Search results for phishing | Breaking Cybersecurity News | The Hacker News

A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster codenamed CryptoChameleon that's designed to primarily target mobile devices. "This kit enables attackers to build carbon copies of single sign-on (SSO) pages, then use a combination of email, SMS, and voice phishing to trick the target into sharing usernames, passwords, password reset URLs, and even photo IDs from hundreds of victims, mostly in the United States," Lookout  said  in a report. Targets of the phishing kit include employees of the Federal Communications Commission (FCC), Binance, Coinbase, and cryptocurrency users of various platforms like Binance, Coinbase, Gemini, Kraken, ShakePay, Caleb & Brown, and Trezor. More than 100 victims have been successfully phished to date. The phishing pages are designed such that the fake login screen is displayed only after the victim completes a CAPTCHA test using hCaptcha, thus preventing automa

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to mount a mass attack for as little as $230. "This messaging app has transformed into a bustling hub where seasoned cybercriminals and newcomers alike exchange illicit tools and insights creating a dark and well-oiled supply chain of tools and victims' data," Guardio Labs researchers Oleg Zaytsev and Nati Tal  said  in a new report. "Free samples, tutorials, kits, even hackers-for-hire – everything needed to construct a complete end-to-end malicious campaign." The company also described Telegram as a "scammers paradise" and a "breeding ground for modern phishing operations." This is not the first time the popular messaging platform has  come under the radar  for facilitating malicious activities, which are in part driven by its lenient modera

Over the past two years, a shocking  51% of organizations surveyed in a leading industry report have been compromised by a cyberattack.  Yes, over half.  And this, in a world where enterprises deploy  an average of 53 different security solutions  to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned by Pentera and conducted by Global Surveyz Research, offers a quantifiable glimpse into this evolving battlefield, revealing a stark contrast between the growing risks and the tightening budget constraints under which cybersecurity professionals operate. With this report, Pentera has once again taken a magnifying glass to the state of pentesting to release its annual report about today's pentesting practices. Engaging with 450 security executives from North America, LATAM, APAC, and EMEA—all in VP or C-level positions at organizations with over 1,000 employees—the report paints a current picture of modern security validation prac

A new phishing technique called "file archiver in the browser" can be leveraged to "emulate" a file archiver software in a web browser when a victim visits a .ZIP domain. "With this phishing attack, you simulate a file archiver software (e.g., WinRAR) in the browser and use a .zip domain to make it appear more legitimate," security researcher mr.d0x  disclosed  last week. Threat actors, in a nutshell, could create a realistic-looking  phishing landing page  using HTML and CSS that mimics legitimate file archive software, and host it on a .zip domain, thus elevating  social engineering campaigns . In a potential attack scenario, a miscreant could resort to such trickery to redirect users to a credential harvesting page when a file "contained" within the fake ZIP archive is clicked. "Another interesting use case is listing a non-executable file and when the user clicks to initiate a download, it downloads an executable file," mr.d0x

An open source adversary-in-the-middle ( AiTM ) phishing kit has found a number of takers in the cybercrime world for its ability to orchestrate attacks at scale. The Microsoft Threat Intelligence team is tracking the threat actor behind the development of the kit under its emerging moniker  DEV-1101 . An  AiTM phishing attack  typically involves a threat actor attempting to steal and intercept a target's password and session cookies by deploying a proxy server between the user and the website. Such attacks are more effective owing to their ability to circumvent multi-factor authentication (MFA) protections, specifically time-based one-time passwords ( TOTPs ). DEV-1101, per the tech giant, is said to be the party behind several phishing kits that can be purchased or rented by other criminal actors, thereby reducing the effort and resources required to launch a phishing campaign. "The availability of such phishing kits for purchase by attackers is part of the industrial

