ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Beware of Fake Dropbox Phishing Attack that Harvest Login Credentials
Cybercriminals are launching a dangerous phishing campaign that tricks users into giving away their login credentials by impersonating Dropbox. This attack uses a multi-stage approach to bypass email security checks and
Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data
A sophisticated phishing campaign targeting macOS users has emerged, using fake compliance emails as a delivery mechanism for advanced malware. Chainbase Lab recently detected this campaign, which impersonates legitimate
Beware of Malicious Party Invitations that Tricks Users into Installing Remote Access Tools
A new phishing campaign is tricking people with fake party invitations that secretly install remote access software on Windows computers. The attack uses social engineering to deliver ScreenConnect, a legitimate remote s
Google Uncovered Significant Expansion in ShinyHunters Threat Activity with New Tactics
The ShinyHunters threat group has expanded its extortion operations with sophisticated attack methods targeting cloud-based systems across multiple organizations. These cybercriminals use voice phishing and fake credenti
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunte
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-fa
Education-Themed Malicious Domains Linked to Bulletproof Hosting Infrastructure Exposed
Security researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicato
Microsoft Teams New Feature to Flag Suspicious One-to-One Calls
A new security feature is being added to Teams to help organizations detect and stop voice-based scams and phishing attacks. The new “Report a Call” button will allow users to flag suspicious one-to-one calls directly fr
Threat Actors Using AI Generated Malicious Job Offers to Deploy PureRAT
A Vietnamese cybercrime group is using artificial intelligence to write malicious code in an ongoing phishing campaign that distributes the PureRAT malware through fake job opportunities. The campaign, initially detected
Threat Actors Leverage Real Enterprise Email Threads to Deliver Phishing Links
In a sophisticated supply chain phishing attack, threat actors hijacked an ongoing email thread among C-suite executives discussing a document awaiting final approval. The intruder, posing as a legitimate participant, re
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack methods continue to evolve and rightly command attention. However, one of t
Watch out for AT&T rewards phishing text that wants your personal details
Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers.
Hackers Using Teams to Deliver Malicious Content Posing as Microsoft Services
A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious content that appears to originate from trusted Microsoft services.
Over 100 Organizations Targeted in ShinyHunters Phishing Campaign
Domains set up by the threat actor suggest attacks aimed at Atlassian, Canva, Epic Games, HubSpot, Moderna, ZoomInfo, and WeWork. The post Over 100 Organizations Targeted in ShinyHunters Phishing Campaign appeared first
New Deepfake Phishing Attack Via Zoom or Microsoft Teams Call Attacking Bitcoin Users
A dangerous phishing campaign is targeting cryptocurrency holders through video calls that use artificial intelligence to create fake versions of trusted contacts. The attack spreads through Telegram and relies on Zoom o
Wave of ShinyHunters vishing attacks spreading fast
<p>A new and distinct wave of voice phishing (vishing) attacks <a href="https://www.cybersecuritydive.com/news/cybercrime-group-voice-phishing-attacks-Okta/810493/" target="_blank" rel="noopener">attributed to the notori
Amnesia RAT deployed in multi-stage phishing attacks against Russian users
A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign mainly targeting users
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a multi-stage backdoor as part of a suspected cyber espionage campaign. The activity, per the eSentire Threat Response Unit
New malware service guarantees phishing extensions on Chrome web store
A new malware-as-a-service (MaaS) called 'Stanley' promises malicious Chrome extensions that can clear Google's review process and publish them to the Chrome Web Store. [...]
Konni Hackers Deploy AI-Generated PowerShell Backdoor Against Blockchain Developers
The North Korean threat actor known as Konni has been observed using PowerShell malware generated using artificial intelligence (AI) tools to target developers and engineering teams in the blockchain sector. The phishing