Dutch police arrest four men for phishing and bank fraud
The Cybercrime Team Rotterdam of the Dutch Police has arrested four men for large-scale phishing and bank fraud. This followed data from the "Operation Cookie Monster" investigation into the Genesis Marketplace.
The suspects, aged 23, 26, 29 and 30, were guilty of large-scale phishing and bank h... Read more
State hackers actively misuse AI for debugging and malware creation
State-sponsored hackers from several countries actively use AI and LLMs to support their attack campaigns. Microsoft and OpenAI share how they are leveraging their research results to improve the security of AI tools.
According to Microsoft and OpenAI, state-sponsored hackers increasingly use AI... Read more
EuroParcs reports data breach; data restored via backup
Holiday park concern EuroParcs reports being the victim of a data leak. The investigation should reveal whether customers' personal data has been leaked.
Hackers penetrated EuroParcs' secure digital environment. The hackers did not hit the reservation system, so it remains possible to book a va... Read more
Sophisticated phishing campaign hijacks Microsoft Azure accounts
An advanced phishing campaign attacked hundreds of companies' Microsoft Azure accounts. Once the hackers got the login information, the accounts were hijacked with various forms of MFA.
According to Proofpoint security researchers, hundreds of Microsoft Azure accounts within companies have recen... Read more
Phishing campaign spreads malware via Microsoft Teams
The new attack comes via an access request in a Microsoft Teams group chat to spread suspicious files for the DarkGate malware
Telecom provider AT&T warns of this. If the target accepts the request, the attackers attempt to trick chat participants into downloading the file Navigating Future ... Read more
‘Good password security includes passkeys, but they are not an all-in-one solution’
Passkeys have a marketing problem, in which they get presented as a holy grail that eliminates all forms of phishing. In reality, that story is much more nuanced; they actually only address one specific form of phishing. Even though passkeys cannot live up to the promises of the marketing stories, ... Read more
Microsoft most spoofed brand for phishing attacks
Hackers who want to carry out a phishing attack and misuse a well-known brand are most likely to use Microsoft's brand name.
That's according to research for the fourth quarter of 2023 by Check Point. The brand name was used in 33 per cent of the total number of (email) phishing attacks during ... Read more
New form of phishing: What is quishing and why is it dangerous?
Phishing is a technique that is still commonly used by hackers even though the attack is years old. Small changes to the technique breathe new life into the phishing scheme each time. This mainly involves changing the medium. Whereas phishing was traditionally spread via email, hackers later switch... Read more
New phishing campaign steals Instagram backup codes
A new phishing method aims to sidestep the two-step verification of Instagram accounts. A misleading email message and login page lets users unintentionally reveal their credentials and a temporary six-digit backup code.
The findings come from Trustwave, which previously described another method... Read more
Decades after its debut, SMTP still enables new phishing techniques
A new form of e-mail spoofing was revealed this week: "SMTP Smuggling." The vulnerability allows threat actors to produce highly believable phishing emails. Although it seems decades past the time to move away from the ancient protocol, SMTP is here to stay.
The new method bypasses email protect... Read more