Security News

Trezor recently published a warning against a new phishing campaign targeting its users. Figure A. Once in possession of a list of email addresses belonging only to real Trezor customers, the attackers moved to the next step.

The Computer Emergency Response Team of Ukraine has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon. Armageddon is a Russian state-sponsored threat actor who has been targeting Ukraine since at least 2014 and is considered part of the FSB. According to a detailed technical report published by the Ukrainian secret service in November 2021, Armageddon has launched at least 5,000 cyber-attacks against 1,500 critical entities in the country.

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. It certainly thinks small about security - at least according to Hyderabad City Police, which last week detailed an attack on the Bank that started with over 200 phishing emails being sent across three days in November 2021.

A new WhatsApp phishing campaign impersonating WhatsApp's voice message feature has been discovered, attempting to spread information-stealing malware to at least 27,655 email addresses. Information-stealing malware is aggressively distributed today via various means, with phishing remaining a primary channel for threat actors.

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks. Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 accounts.

Phishing attacks exploit free calendar app to steal account credentials. Cybercriminals who specialize in phishing attacks like to point people to actual websites as much as possible.

Browser in the browser attacks consist of simulating a browser window within the browser to spoof a legitimate domain. The principle is pretty straightforward: The user connects to a website, which in turn opens a new browser window that asks for Google, Apple, Microsoft or other third parties' credentials, to allow the user to log in.

Phishing attacks are abusing Microsoft Azure's Static Web Apps service to steal Microsoft, Office 365, Outlook, and OneDrive credentials. Azure Static Web Apps is a Microsoft service that helps build and deploy full-stack web apps to Azure from GitHub or Azure DevOps code repositories.

Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page. The phishing attack begins with phishing emails generated on the Calendly platform that inform the recipient they received new Fax documents.

The Google Threat Analysis Group says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks. The report's highlight are credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries.