Phishing campaign spreads malware via Microsoft Teams
The new attack comes via an access request in a Microsoft Teams group chat to spread suspicious files for the DarkGate malware
Telecom provider AT&T warns of this. If the target accepts the request, the attackers attempt to trick chat participants into downloading the file Navigating Future ... Read more
‘Good password security includes passkeys, but they are not an all-in-one solution’
Passkeys have a marketing problem, in which they get presented as a holy grail that eliminates all forms of phishing. In reality, that story is much more nuanced; they actually only address one specific form of phishing. Even though passkeys cannot live up to the promises of the marketing stories, ... Read more
Microsoft most spoofed brand for phishing attacks
Hackers who want to carry out a phishing attack and misuse a well-known brand are most likely to use Microsoft's brand name.
That's according to research for the fourth quarter of 2023 by Check Point. The brand name was used in 33 per cent of the total number of (email) phishing attacks during ... Read more
New form of phishing: What is quishing and why is it dangerous?
Phishing is a technique that is still commonly used by hackers even though the attack is years old. Small changes to the technique breathe new life into the phishing scheme each time. This mainly involves changing the medium. Whereas phishing was traditionally spread via email, hackers later switch... Read more
New phishing campaign steals Instagram backup codes
A new phishing method aims to sidestep the two-step verification of Instagram accounts. A misleading email message and login page lets users unintentionally reveal their credentials and a temporary six-digit backup code.
The findings come from Trustwave, which previously described another method... Read more
Decades after its debut, SMTP still enables new phishing techniques
A new form of e-mail spoofing was revealed this week: "SMTP Smuggling." The vulnerability allows threat actors to produce highly believable phishing emails. Although it seems decades past the time to move away from the ancient protocol, SMTP is here to stay.
The new method bypasses email protect... Read more
MongoDB leaks data, but does not tell how much
MongoDB is still investigating a security incident in which hackers penetrated customers' business systems. Contact information and metadata were allegedly accessed. The number of involved customers stays unclear.
During the weekend of Dec. 16 and 17, a security incident occurred at MongoDB. On... Read more
Qakbot malware returns with phishing attack on hospitality industry
The infamous Qakbot malware has made a return. Microsoft Threat Intelligence warns of new phishing emails purporting to be from the U.S. Internal Revenue Service (IRS).
In late August, international police units announced they had eliminated the giant Qakbot botnet during "Operation Duck Hunt." ... Read more
Phishing attack disguised as warning from the WordPress security team
A new phishing campaign that aims to install a rogue extension specifically targets administrators of WordPress websites, reports Wordfence. Hackers are allegedly posing as the "WordPress Security Team" in the process.
According to Wordfence, a phishing campaign is underway that targets administ... Read more
Russian state hackers exploit WinRAR vulnerability
Russian state-affiliated hacker gang APT29 is exploiting the CVE-2023-38831 vulnerability in WinRAR 6.23 and older versions. A combined tactic of "old-school phishing and new cloaking capabilities" is used for this purpose. This is what the Ukrainian National Security and Defense Council (NDSC) ind... Read more