Search results for phishing | Breaking Cybersecurity News | The Hacker News

The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity. With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more on technology and are busy fighting with the pandemic, the attackers now have plenty of options to target them more than ever. According to PWC's April report, the number of security threats to the Indian company doubled in March 2020—especially what's more worrying is a 100% rise between March 17 and 20—from Jan 2020. Sanjay Dhotre, the Union Minister of State for Electronics & Information Technology (MeITY),  said  that India has seen over 350,000 cyberattacks in the second quarter, triple the number of recorded events in the first quarter of 2020. He also highlighted that ther

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it  announced the plans . "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video," Anthony Chavez, vice president of Privacy Sandbox initiatives at Google,  said . "Without viable privacy-preserving alternatives to third-party cookies, such as the Privacy Sandbox, we risk reducing access to information for all users, and incentivizing invasive tactics such as fingerprinting." To that end, the search giant is initially leaving nearly three percent of users unaffected by the change in order to conduct sufficient tests. General availability is expected to encompass all users in the coming months. Privacy Sandbox is Google's  umbrella term  for a set of technologies that aim to eliminate third-party tracking cookies on the web and replace them

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in

Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including—Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking site VKontakte, and China's Weibo and Douban—based on their names and pictures. The tool's creators claim they developed Social Mapper intelligence-gathering tool predominantly to help pen testers and red teamers with social engineering attacks. Although the searches of names and pictures can already be performed manually, Social Mapper makes it possible to automate such scans far faster and "on a mass scale with hundreds or thousands of individuals" at once. "Performing intelligence gathering online is a time-consuming process, it typically starts by attempting to

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as  OilRig  in 2021 and 2022. The campaigns, dubbed Outer Space and Juicy Mix, entailed the use of two previously undocumented first-stage backdoors called Solar and Mango, which were deployed to collect sensitive information from major browsers and the Windows Credential Manager. "Both backdoors were deployed by VBS droppers, presumably spread via spear-phishing emails," ESET security researcher Zuzana Hromcová  said  in a Thursday analysis. OilRig (aka APT34, Cobalt Gypsy, Hazel Sandstorm, and Helix Kitten) is the name assigned to an  intrusion set  affiliated with Iran's Ministry of Intelligence and Security (MOIS). Active since 2014, the threat actor has used a wide range of tools at its disposal to carry out information theft. Earlier this February, Trend Micro  discovered  OilRig's use of a simple backdoor to steal users' credenti

Despite the disruption to its infrastructure, the threat actors behind the QakBot malware have been linked to an ongoing phishing campaign since early August 2023 that led to the delivery of Ransom Knight (aka Cyclops) ransomware and Remcos RAT. This indicates that "the law enforcement operation may not have impacted Qakbot operators' spam delivery infrastructure but rather only their command-and-control (C2) servers," Cisco Talos researcher Guilherme Venere  said  in a new report published today. The activity has been attributed with moderate confidence by the cybersecurity firm to QakBot affiliates. There is no evidence to date that the threat actors have resumed distributing the malware loader itself post-infrastructure takedown. QakBot, also called QBot and Pinkslipbot, originated as a Windows-based banking trojan in 2007 and subsequently developed capabilities to deliver additional payloads, including ransomware. In late August 2023, the notorious malware operation was dealt

Multiple cybercriminal groups are leveraging a malware-as-a-service (MaaS) solution to carry out a wide range of malicious software distribution campaigns that result in the deployment of payloads such as Campo Loader, Hancitor,  IcedID ,  QBot ,  Buer Loader , and SocGholish against individuals in Belgium as well as government agencies, companies, and corporations in the U.S. Dubbed " Prometheus " and available for sale on underground platforms for $250 a month since August 2020, the service is a Traffic Direction System (TDS) that's designed to distribute malware-laced Word and Excel documents, and divert users to phishing and malicious sites, according to a Group-IB report shared with The Hacker News. More than 3,000 email addresses are said to have been singled out via malicious campaigns in which Prometheus TDS was used to send malicious emails, with banking and finance, retail, energy and mining, cybersecurity, healthcare, IT, and insurance emerging the prominen

Potential connections between a subscription-based crimeware-as-a-service (CaaS) solution and a cracked copy of Cobalt Strike have been established in what the researchers suspect is being offered as a tool for its customers to stage post-exploitation activities. Prometheus , as the service is called, first came to light in August 2021 when cybersecurity company Group-IB disclosed details of malicious software distribution campaigns undertaken by cybercriminal groups to distribute Campo Loader, Hancitor, IcedID, QBot, Buer Loader, and SocGholish in Belgium and the U.S. Costing $250 a month, it's marketed on Russian underground forums as a traffic direction system (TDS) to enable phishing redirection on a mass scale to rogue landing pages that are designed to deploy malware payloads on the targeted systems. "Prometheus can be considered a full-bodied service/platform that allows threat groups to purvey their malware or phishing operations with ease," BlackBerry Resear

As ransomware attacks  against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The ransomware gang, codenamed "OldGremlin" and believed to be a Russian-speaking threat actor, has been linked to a series of campaigns at least since March, including a successful attack against a clinical diagnostics laboratory that occurred last month on August 11. "The group has targeted only Russian companies so far, which was typical for many Russian-speaking adversaries, such as  Silence  and  Cobalt , at the beginning of their criminal path," Singaporean cybersecurity firm Group-IB said in a report published today and shared with The Hacker News. "Using Russia as a testing ground, these groups then switched to other geographies to distance thems

