phishing

Pierluigi Paganini December 18, 2020
Hackers target COVID-19 vaccine supply chain and sell the vaccine in Darkweb

Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the […]

Pierluigi Paganini December 13, 2020
Hacked Subway UK marketing system used in TrickBot phishing campaign

Subway UK confirmed the hack of a marketing system that was used to send out phishing messages to deliver malware to the customers. Hackers have compromised a marketing system in Subway UK and used it to send out phishing messages to deliver malware to the customers. Subway UK customers received emails from ‘Subcard’ about the processing […]

Pierluigi Paganini November 28, 2020
Office 365 phishing campaign leverages Oracle and Amazon cloud services

Experts warn of a new sophisticated phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. The new sophisticated phishing scheme was implemented by threat actors for stealing Office 365 credentials, it leverages both cloud services from Oracle and Amazon for their infrastructure. The campaign has been active for more […]

Pierluigi Paganini November 18, 2020
Phishing campaign targets LATAM e-commerce users with Chaes Malware

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. Experts at Cybereason Nocturnus have uncovered an active campaign targeting the users […]

Pierluigi Paganini November 18, 2020
Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phishing attack targeting enterprises […]

Pierluigi Paganini November 08, 2020
Creative Office 365 phishing inverts images to avoid detection bots

Experts spotted a creative Office 365 phishing campaign that inverts images used as backgrounds for landing pages to avoid getting flagged as malicious. Researchers at WMC Global have spotted a new creative Office 365 phishing campaign that has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by security […]

Pierluigi Paganini October 24, 2020
Microsoft Teams phishing campaign targeted up to 50,000 Office 365 users

Experts warn of a phishing campaign that already targeted up to 50,000 Office 365 users with a fake automated message from Microsoft Teams. Secruity researchers reported that up to 50,000 Office 365 users have been targeted by a phishing campaign that pretends to be automated message from Microsoft Teams. The bait message uses fake notifications […]

Pierluigi Paganini October 17, 2020
Google warned users of 33,015 nation-state attacks since January

Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of attacks from nation-state actors. Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing […]

Pierluigi Paganini October 07, 2020
Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

An unidentified group of hackers is using a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER). Malwarebytes researchers Hossein Jazi and Jérôme Segura have documented a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER) service. The hacking technique was employed by an unidentified […]

Pierluigi Paganini September 18, 2020
Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic, it accounted for 46 percent of the total number of fake web pages. Singapore, 09/18/2020 — Group-IB, a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. It came as no […]