FreshRSS

🔒
△ 🔃
☐ ☆ ✇ The Hacker News

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

By Newsroom — November 9th 2023 at 13:26
A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used
☐ ☆ ✇ The Hacker News

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

By Newsroom — October 26th 2023 at 13:56
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financially motivated hacking crew, described the adversary as "one of the most dangerous financial criminal
☐ ☆ ✇ The Hacker News

Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants

By Ravie Lakshmanan — June 9th 2023 at 15:53
Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations," the tech giant disclosed in a Thursday
☐ ☆ ✇ The Hacker News

New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages

By Ravie Lakshmanan — May 13th 2023 at 07:45
A new phishing-as-a-service (PhaaS or PaaS) platform named Greatness has been leveraged by cybercriminals to target business users of the Microsoft 365 cloud service since at least mid-2022, effectively lowering the bar to entry for phishing attacks. "Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates
☐ ☆ ✇ The Hacker News

Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

By Ravie Lakshmanan — August 3rd 2022 at 09:03
A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts. "It uses an adversary-in-the-middle (AitM) attack technique capable of bypassing multi-factor authentication," Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu said in a Tuesday report. "The campaign is
❌