There's a scam spreading through Twitter Direct messages (DMs) and fake emails, appealing users to visit a fake twitter phishing site i.e " twittler.com ". Scam uses a hijacked Twitter account to send out direct messages that appear completely legitimate. Security blogger, Janne Ahlberg blogged about this new phishing scam, " This is a nasty trick especially when the sender is someone you know and trust. If you receive a suspicious DM or email from a person you know and trust, just warn him/her – the account is most likely hijacked and controlled by the attackers. " The webpage resembles a Twitter login page and is trying to obtain your Twitter login credentials with a domain name looks very similar to original Twitter.com , with two extra word "LL" in it.   To play it safe, double-check your browser address bar to make sure that's where you are on orginal website  twitter.com before logging in. If you enter your Twitter usern

A new phishing campaign has been observed delivering remote access trojans (RAT) such as VCURMS and STRRAT by means of a malicious Java-based downloader. "The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware," Fortinet FortiGuard Labs researcher Yurren Wan  said . An unusual aspect of the campaign is VCURMS' use of a Proton Mail email address ("sacriliage@proton[.]me") for communicating with a command-and-control (C2) server. The attack chain commences with a phishing email that urges recipients to click on a button to verify payment information, resulting in the download of a malicious JAR file ("Payment-Advice.jar") hosted on AWS. Executing the JAR file leads to the retrieval of two more JAR files, which are then run separately to launch the twin trojans. Besides sending an email with the message "Hey master, I am online" to the actor-controlled address, VCURMS RAT periodic

Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group  SideWinder  to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies Group-IB and Bridewell said in a joint report shared with The Hacker News. "The identified phishing domains mimic various organizations in the news, government, telecommunications, and financial sectors," researchers Nikita Rostovtsev, Joshua Penny, and Yashraj Solanki  said . SideWinder has been known to be active since at least 2012, with attack chains primarily leveraging spear-phishing as an intrusion mechanism to obtain a foothold into targeted environments. The target range of the group is widely believed to be associated with Indian espionage interests. The most frequently attacked nations include Pakistan, China, Sri Lanka, Afghanistan, Bangladesh, Myanmar, the Philippi

Scammers have again targeted more than one billion active users of the popular social networking giant Facebook, to infect as many victims as possible. This time, an old Facebook scam is back in action once again! Malicious Facebook "Color Changer" app has resurfaced again on the popular social networking site Facebook, this time compromising more than 10,000 people worldwide. The malicious app promises users to change the characteristic blue colour of Facebook's header and interface to one of nine other colours including pink, purple, green, yellow, orange and black, in order to infect users' phones and computers with malicious software. Researchers at China-based Internet company Cheetah Mobile have detected the " Facebook colour changer " that tricks Facebook users into downloading the app via a malicious phishing site. The phishing website targets users in two ways: First of all, it steals the users' Facebook Access Tokens by asking them

The U.S. multinational computer software company Adobe has suffered a serious security breach earlier this month that exposed user records' database belonging to the company's popular Creative Cloud service. With an estimated 15 million subscribers, Adobe Creative Cloud or Adobe CC is a subscription service that gives users access to the company's full suite of popular creative software for desktop and mobile, including Photoshop, Illustrator, Premiere Pro, InDesign, Lightroom, and many more. What happened? — Earlier this month, security researcher Bob Diachenko collaborated with the cybersecurity firm Comparitech to uncover an unsecured Elasticsearch database belonging to Adobe Creative Cloud subscription service that was accessible to anyone without any password or authentication. How many victims? — The inadvertently exposed database, which has now been secured, contained personal information of nearly 7.5 million Adobe Creative Cloud user accounts. What type

A new, sophisticated phishing attack has been observed delivering the AsyncRAT trojan as part of a malware campaign that's believed to have commenced in September 2021. "Through a simple email phishing tactic with an HTML attachment, threat attackers are delivering AsyncRAT (a remote access trojan) designed to remotely monitor and control its infected computers through a secure, encrypted connection," Michael Dereviashkin, security researcher at enterprise breach prevention firm Morphisec,  said  in a report. The intrusions commence with an email message containing an HTML attachment that's disguised as an order confirmation receipt (e.g., Receipt-<digits>.html). Opening the decoy file redirects the message recipient to a web page prompting the user to save an ISO file. But unlike other attacks that route the victim to a phishing domain set up explicitly for downloading the next-stage malware, the latest RAT campaign cleverly uses JavaScript to locally crea

Two China-linked advanced persistent threat (APT) groups have been observed targeting entities and member countries affiliated with the Association of Southeast Asian Nations (ASEAN) as part of a cyber espionage campaign over the past three months. This includes the threat actor known as  Mustang Panda , which has been recently linked to  cyber attacks against Myanmar  as well as other Asian countries with a variant of the PlugX (aka Korplug) backdoor dubbed  DOPLUGS . Mustang Panda, also called Camaro Dragon, Earth Preta, and Stately Taurus, is believed to have targeted entities in Myanmar, the Philippines, Japan and Singapore, targeting them with phishing emails designed to deliver two malware packages. "Threat actors created malware for these packages on March 4-5, 2024, coinciding with the ASEAN-Australia Special Summit (March 4-6, 2024)," Palo Alto Networks Unit 42  said  in a report shared with The Hacker News. One of the malware package is a ZIP file that contains

No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also employ third-party vendors who may be authorized to send emails on behalf of the company. As a result, it becomes increasingly difficult to distinguish between sources that are legitimate and malicious. Here's a solution – PowerDMARC. This SaaS platform helps you assess your  email authentication  protocols from time to time and see if your domain is secure against spoofing with a DMARC record checker, so you can make changes if necessary. Check Your Domain Today!  Use our free tool to examine your domain's DMARC, SPF, DKIM, BIMI, and MTA-STS records instantly to ensure your domain is protected from impersonation and email fraud! Importance of Having Robust Email Security in 2021 S