Security News

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
2024-08-29 11:26

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest...

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials
2024-08-28 06:49

Cybersecurity researchers are calling attention to a new QR code phishing (aka quishing) campaign that leverages Microsoft Sway infrastructure to host fake pages, once again highlighting the abuse...

Microsoft Sway abused in massive QR code phishing campaign
2024-08-27 14:00

​A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their...

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare
2024-08-22 10:32

Needless to say, it backfired in a big way University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus...

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait
2024-08-21 05:28

The Computer Emergency Response Team of Ukraine has warned of new phishing attacks that aim to infect devices with malware. The ZIP file contains a Microsoft Compiled HTML Help file that embeds JavaScript code responsible for launching an obfuscated PowerShell script.

New phishing method targets Android and iPhone users
2024-08-20 14:29

ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. The phishing websites targeting iOS instruct victims to add a Progressive Web Application to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser.

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America
2024-08-20 06:14

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin...

Cybercriminals exploit file sharing services to advance phishing attacks
2024-08-20 03:00

A file-sharing phishing attack is a unique type of phishing threat in which a cybercriminal poses as a known colleague or familiar file-hosting or e-signature solution and sends a target a malicious email containing a link to what appears to be a shared file or document. File-sharing phishing attacks would be a pressing issue regardless of volume, as one single successful attack can have costly consequences.

Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
2024-08-19 10:02

Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send...

Google raps Iran's APT42 for raining down spear-phishing attacks
2024-08-15 16:25

Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign. APT42 is largely relying on what Google's TAG calls "Cluster C" phishing activity - distinguished methods that have been in use since 2022, characterized by attempts to impersonate NGOs and "Mailer Daemon."