Cyber Security Informer

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Security Affairs

OCTOBER 11, 2022

Researchers warn of a new phishing-as-a-service (PhaaS) toolkit, called Caffeine, which is being used by cybercriminals. In March 2022, Mandiant researchers discovered threat actors using a shared Phishing-as-a-Service (PhaaS) platform called Caffeine. ” reads the report published by Mandiant.

Phishing

Phishing Cybercrime Accountability Advertising

Black Friday 2021: How to Have a Scam-Free Shopping Day

SecureList

NOVEMBER 22, 2021

In Q3 2021 , online stores were in second place by share of recorded phishing attacks (20.63%). In this research, we analyzed various types of threats: financial malware associated with major online shopping platforms as well as phishing pages and fake websites mimicking the world’s biggest retail platforms.

Scams

Scams Banking Phishing Retail

New Report Benchmarks Phishing Risks Across Industries and Regions

SecureWorld News

AUGUST 4, 2023

Phishing remains one of the top cyber threats faced by organizations, and as phishing scams become more sophisticated, security leaders need clearer insights into phishing risks across their industry and geography to prioritize defenses. million users across more than 35,000 global organizations that use KnowBe4's platform.

Phishing

Phishing Risk Security Awareness Retail

CIO in the Age of AI: A Title Under Threat?

SecureWorld News

NOVEMBER 30, 2023

Data management and analytics: CIOs play a crucial role in managing and analyzing data, extracting valuable insights to inform decision-making. Microsoft is partnering with 15,000 companies and organizations with 300 security vendors building on the company's platforms. I think we are too focused on titles.

CISO

CISO Artificial Intelligence Phishing Cybersecurity

Microsoft disrupts cyber espionage campaign against NATO Countries

CyberSecurity Insiders

AUGUST 16, 2022

On August 15th this year, the American tech giant released a press update stating that it has disabled accounts related to the Seaborgium group as it was involved in email collection, phishing and reconnaissance.

Accountability

Accountability Phishing Education Media

Open Source Intelligence (OSINT): Unveiling the Power of Public Information

Hacker's King

JUNE 27, 2023

Open intelligence (OSINT) is the art of collecting and analyzing public information to gain valuable insights. It involves gathering and analyzing data from publicly accessible sources such as websites, social media platforms, news articles, and public records. Let’s explore how OSINT works and its practical applications.

Media

Media Data breaches Social Engineering Risk

IcedID malware campaign targets Zoom users

Security Affairs

JANUARY 7, 2023

Cyber researchers warn of a modified Zoom app that was used by threat actors in a phishing campaign to deliver the IcedID Malware. Cyble researchers recently uncovered a phishing campaign targeting users of the popular video conferencing and online meeting platform Zoom to deliver the IcedID malware.

Malware

Malware Phishing Banking Hacking

Email Security Guide: Protecting Your Organization from Cyber Threats

CyberSecurity Insiders

APRIL 16, 2023

Latest email security trends Phishing and spear-phishing attacks: Phishing is a type of social engineering attack where cybercriminals use deceptive emails to trick recipients into divulging sensitive information or downloading malware.

Cyber threats

Cyber threats Phishing Encryption Small Business

Black Friday shoppers beware: online threats so far in 2022

SecureList

NOVEMBER 23, 2022

In this research, we analyze various types of threats, such as financial malware and phishing pages mimicking the world’s biggest retail platforms, banking and payment systems, and discuss recent trends. Over the first ten months of 2022, Kaspersky prevented 38,596,555 financial phishing attacks. Methodology.

Phishing

Phishing Banking Scams Retail

PRODUCT REVIEW: GreatHorn Cloud Email Security Platform

CyberSecurity Insiders

MARCH 20, 2021

Today, we are reviewing the GreatHorn Cloud Email Security Platform, an email security solution to protect organizations against phishing attacks and advanced communication threats. Phishing attacks have been growing dramatically in the wake of the COVID-19 pandemic and the resulting massive increase in employees working from home.