Cybersecurity researchers are warning about a spike in email phishing campaigns that are weaponizing the Google Cloud Run service to deliver various banking trojans such as  Astaroth  (aka Guildma),  Mekotio , and  Ousaban  (aka Javali) to targets across Latin America (LATAM) and Europe. "The infection chains associated with these malware families feature the use of malicious Microsoft Installers (MSIs) that function as droppers or downloaders for the final malware payload(s)," Cisco Talos researchers  disclosed  last week. The high-volume malware distribution campaigns, observed since September 2023, have employed the same storage bucket within Google Cloud for propagation, suggesting potential links between the threat actors behind the distribution campaigns. Google Cloud Run is a  managed compute platform  that enables users to run frontend and backend services, batch jobs, deploy websites and applications, and queue processing workloads without having to manage or sca

Artificial intelligence (AI) holds immense potential for optimizing internal processes within businesses. However, it also comes with legitimate concerns regarding unauthorized use, including data loss risks and legal consequences. In this article, we will explore the risks associated with AI implementation and discuss measures to minimize damages. Additionally, we will examine regulatory initiatives by countries and ethical frameworks adopted by companies to regulate AI. Security risks  AI phishing attacks Cybercriminals can leverage AI in various ways to enhance their phishing attacks and increase their chances of success. Here are some ways AI can be exploited for phishing: -  Automated Phishing Campaigns:  AI-powered tools can automate the creation and dissemination of phishing emails on a large scale. These tools can generate convincing email content, craft personalized messages, and mimic the writing style of a specific individual, making phishing attempts appear more legit

A new phishing-as-a-service (PhaaS or PaaS) platform named  Greatness  has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates highly convincing decoy and login pages," Cisco Talos researcher Tiago Pereira  said . "It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page." Campaigns involving Greatness have mainly manufacturing, health care, and technology entities located in the U.S., the U.K., Australia, South Africa, and Canada, with a spike in activity detected in December 2022 and March 2023. Phishing kits like Greatness offer t

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called  Caffeine  to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing campaigns," Mandiant  said  in a new report. Some of the core features offered by the platform comprise the ability to craft customized phishing kits, manage redirect pages, dynamically generate URLs that host the payloads, and track the success of the campaigns. The development comes a little over a month after Resecurity took the wraps off another PhaaS service dubbed  EvilProxy  that's offered for sale on dark web criminal forums. But unlike EvilProxy, whose operators are known to vet prospective customers before activating the subscriptions, Caffeine is notable for running an o

Microsoft on Thursday disclosed an "extensive series of credential phishing campaigns" that takes advantage of a custom phishing kit that stitched together components from at least five different widely circulated ones with the goal of siphoning user login information. The tech giant's Microsoft 365 Defender Threat Intelligence Team, which detected the first instances of the tool in the wild in December 2020, dubbed the copy-and-paste attack infrastructure " TodayZoo ." "The abundance of phishing kits and other tools available for sale or rent makes it easy for a lone wolf attacker to pick and choose the best features from these kits," the researchers said. "They put these functionalities together in a customized kit and try to reap the benefits all to themselves. Such is the case of TodayZoo." Phishing kits, often sold as one time payments in underground forums, are packaged archive files containing images, scripts, and HTML pages that

The threat actors behind a large-scale adversary-in-the-middle (AiTM)  phishing campaign  targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users. "This campaign specifically targeted chief executives and other senior members of various organizations which use [Google Workspace]," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu  detailed  in a report published this month. The AiTM phishing attacks are said to have commenced in mid-July 2022, following a similar modus operandi as that of a  social engineering campaign  designed to siphon users' Microsoft credentials and even bypass multi-factor authentication. The low-volume Gmail AiTM phishing campaign also entails using the compromised emails of chief executives to conduct further social engineering, with the attacks also utilizing several compromised domains as an intermediate URL redirector to take the victims to the final landing page. Attack cha

