Cybercriminals attacking banks and financial organizations use their foothold in a compromised infrastructure to gain access to similar targets in other regions or countries. In a report released today and shared with BleepingComputer, international security company Group-IB specialized in preventing cyber Read More …
A new phishing campaign to steal login credentials is being launched on businesses – specifically the C-suite. Researchers at GreatHorn first discovered the campaign which targets senior executives by claiming to be from the company’s CEO. The fake email regards the rescheduling Read More …
A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Read More …
Proofpoint researchers recently observed a phishing kit with peculiar encoding utilized in a credential harvesting scheme impersonating a major retail bank. While encoded source code and various obfuscation mechanisms have been well documented in phishing kits, this technique appears to be unique Read More …
The campaign targets politicians involved in economic and military sanctions against Iran, along with various journalists and human rights activists. A range of political and civil society targets are under fire in an APT attack dubbed the Return of Charming Read More …
Fresh mass-email campaigns spreading the long-running Bagle worm have recently been spotted, affecting Microsoft Windows machines. These appear to be a throwback to an earlier time. Also referred to as Beagle, Bagel contains a backdoor that listens on TCP port Read More …
The highly complex backdoor malware payload designed by the GreyEnergy advanced persistent threat (APT) group is being dropped on targeted machines using the common phishing infection vector as detailed by Nozomi Networks’ Alessandro Di Pinto. GreyEnergy attacked and infiltrated the Read More …
After a short break, Emotet malware has been observed concealed in documents delivered through emails that pretended to be from financial institutions or disguised as Thanksgiving-themed greetings for employees. In early October, Emotet activity dropped off the radar, only to Read More …
A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackersdidn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some Read More …
Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a studyof students at University of Maryland, Baltimore County suggests. Citing IBM data suggesting human error is a factor in 95 Read More …