Artificial Intelligence

Artificial Intelligence Phishing Education Risk

Malicious Actors Target Crypto Wallets of Coinbase Users in New Phishing Campaign

Hot for Security

MARCH 9, 2021

Cybercriminals are targeting Coinbase platform users with phishing campaings in an attempt to steal their account credentials and drain their cryptocurrency wallets, Bitdefender Antispam Lab has learned. According to our latest telemetry, the phishing campaign was noticed since mid-February, targeting over 25,000 users.

Phishing

Phishing Cryptocurrency Accountability Passwords

Microsoft VMs hijacked in cloud Cyber Attack

CyberSecurity Insiders

MAY 18, 2023

The Mandiant Intelligence team has identified this actor, known as UNC3844, evading security software detections on Azure cloud platforms. Phishing attacks via SMS operations have been their preferred method of targeting victims.

Cyber Attacks

Cyber Attacks Education Software Phishing

Discord suffered a data after third-party support agent was hacked

Security Affairs

MAY 13, 2023

Discord, the popular VoIP and instant messaging social platform, disclosed a data breach and is notifying the impacted users. In response to the incident, the company immediately deactivated the compromised account and analyzed the impacted machine to determine if it was infected with malware. ” concludes the notice. .

Hacking

Hacking Data breaches Accountability Phishing

Elections 2024, artificial intelligence could upset world balances

Security Affairs

DECEMBER 27, 2023

The 2024 European Union elections face threats from content generated through these platforms. Leveraging an artificial intelligence-driven system allows for the generation of this content in real-time based on actual events and the level of citizen engagement in public discussions on major social media platforms.

Artificial Intelligence

Artificial Intelligence Media Government Technology

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Malware found in James Webb Space Telescope revealed by US President Joe Biden

CyberSecurity Insiders

APRIL 18, 2023

The malware is being dubbed as “Go#Webbfuscator” and has the potential to be spread through phishing emails loaded with a malicious deep image file in a Word document, apart from the James Webb Space Telescope generated images.

Malware

Malware Cybercrime Phishing Cybersecurity

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware

Spyware Hacking Malware Social Engineering

Warning: If You Use the Zimbra Webmail Older Version, you could be a Victim of Phishing!

Hacker Combat

FEBRUARY 8, 2022

A technical report by Volexity revealing a continuing campaign uncovered an active campaign taking advantage of a zero-day susceptibility in the Zimbra webmail platform since December 2021. . Zimbra is an open-source email platform that serves hundreds of millions of mailboxes across 140 countries. The Genesis.

Phishing

Phishing Government Accountability Cyber Attacks

LinkedIn introduces new security features to combat fake accounts

Malwarebytes

NOVEMBER 1, 2022

For years, it has been aware of spam, fake job offers, phishing, fraudulent investments, and (at times) malware, and has been trying to combat those issues. Tech that analyzes profile pictures. The platform now warns potential targets when the person they're talking to suggests they move elsewhere. Source: LinkedIn).

Accountability

Accountability Cryptocurrency Education Technology

Ransomware news headlines trending on Google

CyberSecurity Insiders

OCTOBER 18, 2021

Israel’s National Cybersecurity Directorate is readying itself to set up a helpline that will help educate, analyzing, mitigating the cyber threats of all range. Therefore, companies needing or willing to seek help can pretty soon contact the centralized platform to keep their businesses secure from ransomware attacks.

Ransomware

Ransomware Healthcare Cyber threats Education

Spear Phishing Prevention: 10 Ways to Protect Your Organization

eSecurity Planet

AUGUST 23, 2023

Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets.

Phishing

Phishing Social Engineering Authentication Security Awareness

Threat actors target crypto and NFT communities with Babadeda crypter

Security Affairs

NOVEMBER 26, 2021

Most of the attacks observed by the researchers that targeted crypto communities are based on the Discord platform, threat actors shared download links via Discord channels . “In the campaign that we observed, a threat actor took advantage of these features in order to phish victims.

