A newly discovered phishing campaign has been compromising US entities such as the military, manufacturing, healthcare, pharmaceutical and security software sectors to harvest Microsoft Office 365 credentials. The cybercriminal operation is currently active, and its operators use fake voicemail notifications to bait targets into accessing a malicious HTML attachment. Based on reports, the recently discovered...Continue Reading
An alleged group of Iranian hackers has been operating a spearphishing campaign that includes masquerading known government officials. Based on reports, the Iran-sponsored threat group posed as a former United States ambassador to target think tank officials. The malicious threat actors could obtain initial access to one of its two targeted email boxes through phishing...Continue Reading
New studies show that the dark web is still filled with compromised victims’ data, reaching over 24 billion worth of usernames and passwords. These findings demonstrate a 65% uptick within two years, mostly due to users creating account passwords that hackers could easily crack. For instance, one in every 200 compromised passwords comprises the number...Continue Reading
The ALPHV ransomware group (also known as BlackCat) has devised a new method of threatening its targets. The group cleverly designed websites that let its victims’ employees and customers review if hackers stole their data during an attack. Most of the time, some threat groups will use the stolen data for double-extortion tactics, in which...Continue Reading
Ransomware gangs may have been upgrading their extortion tactics after starting to hack corporate websites to post their ransom notes for the public to see, adding more pressure for their victims to pay up. Industrial Spy, a ransomware threat group, was the first that has been identified using this new extortion tactic. Initially, the threat...Continue Reading
The Federal Bureau of Investigation (FBI) published an advisory about cybercriminals that offer access credentials for higher academic institutions based in the US. The actors sell these credentials for thousands of dollars and are all available on hacking forums and dark web marketplaces. The critical data offered by the actors contained virtual private networks (VPNs)...Continue Reading
Apple’s ‘Find My’ feature was found with a critical flaw that allows hackers to tamper with the firmware and inject malware through a Bluetooth chip capable of being launched even if an iPhone device is turned off. The new malicious intent of hackers abused the capability of wireless chips linked with Bluetooth, NFC, and ultra-wideband...Continue Reading
Many companies utilise vanity links mostly for their brands’ marketing purposes. However, researchers warned that threat actors had established ways to perform phishing attacks using this tool. Security experts explained that the issue regarding vanity links abuse begins when a cloud service would allow a vanity subdomain of a company but would not verify it...Continue Reading
A California resident phishing operator named Sercan Oyuntur has been indicted by the US Department of Justice (DoJ) for its malicious campaigns causing the US Department of Defense (DoD) to lose over $23.5 million in damages. The money swindled from the US DoD was meant for funding a jet fuel supplier. However, the phishing operator...Continue Reading
Scammers are becoming more advanced as technology progresses after security researchers discovered that AI-generated images are being used to conduct fraudulent activities. Based on a report, one victim received a suspicious email from an alleged attorney in a Boston law firm. After examining the email’s sender, it turned out that they are non-existent, and the...Continue Reading