Security News
Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week,...
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. [...]
It could lead to a costly BEC situation Palo Alto's Unit 42 threat intel team wants to draw the security industry's attention to an increasingly common tactic used by phishers to harvest victims'...
There has been an uptick in phishing campaigns leveraging Microsoft Forms this month, aiming to trick targets into sharing their Microsoft 365 login credentials. Malicious forms leading to phishing pages impersonating Microsoft 365 and Adobe.
A new phishing campaign is using fake Okta single sign-on pages for the Federal Communications Commission and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The victims are then prompted to resolve a captcha using hCaptcha - a tactic that prevents the phishing site from being identified and adds to its credibility - and are presented with a spoofed Okta SSO page.
Phishing attacks using open redirect flaws are on the rise again, according to Kroll's Cyber Threat Intelligence team, which means organizations should consider refreshing employees' awareness and knowledge on how to spot them. Open redirect vulnerabilities in web applications allows threat actors to manipulate legitimate URLs to redirect victims to an external malicious URL. "They occur when a website allows for user-supplied input as part of a URL parameter in a redirect link, without proper validation or sanitization," says George Glass, Kroll's Head of Threat Intelligence.
A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. "The most notable target, a major Energy company based in the US, saw about 29% of the over 1000 emails containing malicious QR codes. Other top 4 targeted industries include Manufacturing, Insurance, Technology, and Financial Services seeing 15%, 9%, 7%, and 6% of the campaign traffic respectively," said Nathaniel Raymond, cyber threat intelligence analyst at Cofense.
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. What makes the attack notable is that the phishing kit is hosted as a game under the Facebook apps platform using the domain apps.
A new phishing technique called "File archiver in the browser" can be leveraged to "Emulate" a file archiver software in a web browser when a victim visits a.ZIP domain. Threat actors, in a nutshell, could create a realistic-looking phishing landing page using HTML and CSS that mimics legitimate file archive software, and host it on a.zip domain, thus elevating social engineering campaigns.
Phishers are using encrypted restricted-permission messages attached in phishing emails to steal Microsoft 365 account credentials. "The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar."