Security News

Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a Wednesday report.

How credential phishing attacks threaten a host of industries and organizations. A report released Thursday by email security provider Abnormal Security looks at the latest wave of credential phishing attacks and offers advice on how to stop them.

In this Help Net Security video, Security Consultant Kam Talebzadeh and Senior Security Researcher Nevada Romsdahl from Secureworks, showcase SquarePhish, a tool that combines QR codes and OAuth 2.0 device code flow for advanced phishing attacks. If you're at Black Hat USA 2022, you can learn more about SquarePhish.

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. Currently, there is evidence of three groups, all part of the former Conti ransomware operation, that used BazarCall or a version of those tactics: Silent Ransom Group, Quantum, and Roy/Zeon.

A new large-scale phishing campaign targeting Coinbase, MetaMask, Kraken, and Gemini users is abusing Google Sites and Microsoft Azure Web App to create fraudulent sites. Posting links to phishing pages on various legitimate sites aims to increase traffic and boost the malicious site's search engine rankings.

Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services. According to Cloudflare, it recorded a very similar incident late last month, which could suggest the two attacks may have originated from the same attacker or group.

Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. The spike of LogoKit was been identified around the beginning of August, when multiple new domain names impersonating popular services had been registered and leveraged together with open redirects.

Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data.Apparently, Twilio employees were not the only ones targeted by these attackers.

Cloud communications company Twilio says some of its customers' data was accessed by attackers who breached internal systems after stealing employee credentials in an SMS phishing attack. "On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials," Twilio said over the weekend.

Attackers abused open redirects on the websites of Snapchat and American Express in a series of phishing attacks to steal Microsoft 365 credentials. Open redirects are web app weaknesses that allow threat actors to use the domains of trusted organizations and websites as temporary landing pages to simplify phishing attacks.