Security News

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish
2024-12-19 05:30

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive,...

Black Basta operators phish employees via Microsoft Teams
2024-10-28 16:36

Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS...

Iran named as source of Trump campaign phish, leaks
2024-08-20 06:29

US authorities have named Iran as the likely source of a recent attack on the campaign of the US Republican Party's presidential nominee, Donald Trump. One of those efforts, the statement asserts, resulted in compromise of the Trump campaign and subsequent leaking of documents.

Trump campaign cites Iran election phish claim as evidence leaked docs were stolen
2024-08-12 05:34

Former US president Donald Trump's re-election campaign has claimed it's been the victim of a cyber attack. The claim was made after US outlet Politico reported an anonymous email account sent it a dossier of information sourced from within the campaign operation, but the entity who sent the docs declined to explain how they came by the info.

Free Piano phish targets American university students, staff
2024-05-29 18:14

A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. The campaign, discovered by email security firm Proofpoint, was launched in January 2024 and has distributed over 125,000 emails, mainly targeting North American university students and faculty.

Hackers phish finance orgs using trojanized Minesweeper clone
2024-05-26 14:16

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. Ukraine's CSIRT-NBU and CERT-UA attribute the attacks to a threat actor tracked as 'UAC-0188,' who is using the legitimate code to hide Python scripts that download and install the SuperOps RMM. Superops RMM is a legitimate remote management software that gives remote actors direct access to the compromised systems.

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits
2024-04-18 16:00

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack
2024-04-17 00:06

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Spa Grand Prix email account hacked to phish banking info from fans
2024-03-20 20:02

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The Spa Gran Prix is a Formula 1 World Championship race held at the Circuit de Spa-Francorchamps in Stavelot, Belgium.

LabHost cybercrime service lets anyone phish Canadian bank users
2024-02-27 19:19

The Phishing as a Service platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. LabHost isn't a new provider, but its popularity surged after introducing custom phishing kits for Canadian banks in the first half of 2023.