we simply don’t know at the moment.

Accountability 88

Accountability Phishing Hacking Ransomware 88

Bleeping Computer

DECEMBER 13, 2021

A new variant of the Agent Tesla malware has been spotted in an ongoing phishing campaign that relies on Microsoft PowerPoint documents laced with malicious macro code. [.].

Phishing 135

Phishing Malware 135

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 97

Encryption Phishing Accountability Authentication 97

Heimadal Security

OCTOBER 18, 2021

A fresh variant of a phishing campaign has been recently detected. The attack methods it uses consist of malicious Excel documents that are almost untraceable. The researchers who discovered this new phishing campaign were those from Morphisec Labs and according to […]. MirrorBlast: How Does It Work?

Phishing 113

Phishing Cybersecurity 113

Heimadal Security

JULY 15, 2022

Researchers have uncovered a new phishing kit that, under the guise of security controls, injects malware into legitimate WordPress sites and uses a fake PayPal-branded social engineering scam to trick targets into handing over their most sensitive data. This data includes government documents, photos, and even financial information.

Phishing 96

Phishing Social Engineering Scams Engineering 96

Security Affairs

JANUARY 28, 2021

Researchers from RiskIQ have discovered a new phishing kit dubbed LogoKit that dynamically compose phishing content. Researchers from RiskIQ discovered a new phishing kit that outstands for its ability to dynamically create phishing messages to target specific users. SecurityAffairs – hacking, Phishing).

Phishing 131

Phishing Cryptocurrency Passwords Hacking 131

Bleeping Computer

AUGUST 23, 2021

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [.].

Phishing 145

Phishing Malware 145

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 106

Phishing Marketing Banking Technology 106

Security Affairs

JANUARY 6, 2022

Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. The attack chain is very simple, attackers create a Google Document using their Google account. SecurityAffairs – hacking, Phishing). The comment mentions the target with an @.

Phishing 117

Phishing Accountability Hacking Information Security 117

Identity IQ

FEBRUARY 7, 2023

What is Phishing? One of the most common techniques used to exploit web users is the phishing scam. This article will cover what phishing is, cybercriminals’ different approaches, and how to prevent yourself from becoming a victim. What is Phishing? How Does Phishing Work? Spear Phishing.

Phishing 98

Phishing Identity Theft Scams Banking 98

Krebs on Security

NOVEMBER 2, 2018

Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. That phishing site prompted visitors to enter their account credentials — including usernames, passwords, one-time passcodes and PIN numbers — to unlock their accounts.

Phishing 232

Phishing Banking Scams Accountability 232

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. Upon opening the PDF file, it will display a message stating that the document could not be viewed and that they should click on a button to try again.

Phishing 97

Phishing Accountability Hacking Surveillance 97

SecureList

MARCH 27, 2023

technologies — the distributed file system IPFS — for email phishing attacks. URL formats can be quite different, for example: [link] [link] Phishing and IPFS In 2022, scammers began actively using IPFS for email phishing attacks. The use of a distributed file system allows attackers to cut back on phishing page hosting costs.

Phishing 99

Phishing Technology Internet Internet 99

Security Affairs

FEBRUARY 27, 2020

Google announced that the new scanning capabilities implemented in Gmail have increased the detection rate of malicious documents. “Gmail protects your incoming mail against spam, phishing attempts, and malware. The post Data on Detection of Malicious Documents in Gmail are impressive appeared first on Security Affairs.

Malware 118

Malware Advertising Technology Engineering 118