More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us.
A type of phishing we’re calling authentication-in-the-middle is showing up in online media. While these techniques, named after man-in-the-middle (MitM) attacks, have existed for a while, they appear to be gaining traction now.
Read more…
Source: Malwarebytes labs
Related:
- Threat Awareness – Shifting Phishing Techniques & Tips for Staying Safe
October 3, 2024
Phishing remains a significant and ever-evolving cybersecurity threat, with recent data showing a 28% rise in attacks between Q1 and Q2 of 2024. This trend highlights how persistent and evolving phishing tactics continue to be, impacting a staggering 94% of cybersecurity decision-makers in 2023. Attackers are increasingly using compromised internal accounts, shifting the platforms they ...
- Exotic SambaSpy is now dancing with Italian users
September 18, 2024
In May 2024, kaspersky researchers detected a campaign exclusively targeting victims in Italy. They were rather surprised by this, as cybercriminals typically select a broader target to maximize their profits. What sets this campaign apart is that, at various stages of the infection chain, checks are made to ensure that only Italian users are infected. This ...
- Scammers advertise fake AppleCare+ service via GitHub repos
September 12, 2024
Malwarebytes Labs researchers uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans. The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of ...
- Stone Wolf employs Meduza Stealer to hack Russian companies
September 2, 2024
BI.ZONE Threat Intelligence reports an increase in criminal activity employing commercial malware available on underground resources. Recently, the researchers identified a malicious campaign by a cluster later dubbed Stone Wolf. The adversaries send out phishing emails on behalf of a legitimate provider of industrial automation solutions. The goal of the attackers is to deliver Meduza Stealer ...
- 85 cyber attacks on Việt Nam’s sites, portals last week
August 30, 2024
A total of 85 cases of cyber attacks on Việt Nam’s websites and information portals were reported in the past week, according to the Authority of Information Security (under the Ministry of Information and Communications). Seventy four were phishing attacks and eleven were malware installations. According to the information security authority, attackers have been using malicious ...
- Deep Analysis of Snake Keylogger’s New Variant
August 28, 2024
Fortinet’s FortiGuard Labs recently caught a phishing campaign in the wild with a malicious Excel document attached to the phishing email. Fortinet researchers performed a deep analysis on the campaign and discovered that it delivers a new variant of Snake Keylogger. Snake Keylogger (aka “404 Keylogger” or “KrakenKeylogger”) is a subscription-based keylogger with many capabilities. It ...