Cryptocurrency

Cryptocurrency Malware Antivirus Phishing

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

The Last Watchdog

NOVEMBER 28, 2023

28, 2023 – AppDirect , the world’s leading B2B subscription commerce platform, today released key findings from its IT Business Leaders 2024 Outlook Report. In fact, all of their other concerns—malware, stolen data, phishing, ransomware and misconfiguration of cloud services—include an element of human error and/or malice.

Cyber Risk

Cyber Risk Risk B2B Social Engineering

Have you been Zynged? Who’s playing with your data even after you changed your breached credentials?

Hot for Security

MARCH 17, 2021

Users who sign up on the platform mainly provide their personal information directly during the setup process. Additional technical information about the devices you use in your online gaming sessions may also be collected and analyzed. Why changing only the breached credentials is not enough.

Data breaches

Data breaches Passwords Accountability Media

Crooks use Telegram bots and Google Forms to automate phishing

Security Affairs

APRIL 7, 2021

Crooks increasingly often use legitimate services such as Google Forms and Telegram to obtain user data stolen on phishing websites. Such platforms are distributed under the cybercrime-as-a-service model, which subsequently leads to more groups conducting attacks. Phishing kits are usually sold on underground forums on the darknet.

Phishing

Phishing Cybercrime Social Engineering Accountability

Email Security Recommendations You Should Consider from 2021

Cisco Security

AUGUST 17, 2021

When it comes to safeguarding email against today’s advanced threats like phishing and malware information is power. Vendors will re-write embedded URLs, so when a user clicks on the URL, it is scanned to analyze the potential threat. Remote work has magnified the threats users and businesses face online daily.

Phishing

Phishing Technology Malware Authentication

500,000+ Zoom accounts available for sale on the Dark Web

Security Affairs

APRIL 13, 2020

A sample analyzed by Bleeping computer composed of 290 accounts (some offered for free) included credentials of accounts for many colleges, including the University of Vermont, University of Colorado, Dartmouth, Lafayette, University of Florida. ” states a post published by BleepingComputer that first reported the discovery.

Accountability

Accountability Passwords Advertising Phishing

New AI Scams to Look Out For in 2024

Identity IQ

JANUARY 11, 2024

Deep learning technology analyzes tons of existing images or audio of a target and then uses that knowledge to create new, artificial content. AI-Powered Phishing Scammers have begun leveraging the power of artificial intelligence to make phishing scams more convincing and impactful.

Scams

Scams Artificial Intelligence Identity Theft Phishing

Resurgence of Voicemail-themed Phishing Attacks Targeting Key Industry Verticals in US

Security Boulevard

JUNE 17, 2022

The tactics, techniques, and procedures (TTPs) of this threat actor have a high overlap with a previous voicemail campaign that ThreatLabz analyzed in July 2020. Voicemail-themed phishing campaigns continue to be a successful social engineering theme used by this threat actor to lure victims in opening a malicious attachment.

Phishing

Phishing Social Engineering Healthcare Manufacturing

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

Security Affairs

OCTOBER 8, 2023

Belgian intelligence service VSSE accused Alibaba of ‘possible espionage’ at European hub in Liege A WhatsApp zero-day exploit can cost several million dollars CISA adds JetBrains TeamCity and Windows flaws to its Known Exploited Vulnerabilities catalog NATO is investigating a new cyber attack claimed by the SiegedSec group Global CRM Provider Exposed (..)

Data breaches

Data breaches Cybercrime Ransomware Hacking

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Security Affairs

AUGUST 1, 2023

Palo Alto Network Unit 42 discovered a previously unreported phishing campaign that distributed a Python variant of the NodeStealer. Since December 2022, the experts observed threat actors targeting Facebook business accounts with a phishing lure offering tools such as spreadsheet templates for business. ” concludes the report.

