Attacker combines phone, email lures into believable, complex attack chain

  In the course of performing a postmortem investigation of an infected computer, Sophos X-Ops discovered that the attack began with an innocent-sounding phone call. The caller prompted an employee of a Switzerland-based organization to initiate a complex attack chain Read More …

Germany says Charming Kitten hackers target Iran dissidents

Germany’s Federal Office for the Protection of the Constitution (BfV) on Thursday warned critics of the Iranian leadership living in Germany that they might be targeted by hackers. The agency said the Charming Kitten online espionage group works by building Read More …

NodeStealer 2.0 – The Python Version: Stealing Facebook Business Accounts

Unit 42 researchers have recently discovered a previously unreported phishing campaign that distributed an infostealer equipped to fully take over Facebook business accounts. Facebook business accounts were targeted with a phishing lure offering tools such as spreadsheet templates for business. Read More …

What might authentication attacks look like in a phishing-resistant future?

The industry has come a long way in terms of improving how we make user authentication more secure. From the most basic concept of relying on usernames and passwords for authentication to enabling multi-factor authentication (MFA) for additional security, we Read More …

Cyber attack hits South Korean government institution, $135,000 lost

According to Korean media reports, the Institute for Startup Promotion, operating under the Ministry of SMEs and Startups, transferred 175 million won (135,000 USD) to an overseas criminal group after being tricked by a sophisticated e-mail phishing scheme. The unfortunate Read More …

WormGPT, PoisonGPT: How generative AI can become a tool for criminals

A cybersecurity firm discovered a new generative artificial intelligence tool called WormGPT that is being sold to criminals. Another firm created a malicious generative AI tool called PoisonGPT to test how the technology can be used to intentionally spread fake Read More …

Turkish intelligence uncovers ‘ghost’ Mossad network

After monthslong surveillance, Türkiye’s National Intelligence Organization (MIT) has exposed a “ghost” cell of 56 operatives spying on non-Turkish nationals in the country on behalf of the Israeli intelligence agency Mossad. Documents from MIT revealed that the spies were gathering Read More …

Detecting and mitigating a multi-stage AiTM phishing and BEC campaign

Microsoft Defender Experts uncovered a multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attack against banking and financial services organizations. The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC Read More …