Krebs on Security

AUGUST 9, 2021

That was right after KrebsOnSecurity broke the news that someone had hacked BriansClub and siphoned information on 26 million stolen debit and credit accounts. The hacked BriansClub database had an estimated collective street value of $566 million , and that data was subsequently shared with thousands of financial institutions.

Phishing 354

Phishing Cybercrime Accountability Advertising 354

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries. If an executive's phone gets hacked, it will open a new gateway into highly valuable information," Savolainen said.

Phishing 97

Phishing Mobile Encryption Technology 97

Krebs on Security

FEBRUARY 26, 2023

Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group. But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website.

Hacking 265

Hacking Social Engineering Phishing Scams 265

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 102

Phishing Cybercrime Passwords Banking 102

Security Affairs

DECEMBER 13, 2020

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. SecurityAffairs – hacking, Subway UK).

Marketing 135

Marketing Phishing Hacking Data breaches 135

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing 110

Phishing Education Social Engineering Media 110

Schneier on Security

JULY 13, 2021

In subsequent phishing emails, TA453 shifted their tactics and began delivering the registration link earlier in their engagement with the target without requiring extensive conversation. The compromised site was configured to capture a variety of credentials.

Hacking 350

Hacking Phishing Accountability Cybersecurity 350

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. ” Pierluigi Paganini Follow me on Twitter: @securityaffairs and Facebook and Mastodon ( SecurityAffairs – hacking, FIN7)

Phishing 108

Phishing Cybercrime Manufacturing Hacking 108

Graham Cluley

NOVEMBER 30, 2023

A 28-year-old maj has pleaded guilty to charges that he illegally hacked the network of his former company, telecoms firm Motorola, after he successfully tricked current staff into handing over their login credentials. Read more in my article on the Tripwire State of Security blog.

Hacking 117

Hacking Phishing Data breaches 117

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Phishing Reporting : Report phishing emails and other malicious cyber activities to relevant authorities like the FBI’s IC3 and the NJCCIC.

Phishing 77

Phishing Ransomware Security Awareness Authentication 77

Security Boulevard

MARCH 27, 2022

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1

Phishing 98

Phishing Software Hacking Social Engineering 98

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 121

Phishing Cybercrime Advertising Hacking 121

Krebs on Security

MAY 30, 2023

A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. On May 9, MetrixCoin reported that its Discord server was hacked, with fake airdrop details pushed to all users.

Hacking 283

Hacking Scams Accountability Cryptocurrency 283

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 116

Phishing Marketing Scams Accountability 116

Bleeping Computer

SEPTEMBER 23, 2022

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. [.].

Phishing 115

Phishing Hacking 115

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing 117

Phishing Scams Education Passwords 117

Bleeping Computer

JULY 29, 2021

Hackers have compromised an email marketing account belonging to the Chipotle food chain and used it to send out phishing emails luring recipients to malicious links. [.].

Marketing 132

Marketing Phishing Accountability Hacking 132

Bleeping Computer

FEBRUARY 12, 2023

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. [.]

Phishing 98

Phishing Cryptocurrency Hacking Accountability 98

Krebs on Security

AUGUST 29, 2023

QakBot is most commonly delivered via email phishing lures disguised as something legitimate and time-sensitive, such as invoices or work orders. Qbot and Pinkslipbot ) has morphed into an advanced malware strain now used by multiple cybercriminal groups to prepare newly compromised networks for ransomware infestations.

Hacking 250

Hacking Malware Ransomware Government 250

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 285

Phishing DNS Social Engineering Accountability 285

Security Affairs

OCTOBER 4, 2023

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks. ” continues the report.

Phishing 116

Phishing Insurance Manufacturing Banking 116

Bleeping Computer

SEPTEMBER 26, 2023

A new APT hacking group named 'AtlasCross' targets organizations with phishing lures impersonating the American Red Cross to deliver backdoor malware. [.]

Phishing 109

Phishing Malware Hacking 109

Bleeping Computer

APRIL 18, 2024

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [.]

Passwords 135

Passwords Cryptocurrency Hacking Phishing 135

SecureBlitz

NOVEMBER 22, 2023

Learn how to spot and stop phishing scams in this post. Just lately, thousands of people are falling victim to Instagram hacks relating to forex and money making – people have no way of getting their accounts back. Dangers hide behind every digital corner.

Scams 86

Scams Phishing Accountability Hacking 86

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 79

Phishing Cybercrime Authentication Mobile 79

Security Affairs

MARCH 2, 2024

Department of Justice (DoJ) charged Iranian national Alireza Shafie Nasab (39) for multi-year hacking campaign targeting U.S. Our National Security Cyber Section remains focused on disputing these cross-border hacking schemes and holding those responsible to account.” government and defense entities. Targeted entities include the U.S.

Hacking 105

Hacking Identity Theft Social Engineering Accountability 105

Security Affairs

MAY 12, 2024

Recommendations provided in the report include installing updates promptly, using phishing-resistant multi-factor authentication (MFA), securing remote access software, making backups, and applying mitigations from the #StopRansomware Guide.

Ransomware 113

Ransomware Hacking Healthcare Retail 113

Bleeping Computer

MARCH 4, 2021

A phishing campaign targeting users of Outlook Web Access and Office 365 services collected thousands of credentials relying on trusted domains such as SendGrid. [.].

Phishing 137

Phishing Accountability Hacking 137

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing 124

Phishing Accountability Hacking Scams 124

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 131

Phishing Authentication Social Engineering Passwords 131

Security Affairs

MAY 2, 2024

According to the advisory published by Dropbox, the company was the target of a phishing campaign that resulted in access to the GitHub repositories. Dropbox uses CircleCI for select internal deployments, and in early October, a phishing campaign targeted multiple Dropboxers using messages impersonating CircleCI.

Hacking 101

Hacking Authentication Passwords Accountability 101

Bleeping Computer

AUGUST 2, 2023

Microsoft says a hacking group tracked as APT29 and linked to Russia's Foreign Intelligence Service (SVR) targeted dozens of organizations worldwide, including government agencies, in Microsoft Teams phishing attacks. [.]

Phishing 97

Phishing Government Hacking 97

Bleeping Computer

DECEMBER 1, 2021

Three APT hacking groups from India, Russia, and China, were observed using a novel RTF (rich text format) template injection technique in their recent phishing campaigns. [.].

Phishing 145

Phishing Hacking 145

Bleeping Computer

MARCH 20, 2024

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [.]

Banking 119

Banking Accountability Phishing Hacking 119

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing 92

Phishing Banking Financial Services Authentication 92

SecureList

MARCH 24, 2022

What are phishing kits? One of the most common tricks scammers use in phishing attacks is to create a fake official page of a famous brand. Even phishing page domain name can often look like the real web address of a certain brand, as cybercriminals include the name of the company or service they are posing as in the URL.

Phishing 107

Phishing Marketing Banking Technology 107

Security Affairs

DECEMBER 29, 2023

Ukraine’s CERT (CERT-UA) warned of a new phishing campaign by the APT28 group to deploy previously undocumented malware strains. CERT-UA discovered multiple phishing attacks aimed at government organizations between December 15 and December 25. unauthorized access to victims’ accounts within Exchange servers.

Phishing 120

Phishing Malware Computers and Electronics Internet 120