Accountability

Accountability Cryptocurrency Malware Phishing

Experts uncovered an advanced phishing campaign delivering the Quasar RAT

Security Affairs

AUGUST 27, 2019

Researchers at Cofense uncovered an advanced phishing campaign delivering Quasar RAT via fake resumes. Experts at security firm Cofense observed an advanced phishing campaign delivering Quasar RAT via fake resumes. The fake resumes distributed in this phishing campaign detected are password-protected Microsoft Word documents.

Phishing

Phishing Passwords Advertising Malware

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

The Last Watchdog

MAY 2, 2023

Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Security Orchestration, Automation and Response: Cross-platform tech stacks that can do tasks like remediation and submitting security alerts.

Cybersecurity

Cybersecurity Firewall Risk Cyber Risk

HackerGPT 2.0 Unveils New AI Cyber Defense Strategies

eSecurity Planet

MARCH 15, 2024

From analyzing attack methods and suggesting defense tactics to doing vulnerability assessments, it provides users with the knowledge to improve their security posture. With swift response capabilities, GPT-3 and GPT-4 capacity, and upcoming mobile access, HackerGPT provides accessibility on most platforms, plus operational efficiency.

Mobile

Mobile Hacking Education Cybersecurity

Social marketplace Trustanduse exposes nearly half a million users

Security Affairs

JANUARY 12, 2023

Disclosing personal data on platforms providing digital services is always risky. Trustanduse.com is a platform for consumers to rate products, services, professionals, and stores, as well as get offers and discounts. We reached out to trustanduse.com, and the company fixed the issue. Sensitive information exposed.

Media

Media Accountability Authentication Internet

Using social media as a tool to share knowledge on day-to-day Cybersecurity risks

CyberSecurity Insiders

JUNE 8, 2023

Putting yourself out there on social media platforms opens up your personal information to cyber threats. People use online services all the time, and not everyone is up to date with the latest ways to catch phishing scams or create safe passwords. Learn how to educate your social media following on everyday cybersecurity risks.

Media

Media Risk Cybersecurity Education

Threat Group Continuously Updates Malware to Evade Antivirus Software

eSecurity Planet

NOVEMBER 7, 2022

LODEINFO has been observed engaged in a spear- phishing campaign since December 2019 by JPCERT/CC. They observed another spear-phishing campaign in March 2022. You need humans to operate these tools and analyze threats and IoCs (Indicators of Compromise). The sophisticated malware was hidden in malicious Word file attachments.

Antivirus

Antivirus Software Malware Phishing

Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts

Malwarebytes

JULY 11, 2023

Like all social media platforms, Facebook constantly has to deal with fake accounts, scams and malware. Meta has tracked and analyzed several threat actors such as DuckTail that have been active for a number of years with a particular interest for Facebook advertising accounts.

Accountability

Accountability Scams Malware Advertising

How Generative AI Will Remake Cybersecurity

eSecurity Planet

MAY 30, 2023

Unlike traditional deep learning systems – which generally analyze words or tokens in small bunches – this technology could find the relationships among enormous sets of unstructured data like Wikipedia or Reddit. Another benefit of an LLM is that it can analyze and process huge amounts of information.

Cybersecurity

Cybersecurity Unstructured Data Technology Software

Security Affairs newsletter Round 382

Security Affairs

SEPTEMBER 3, 2022

users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M users China-linked APT40 used ScanBox Framework in a long-running espionage campaign Russian streaming platform Start discloses a data breach impacting 7.5M Pierluigi Paganini.

Data breaches

Data breaches Malware Surveillance Ransomware

Microsoft teams up with AI driven Darktrace against Cyber Threats

CyberSecurity Insiders

MAY 12, 2021

Cybersecurity company Darktrace integrates its threat analysis intelligence with machine learning tools offering enhanced security features across varied cloud platforms and enterprise environments, thus easing work pressure for the security teams. .

