Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft.
Read more…
Source: Group IB
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian hackers attack Ukraine MoD resources
January 25, 2024
Cyber attacks by Russian government-funded groups on the resources run by the Ministry of Defense using phishing, distribution of remote code execution malware, and blocking of access to web resources have been recorded. “Last day, attacks on Ukraine’s government and commercial sectors were recorded. Also, attacks by Russia-funded hacker groups were launched on the resources of ...
- Mexican Banks and Cryptocurrency Platforms Targeted With AllaKore RAT
January 24, 2024
A financially motivated threat actor is targeting Mexican banks and cryptocurrency trading entities with custom packaged installers delivering a modified version of AllaKore RAT – an open-source remote access tool. Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process. The AllaKore RAT payload is heavily modified ...
- Veolia North America hit by ransomware attack
January 24, 2024
A department in Veolia North America, a transnational company offering water, energy and waste recycling management services, suffered a ransomware attack which resulted in the theft of some personal data, and forced the company to take parts of its infrastructure offline. In a press release published on the Veolia website, the company confirmed its Municipal Water ...
- Seoul’s spy agency accuses China of major cyber attacks
January 24, 2024
South Korean spy agency on Wednesday reported a significant uptick in attempts of cyber attacks by foreign sources last year, waged mainly by North Korea and China. Chinese attacks tended to inflict more severe damage than North Korean ones, despite the latter being more frequent. The National Intelligence Service said cyber attacks against the public sector ...
- CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT
January 24, 2024
On January 22, 2024, Fortra published a security advisory on CVE-2024-0204, a critical authentication bypass affecting its GoAnywhere MFT secure managed file transfer product prior to version 7.4.1. The vulnerability is remotely exploitable and allows an unauthorized user to create an admin user via the administration portal. Fortra lists the root cause of CVE-2024-0204 as CWE-425: ...
- UK: Cybercriminals claim to have stolen data from Southern Water
January 24, 2024
Cybercriminals claim they have stolen data from a water company’s IT systems. Southern Water, which has hundreds of thousands of customers in Kent, says it has detected suspicious activity and launched an investigation led by cybersecurity experts. But it says there is no evidence to suggest “customer relationships or financial systems” have been affected. In a ...