In yet another sign that Telegram is increasingly becoming a  thriving hub  for cybercrime, researchers have found that threat actors are using the messaging platform to peddle phishing kits and help set up phishing campaigns. "To promote their 'goods,' phishers create Telegram channels through which they educate their audience about phishing and entertain subscribers with polls like, 'What type of personal data do you prefer?'," Kaspersky web content analyst Olga Svistunova  said  in a report published this week. The links to these Telegram channels are distributed via YouTube, GitHub, and the phishing kits that are developed by the crooks themselves. The Russian cybersecurity firm said it detected over 2.5 million malicious URLs generated using phishing kits in the past six months. One of the prominent services offered is to provide threat actors with Telegram bots that automate the process of generating phishing pages and collecting user data. Although

Did someone just share a random Google Doc with you? First of all — Do not click on that Google Doc link you might have just received in your email and delete it immediately — even if it's from someone you know. I, my colleagues at The Hacker News, and even people all around the Internet, especially journalists, are receiving a very convincing OAuth phishing email, which says that the person [sender] " has shared a document on Google Docs with you. " Once you clicked the link, you will be redirected to a page which says, " Google Docs would like to read, send and delete emails, as well access to your contacts, " asking your permission to "allow" access. If you allow the access, the hackers would immediately get permission to manage your Gmail account with access to all your emails and contacts, without requiring your Gmail password. Beware! New GoogleDocs Phishing Email Scam Spreading Across the World — Here's Everything You Need to K

Employees are the weakest link when it comes to enterprise security, and unfortunately hackers realized this years ago. All an attacker needs to use some social engineering tactics against employees of companies and organizations they want to target. A massive 91% of successful data breaches at companies started with a social engineering and spear-phishing attack. A phishing attack usually involves an e-mail that manipulates a victim to click on a malicious link that could then expose the victim's computer to a malicious payload. So what is the missing link to manage the problem of employees being Social engineered? The answer is very simple – Educate your Employees and reinforce good security procedures at the same time. Phish your Employees! Yes, you heard me right… by this I mean that you should run a mock phishing campaign in your organization and find out which employees would easily fall victim to the phishing emails. Then step everyone through Internet

Just a few hours after Donald Trump won the 2016 US Presidential Election, a hacking group launched a wave of cyber attacks targeting U.S.-based policy think-tanks with a new spear phishing campaign designed to fool victims into installing malware. The group of nation-state hackers, also known as Cozy Bear , APT29 , and CozyDuke , is the one of those involved in the recent data breach of the Democratic National Committee (DNC) and is allegedly tied to the Russian government. On Wednesday, the hackers sent a series of phishing emails to dozens of targets associated with non-governmental organizations (NGOs), policy think tanks in the US and even inside the US government, said security firm Volexity. Phishing Attacks Powered by 'PowerDuke' Malware The phishing emails were sent from purpose-built Gmail accounts and other compromised email accounts at Harvard University's Faculty of Arts and Sciences (FAS), trying to trick victims into opening tainted attachments

When it comes to cyber security, even big organizations lack the basic knowledge of how to protect company's data from the outside. Everyday businesses are facing the threat of phishing, ransomware , data breaches and malware attacks that not only results in millions of dollars losses, but also damaged the reputations. A new study shows that five out of six of the most serious IT security threats directly relate to phishing or the aftermath of a successful phishing attack . SEA, short for Syrian Electronic Army , is famous for its advanced phishing attack capabilities and with the help of the same technique they fooled many popular organizations, social media and news media, including Twitter, Microsoft, Skype, Forbes, eBay and Paypal. Where do we lack? According to the annual Verizon Data Breach Investigations report, about 58% of cyber security incidents were caused by employees, either due to failure in handling data or approving malicious data. So, in

A Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet. He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right? Okay, then before going to the in-depth details, first have a look at this demo web page  ( note: you may experience downtime due to high traffic on demo server ), set up by Chinese security researcher Xudong Zheng, who discovered the attack. " It becomes impossible to identify the site as fraudulent without carefully inspecting the site's URL o