Security News

Router maker's support portal responds with MetaMask phishing
2024-07-01 07:58

BleepingComputer has verified that the helpdesk portal of a router maker is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. Support tickets acknowledged with MetaMask phishing.

ONNX phishing service targets Microsoft 365 accounts at financial firms
2024-06-18 20:28

A new phishing-as-a-service platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. Researchers at EclecticIQ who discovered the activity believe that ONNX is a rebranded version of the Caffeine phishing kit managed by the Arabic-speaking threat actor MRxC0DER. Mandiant discovered caffeine in October 2022, when the platform targeted Russian and Chinese platforms instead of Western services.

Nigerian faces up to 102 years in the slammer for $1.5M phishing scam
2024-06-14 20:15

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics
2024-06-14 06:45

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the...

Phishing emails abuse Windows search protocol to push malicious scripts
2024-06-12 22:30

A new phishing campaign uses HTML attachments that abuse the Windows search protocol to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier that enables applications to open Windows Explorer to perform searches using specific parameters.

New phishing toolkit uses PWAs to steal login credentials
2024-06-12 17:35

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps that display convincing corporate login forms to steal credentials. D0x demonstrates how to create PWA apps to display corporate login forms, even with a fake address bar showing the normal corporate login URL to make it look more convincing.

New Phishing Campaign Deploys WARMCOOKIE Backdoor Targeting Job Seekers
2024-06-12 08:47

Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE. "WARMCOOKIE...

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack
2024-06-10 15:24

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack,...

New V3B phishing kit targets customers of 54 European banks
2024-06-04 18:53

Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. The phishing kit, priced between $130-$450 per month depending on what is purchased, features advanced obfuscation, localization options, OTP/TAN/2FA support, live chat with victims, and various evasion mechanisms.

AI Will Increase the Quantity—and Quality—of Phishing Scams
2024-06-03 11:04

Gen AI tools are rapidly making these emails more advanced, harder to spot, and significantly more dangerous. Recent research showed that 60% of participants fell victim to artificial intelligence-automated phishing, which is comparable to the success rates of non-AI-phishing messages created by human experts.