Pierluigi Paganini January 22, 2024
“My Slice”, an Italian adaptive phishing campaign

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches. In an adaptive phishing campaign, attackers gather specific information about victims through various sources, such as social media, […]

Pierluigi Paganini December 18, 2023
Qakbot is back and targets the Hospitality industry

Experts warn of a new phishing campaign distributing the QakBot malware, months after law enforcement dismantled its infrastructure. In August, the FBI announced that the Qakbot botnet was dismantled as a result of an international law enforcement operation named Operation ‘Duck Hunt.’ Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an info-stealing malware that has been active since 2008. The […]

Pierluigi Paganini December 13, 2023
OAuth apps used in cryptocurrency mining, phishing campaigns, and BEC attacks

Microsoft warns that threat actors are using OAuth applications cryptocurrency mining campaigns and phishing attacks. Threat actors are using OAuth applications such as an automation tool in cryptocurrency mining campaigns and other financially motivated attacks. The attackers compromise user accounts to create, modify, and grant high privileges to OAuth applications to carry out malicious activity […]

Pierluigi Paganini October 12, 2023
Phishing, the campaigns that are targeting Italy

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging.  Particularly very popular is so-called brand phishing, which occurs when criminals impersonate the official website of a well-known brand […]

Pierluigi Paganini October 04, 2023
Phishing campaign targeted US executives exploiting a flaw in Indeed job search platform

Threat actors exploited an open redirection vulnerability in the job search platform Indeed to carry out phishing attacks. Researchers from the cybersecurity firm Menlo Security reported that threat actors exploited an open redirection vulnerability in the job search platform Indeed in phishing attacks. The phishing attacks were aimed at senior executives across various industries, primarily […]

Pierluigi Paganini August 18, 2023
Massive phishing campaign targets users of the Zimbra Collaboration email server

A massive social engineering campaign is targeting users of the Zimbra Collaboration email server to steal their login credentials. ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. Zimbra Collaboration is an open-core collaborative software platform. The campaign is still ongoing and is targeting a wide range of […]

Pierluigi Paganini August 16, 2023
A massive phishing campaign using QR codes targets the energy sector

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. Starting from May 2023, researchers from Cofense discovered a large-scale phishing campaign using QR codes in attacks aimed at stealing the Microsoft credentials of users from multiple industries One of the organizations targeted by hackers is a […]

Pierluigi Paganini August 09, 2023
EvilProxy used in massive cloud account takeover scheme

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months. Most of the attacks targeted high-ranking executives. The researchers estimated […]

Pierluigi Paganini August 03, 2023
Russian APT29 conducts phishing attacks through Microsoft Teams

Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that Russia-linked cyberespionage group APT29  (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) carried out Microsoft Teams phishing attacks aimed at dozens of organizations and government agencies worldwide. APT29 along with APT28 cyber espionage group was involved in […]

Pierluigi Paganini August 02, 2023
Zero-day in Salesforce email services exploited in targeted Facebook phishing campaign

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. The phishing campaigns are able to evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook’s web […]