Security News

Resecurity, Inc. has identified a spike in phishing content delivered via Azure Front Door, a cloud CDN service provided by Microsoft. According to experts, such tactics confirm how the bad actors are continuously looking to enhance their tactics and procedures to avoid phishing detection using world-known cloud services.

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.

A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases. The phishing email, appearing to be sent from MetaMask support, spoofs a Know Your Customer verification request and features convincing branding and no typos or other obvious scam giveaways.

Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering. Dutch police haven't ruled out additional arrests.

In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a massive phishing campaign has successfully stolen an estimated five million Facebook accounts. The campaign continues to spread virally through Facebook Messenger on mobile devices as the primary target vector.

Europol on Tuesday announced the dismantling of an organized crime group that dabbled in phishing, fraud, scams, and money laundering activities. The cross-border operation, which involved law enforcement authorities from Belgium and the Netherlands, saw the arrests of nine individuals in the Dutch nation.

Email phishing campaigns are regularly hitting organizations in the U.S., but voicemail phishing is less common. Once the user has entered the correct captcha information, they are shown the final content, which is an Office 365 phishing page.

Members of a phishing gang behind millions of euros in losses were arrested today following a law enforcement operation coordinated by the Europol. "A cross-border operation, supported by Europol and involving the Belgian Police and the Dutch Police, resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering," the Europol announced on Tuesday.

Someone is trying to steal people's Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications. These emails were detected in May and are ongoing, according to researchers at Zscaler's ThreatLabz, and are similar to a phishing campaign launched a couple of years ago.

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.