Security News

Chinese-language speakers have been increasingly targeted as part of multiple email phishing campaigns that aim to distribute various malware families such as Sainbox RAT, Purple Fox, and a new...

Singapore officials announced on Monday that next month they will deliver a consultation paper detailing a split liability scheme that will mean both consumers and banks are on the hook for financial losses flowing from scams. "There are some views that banks can easily absorb losses arising from individual scam cases. However, full restitution without due consideration of culpability is neither fair nor desirable," he told Parliament on Monday.

Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets. Over the past few days, people have reported receiving phishing emails pretending to be from Stretto, the Claims Agent for the Celsius bankruptcy proceeding.

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The San Francisco-based firm blamed a Google Account cloud synchronization feature recently introduced in April 2023 for making the breach worse, calling it a "Dark pattern."

The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation code signing certificates. In the incident investigated by the cybersecurity company, an unnamed victim is said to have first received a piece of info stealer malware with EV code signing certificates, followed by ransomware using the same delivery technique.

Training end-users to spot phishing has its benefits, but it's clear to see organizations as a whole have failed to make a dent in phishing attacks. Ever wondered how many of your end-users may have already fallen victim to phishing attacks?

Microsoft is warning of a new phishing campaign undertaken by an initial access broker that involves using Teams messages as lures to infiltrate corporate networks. "Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool to send phishing lures through Microsoft Teams chats," the company said, adding the development marks a shift from using email-based initial infection vectors for initial access.

A threat actor known for providing ransomware gangs with initial access to enterprise systems has been phishing employees via Microsoft Teams. Storm-0324 is a temporary name assigned by Microsoft to this particular threat actor and shows that the company has yet to reach high confidence about the origin or identity of the actor behind the operation.

In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization's operations and long-term success. To minimize the danger of phishing, how can businesses create a culture of skepticism and caution among their employees? If they implement simulated phishing campaigns, how can they avoid eroding employee trust in the company? How can businesses make training programs more effective?

Microsoft says an initial access broker known for working with ransomware groups has recently switched to Microsoft Teams phishing attacks to breach corporate networks. "In July 2023, Storm-0324 began using phishing lures sent over Teams with malicious links leading to a malicious SharePoint-hosted file," Microsoft said on Tuesday.