EMAIL Archives - Cybersecurity News Everyday

Decoding Fake US ESTA Emails: Scam or Real Deal?

The Cofense Phishing Defense Center has reported an increase in phishing emails masquerading as communications from US Customs and Border Protection regarding the Electronic System for Travel Authorization (ESTA). These emails create urgency and fear to trick users into providing personal information through a fraudulent website.…

Cyber Security News

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth

April 2, 2025 CybersecurityNews

Summary: Cybersecurity researchers have identified enhanced malware loaders, including Hijack Loader and SHELBY, that use advanced evasion tactics and innovative command-and-control methods. Hijack Loader introduces call stack spoofing and anti-VM checks, while SHELBY operates through GitHub for remote control and data exfiltration. Meanwhile, Emmenhtal loader has been distributing SmokeLoader via phishing emails using .NET…

Cyber Attack

We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

April 2, 2025 BleepingComputer

Summary: The Acronis Threat Research Unit (TRU) analyzed a complex malware delivery chain demonstrating the use of multiple scripting languages and obfuscation techniques, leading to the deployment of high-profile malware such as DCRat. The infection starts with a deceptive email attachment, escalating through a multi-stage process involving Visual Basic Script, batch files, and PowerShell.…

Threat Research

Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon

April 2, 2025 Unit42

Researchers from Unit 42 have identified a rise in sophisticated phishing tactics that leverage QR codes and URL redirection to compromise user credentials. These methods obscure the true destination of phishing links, making it easier for attackers to deceive victims, particularly in sectors such as medical, automotive, education, energy, and finance.…

Cyber Attack

Critical auth bypass bug in CrushFTP now exploited in attacks

April 1, 2025 BleepingComputer

Summary: Attackers are exploiting a critical authentication bypass vulnerability in CrushFTP, which can enable remote access for unauthenticated users on unpatched versions of the software. Users have been urged to apply patches to protect their systems, while existing exposed servers are being targeted by various exploitation attempts.…

Threat Research

Qilin affiliates spear-phish MSP ScreenConnect admin, targeting customers downstream

April 1, 2025 Sophos

In late January 2025, an MSP administrator fell victim to a sophisticated phishing email that mimicked an authentication alert for a remote management tool, leading to a ransomware attack by Qilin actors. This incident emphasizes the vulnerabilities faced by MSPs and their clients to phishing campaigns.…

Cyber Security News

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

April 1, 2025 CybersecurityNews

Summary: The Shadowserver Foundation reported a surge in exploitation attempts targeting a recently patched vulnerability in CrushFTP, a file transfer solution. Despite ongoing updates and mitigations from CrushFTP, vulnerability intelligence firms have created CVE identifiers, leading to confusion in the cybersecurity community. As unpatched instances remain, CrushFTP has urged users to promptly apply available patches.…

Cyber Attack

Check Point Responds to Hacking Claims

April 1, 2025 LeakNews

Summary: Israeli cybersecurity firm Check Point responded to claims by a hacker named CoreInjection, who alleged the theft of sensitive data and was offering it for sale. Check Point refuted the claims, stating the data came from a prior incident in December 2024 and was not tied to any active breach.…

Threat Research

Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs

April 1, 2025 Seqrite

The article discusses Operation HollowQuill, a targeted cyber campaign against the Baltic State Technical University, designed to infiltrate academic and defense networks through weaponized decoy documents. The attack utilizes a multi-stage infection chain, including a malicious RAR file, a .NET malware dropper, Golang shellcode, and a Cobalt Strike payload.…

Threat Research

Remcos RAT Malware Disguised as Major Carrier’s Waybill

April 1, 2025 Ahnlab

AhnLab Security Intelligence Center (ASEC) uncovered Remcos malware camouflaged as a shipping waybill. The article outlines the distribution process involving HTML, JavaScript, and AutoIt scripts, ultimately leading to the execution of the Remcos malware. It emphasizes the importance of vigilance when handling emails from unfamiliar sources to prevent malware infection.…

Cyber Security News

Morphing Meerkat’s Phishing Tactics: Abusing DNS MX Records

April 1, 2025 CybersecurityNews

Summary: A recent report by Infoblox Threat Intelligence details a sophisticated phishing operation named Morphing Meerkat, which utilizes DNS techniques to create tailored phishing content for victims. The operation dynamically serves fake login pages mimicking over 100 brands, employing advanced methods to evade detection and enhance effectiveness.…

Threat Research

A DNS Investigation of SEO Manipulation via Bad Seed BadIIS

April 1, 2025 CircleID

A recent investigation by Trend Micro researchers revealed a search engine optimization (SEO) manipulation campaign named BadIIS targeting users of Internet Information Services (IIS). This financially motivated campaign redirects victims to illegal gambling websites and has notably affected Asian countries such as India, Thailand, and Vietnam, with potential global repercussions.…

Cyber Security News

Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks

April 1, 2025 BleepingComputer

Summary: A phishing-as-a-service (PhaaS) platform named ‘Lucid’ has emerged, targeting 169 entities across 88 countries through sophisticated phishing messages sent via iMessage and RCS. Operated by the XinXin group, this platform enables other cybercriminals to access over 1,000 phishing domains and tools through a subscription model.…

Cyber Security News

Hacker Leaks Samsung Customer Data

March 31, 2025 CybersecurityNews

Summary: A hacker known as ‘GHNA’ has leaked around 270,000 customer records from Samsung Germany’s ticketing system, sourced via compromised credentials from Spectos GmbH. The data breach stems from an incident in 2021 and includes sensitive personal and transaction information. Experts warn that the leaked data could facilitate various cyber threats, including phishing and account takeovers.…

Cyber Attack

Russia-Linked Gamaredon Uses Troop-Related Lures to Deploy Remcos RAT in Ukraine

March 31, 2025 LeakNews

Summary: A recent phishing campaign targeting Ukrainian entities has been identified, utilizing social engineering techniques to distribute the Remcos RAT trojan. This campaign, attributed to the Russian hacking group Gamaredon, uses deceptive files related to military movements to trick victims. The campaign highlights ongoing cyber espionage efforts associated with Russian Intelligence Services against Ukraine.…

Tag: EMAIL