Security News

A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them. Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.

Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick users into downloading it. In a recent campaign described by Morphisec malware researcher Arnold Osipov, the threat actor distributed the malware via cloned websites offering well-known software such as Apache Open Office.

A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID trojan without triggering email security solutions. The threat actor - believe to be an initial access broker - compromises vulnerable on-prem Microsoft Exchange servers and existing email accounts, then hijacks email threads by replying to them.

Cyber-criminals are using compromised Microsoft Exchange servers to spam out emails designed to infect people's PCs with IcedID,. It popped up last year when crooks hijacked a BP Chargemaster domain to spam out emails to spread IcedID. On Monday, Fortinet's FortiGuard Labs said it observed an email sent to a Ukrainian fuel company with a.zip containing a file that when opened drops IcedID on the PC. Security vendor Intezer also on Monday said it had seen unsecured Microsoft Exchange servers spamming out IcedID emails.

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking," Israeli company Intezer said in a report shared with The Hacker News.

Brazilian Supreme Federal Court Justice Alexandre de Moraes banned Telegram on Friday from operating in the country and asked the National Telecommunications Agency to notify internet providers to block the messaging app within five days. Although Telegram complied with some court orders to block accounts used to spread disinformation on its platform, the messaging platform failed to comply with points of the Court's decision, including providing registration information for the blocked accounts to Justice.

One of the most effective ways cybercriminals can execute ransomware attacks? Email. Given that emails deliver 96% of all social engineering attacks, email authentication provides the best first-line defense against ransomware attacks.

Security firm Avanan on Thursday published its latest analysis of a phishing technique that builds on the internet community's familiarity with CAPTCHA challenges to amplify the effectiveness of deceptions designed to capture sensitive data. CAPTCHA puzzles, such as Google's reCAPTCHA, can act as a roadblock for these scanners because the filters can't solve the puzzles.

A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google's email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees.

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet's powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking - an attack in which malware operators malspam replies to ongoing email threads.