According to cybersecurity researchers at Vade, malicious actors are dusting off Right-to-Left Override (RLO) attacks to trick victims into executing files with disguised extensions. click here to read full Article Read more on Hacking...
A technical report by Volexity revealing a continuing campaign uncovered an active campaign taking advantage of a zero-day susceptibility in the Zimbra webmail platform since December 2021. Zimbra is an open-source email platform that...
Tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. click here to read full...
Here’s an overview of some of last week’s most interesting news, articles and interviews: February 2022 Patch Tuesday forecast: A rough start for 2022 January 2022 Patch Tuesday was a rough one for Microsoft...
The increased use of multi-factor authentication (MFA) has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. A current popular solution? Phishing kits that use a...
Telehealth today doesn’t just involve chatting with a doctor via a video-conferencing application. It’s become an entire collection of rapidly developing technologies and products that includes specialized applications, wearable devices, implantable sensors, and cloud...
According to Microsoft 365 Defender Threat Intelligence Team, the campaign took advantage of the devices that did not implement MultiFactor Authentication (MFA). click here to read full Article Read more on Hacking News
Finland’s National Cyber Security Centre (NCSC-FI) warns of an ongoing phishing campaign attempting to hijack Facebook accounts by impersonating victims’ friends in Facebook Messenger chats. click here to read full Article Read more on...
Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim’s network to further propagate spam emails and widen the infection pool. The tech giant...
A new multi-phase phishing campaign first enrolls an attacker’s BYOD device on a corporate network and then begins sending thousands of convincing phishing emails to further targets. click here to read full Article Read...
ThreatLabz researchers observed several similarities in the C2 communication and .NET payload between this campaign and the previous campaigns attributed to the Molerats APT group. click here to read full Article Read more on...
The email was sent to public employees in Washington state who were members of the Washington Municipal Clerks Association. The association notified members the same day that it was illegitimate. click here to read...
The phishing scheme first appeared at the start of December 2021 and became more aggressive through the holiday period. By the end of the month, it had affected 469 customers and stolen over US$6.3m....
Researchers from Inky detailed a series of phishing attacks in which the sender address on most of the emails appeared to come from no-reply@dol.gov, the real domain for the Department of Labor. click here...
Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails (text) Sends to lists emails with first, last name (csv) Supports attachments Splits emails...
The FBI warns American online sellers of Google Voice authentication scams that may take over their email accounts. Fraudsters are picking numbers from various online marketplaces or social media apps. The FBI advises victims...
