Security News

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K. BazaCall, also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor malware by manipulating potential victims into calling a phone number specified in decoy email messages.

A phishing-as-a-service platform named 'Caffeine' makes it easy for threat actors to launch attacks, featuring an open registration process allowing anyone to jump in and start their own phishing campaigns. Another distinctive characteristic of Caffeine is that its phishing templates target Russian and Chinese platforms, whereas most PhaaS platforms tend to focus on lures for Western services.

The threat actors behind IcedID malware phishing campaigns are utilizing a wide variety of distribution methods, likely to determine what works best against different targets. The IcedID malware started in 2017 as a modular banking trojan but has since evolved into a malware dropper that is commonly used to gain initial access to corporate networks.

Fortinet has confirmed today that a critical authentication bypass security vulnerability patched last week is being exploited in the wild. The security flaw is an auth bypass on the administrative interface that enables remote threat actors to log into FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager on-premise management instances.

The pro-Russian hacktivist group 'KillNet' is claiming large-scale distributed denial-of-service attacks against websites of several major airports in the U.S., making them unaccessible.The DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services.

The pro-Russian hacktivist group 'KillNet' has carried out large-scale DDoS attacks against several U.S. airports' websites, taking many of them offline. The DDoS attacks have overwhelmed the servers hosting these sites with garbage requests, making it impossible for travelers to connect and get updates about their scheduled flights or book airport services.

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control infrastructure to escape detection, according to new research from VMware. "The ongoing adaptation of Emotet's execution chain is one reason the malware has been successful for so long," researchers from VMware's Threat Analysis Unit said in a report shared with The Hacker News.

Callback phishing operations have evolved their social engineering methods, keeping old fake subscriptions lure for the first phase of the attack but switching to pretending to help victims deal with an infection or hack. Callback phishing attacks are email campaigns pretending to be high-priced subscriptions designed to lead to confusion by the recipient as they never subscribed to these services.

In what's a new phishing technique, it has been demonstrated that the Application Mode feature in Chromium-based web browsers can be abused to create "Realistic desktop phishing applications." Application Mode is designed to offer native-like experiences in a manner that causes the website to be launched in a separate browser window, while also displaying the website's favicon and hiding the address bar.

Phishing attack spoofs Zoom to steal Microsoft user credentials We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. That's exactly the case with a recent phishing campaign analyzed by security firm Armorblox in which the attacker spoofed Zoom in an attempt to compromise Microsoft user credentials.