Cyber threats

Cyber threats Cyber Risk IoT Technology

Data Loss Prevention: Best Practices for Secure Data Management

Centraleyes

APRIL 16, 2024

Educate and train employees to recognize phishing attempts, use strong passwords, and follow secure data handling practices. As a result, individuals become adept at identifying potential threats, reducing the risk of falling victim to phishing attacks or inadvertently mishandling sensitive information.

Encryption

Encryption Education Risk Healthcare

Financial cyberthreats in 2021

SecureList

FEBRUARY 23, 2022

We look at phishing threats commonly encountered by users and companies as well as the prevalence of various Windows and Android-based financial malware. Phishing: In 2021, 8.2% of users were hit by phishing. E-commerce-related phishing continued to exceed banking-related phishing, as it did in 2020, making up 17.6%

Banking

Banking Phishing Cryptocurrency Malware

Now misconfigured mobile apps are leaking data

CyberSecurity Insiders

MAY 20, 2021

Yes, what you’ve read is right as it was reported by cyber threat intelligence firm Check Point after it analyzed the facts in a recently concluded study meant to learn how mobile apps were exposing the personal data of their users respectively.

Mobile

Mobile Cyber threats Education Risk

Caffeine, a new Phishing-as-a-Service toolkit available in the underground

Black Friday 2021: How to Have a Scam-Free Shopping Day

Trending Sources

New Report Benchmarks Phishing Risks Across Industries and Regions

CIO in the Age of AI: A Title Under Threat?

Microsoft disrupts cyber espionage campaign against NATO Countries

Open Source Intelligence (OSINT): Unveiling the Power of Public Information

IcedID malware campaign targets Zoom users

Email Security Guide: Protecting Your Organization from Cyber Threats

Black Friday shoppers beware: online threats so far in 2022

PRODUCT REVIEW: GreatHorn Cloud Email Security Platform

Malicious Actors Target Crypto Wallets of Coinbase Users in New Phishing Campaign

Microsoft VMs hijacked in cloud Cyber Attack

Discord suffered a data after third-party support agent was hacked

Elections 2024, artificial intelligence could upset world balances

Cybercriminals Use Azure Front Door in Phishing Attacks

Malware found in James Webb Space Telescope revealed by US President Joe Biden

Security Affairs newsletter Round 422 by Pierluigi Paganini – International edition

Warning: If You Use the Zimbra Webmail Older Version, you could be a Victim of Phishing!

LinkedIn introduces new security features to combat fake accounts

Ransomware news headlines trending on Google

Spear Phishing Prevention: 10 Ways to Protect Your Organization

Threat actors target crypto and NFT communities with Babadeda crypter

News alert: AppDirect poll reveals company leaders losing sleep over cyber risks, compliance

Have you been Zynged? Who’s playing with your data even after you changed your breached credentials?

Crooks use Telegram bots and Google Forms to automate phishing

Email Security Recommendations You Should Consider from 2021

500,000+ Zoom accounts available for sale on the Dark Web

New AI Scams to Look Out For in 2024

Resurgence of Voicemail-themed Phishing Attacks Targeting Key Industry Verticals in US

Security Affairs newsletter Round 440 by Pierluigi Paganini – International edition

NodeStealer 2.0 takes over Facebook Business accounts and targets crypto wallets

Experts uncovered an advanced phishing campaign delivering the Quasar RAT

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

HackerGPT 2.0 Unveils New AI Cyber Defense Strategies

Social marketplace Trustanduse exposes nearly half a million users

Using social media as a tool to share knowledge on day-to-day Cybersecurity risks

Threat Group Continuously Updates Malware to Evade Antivirus Software

Criminals target businesses with malicious extension for Meta's Ads Manager and accidentally leak stolen accounts

How Generative AI Will Remake Cybersecurity

Security Affairs newsletter Round 382

Microsoft teams up with AI driven Darktrace against Cyber Threats

Data Loss Prevention: Best Practices for Secure Data Management

Financial cyberthreats in 2021

Now misconfigured mobile apps are leaking data

Stay Connected