SMS – Cybersecurity News Everyday

Cyber Insights 2025: Social Engineering Gets AI Wings

January 24, 2025January 25, 2025 CybersecurityNews

Summary: Cyber Insights 2025 highlights the evolution of social engineering as a significant cybersecurity threat, particularly with the rise of generative AI. Experts predict that AI will enhance social engineering tactics, making them more sophisticated and widespread, thereby increasing the risk of cyberattacks. The article emphasizes the inherent human nature of social engineering and the challenges in mitigating its effects on individuals and organizations.…

Threat Research

Smishing Threats Targeting INPS: Hunt for Personal Documents for Identity Theft

January 23, 2025 Italy-Cert-agid

A recent smishing campaign in Italy is exploiting the INPS name and logo to deceive victims into providing personal and financial information. The fraudulent SMS messages prompt users to update their information under the threat of account suspension, leading them to a fake website. The stolen data is used for identity theft and other fraudulent activities.…

Cyber Attack

DONOT Group Deploys Malicious Android Apps in India

January 22, 2025January 25, 2025 LeakNews

Summary: The DONOT Team, an advanced persistent threat (APT) group, is utilizing two deceptive Android applications, “Tanzeem” and “Tanzeem Update,” to conduct intelligence-gathering operations against individuals and organizations in India. These apps masquerade as chat applications but are designed to exploit device permissions for data harvesting.…

Cyber Security News

Researchers Found New Android Malware Linked to DoNot Team APT Group

January 21, 2025 Cyware

Summary: CYFIRMA researchers have linked a newly discovered Android malware named “Tanzeem” to the Indian APT group DoNot Team, which has been active since 2016. This malware targets government and military organizations in South Asia and utilizes the OneSignal platform to deliver phishing links. The evolving tactics of the DoNot APT group signify a persistent threat to regional cybersecurity.…

Cyber Security News

Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes

January 21, 2025January 25, 2025 CybersecurityNews

Summary: Marco Raquan Honesty, a 28-year-old from Washington, has pleaded guilty to multiple fraud schemes resulting in over $600,000 in losses. His criminal activities included COVID relief fraud, smishing scams, and bank account takeovers, among others. Investigators seized numerous devices and materials related to his fraudulent operations during a search of his residence.…

Cyber Security News

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

January 20, 2025 CybersecurityNews

Summary: The DoNot Team has developed a new Android malware named Tanzeem, designed for targeted cyber attacks against specific individuals or groups. The malware masquerades as a chat application but fails to function, instead facilitating intelligence gathering through various malicious activities. This development highlights the group’s evolving tactics, including the abuse of push notifications to deploy additional malware.…

Threat Research

ANDROID MALWARE IN DONOT APT OPERATIONS

January 17, 2025 Cyfirma

The CYFIRMA research team has identified a new Android malware attributed to the Indian APT group ‘DONOT’, utilizing a seemingly benign application named “Tanzeem” to gather intelligence against internal threats. The app misuses the OneSignal platform to send phishing notifications, and its permissions allow extensive access to user data.…

Cyber Attack

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

January 17, 2025January 25, 2025 TheHackerNews

Summary: Recent data breaches have underscored the urgent need for enhanced security in guest Wi-Fi infrastructures across organizations. As businesses strive to balance network protection with convenient access for guests and employees, implementing secure guest Wi-Fi solutions has become essential. The integration of zero-trust architecture with cloud-based captive portals offers a robust framework for safeguarding sensitive data while ensuring compliance and operational continuity.…

Cyber Attack

MFA Failures – The Worst is Yet to Come

January 16, 2025January 25, 2025 BleepingComputer

Summary: The article discusses the increasing ineffectiveness of legacy Multi-Factor Authentication (MFA) systems in the face of sophisticated cyber threats, particularly phishing and ransomware attacks. It highlights the role of generative AI in enhancing these attacks and emphasizes the urgent need for organizations to adopt next-generation MFA solutions that do not rely on user vigilance.…

Threat Research

Sneaky 2FA: exposing a new AiTM Phishing-as-a-Service

January 16, 2025 SekoiaIO

In December 2024, a new Adversary-in-the-Middle (AiTM) phishing kit known as Sneaky 2FA was identified, targeting Microsoft 365 accounts. This phishing kit, sold as Phishing-as-a-Service (PhaaS) by the cybercrime service “Sneaky Log”, utilizes sophisticated techniques including autograb functionality and anti-bot measures. The analysis reveals its operational methods, including the use of Telegram for distribution and support.…

Threat Research

Ransomware and Cyber Extortion in Q4 2024

January 15, 2025 Reliaquest

The last quarter of 2024 saw an unprecedented surge in ransomware activity, with significant growth in the number of active groups and notable incidents involving established players like LockBit and emerging threats such as Akira and BlackLock. This report highlights key findings, trends, and recommendations to bolster defenses against ransomware attacks.…

Cyber Security News

As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks

January 15, 2025January 25, 2025 DarkReading

Summary: In 2024, China’s cyber-operations groups significantly escalated their attacks on Taiwanese organizations, particularly targeting government and telecommunications sectors, resulting in over 2.4 million daily attack attempts. The Taiwanese National Security Bureau reported a 20% increase in successful attacks compared to the previous year, highlighting the aggressive tactics employed by China in cyberspace.…

Threat Research

The Evolution of Ransomware: From Simple Encryption to Double Extortio…

January 15, 2025 SocRadar

The article discusses the evolution of ransomware from its inception in the late 1980s to its current state as a sophisticated and multi-faceted threat. It highlights key developments, including the introduction of cryptocurrencies, the rise of Ransomware-as-a-Service (RaaS), and the emergence of double and triple extortion tactics.…

Cyber Security News

Phishing texts trick Apple iMessage users into disabling protection

January 13, 2025 BleepingComputer

Summary: Cybercriminals are exploiting a vulnerability in Apple iMessage’s phishing protection by tricking users into replying to smishing messages, which re-enables links that were initially disabled. This tactic poses a significant threat as it targets users who may not recognize phishing attempts, particularly older individuals.

Threat Actor: Cybercriminals | cybercriminals Victim: Mobile users | mobile users

Key Point :

Attackers send smishing texts that appear legitimate, prompting users to reply to enable links.…

Cyber Attack

Mitel 0-day, 5-year-old Oracle RCE exploited in the wild • The Register

January 9, 2025January 25, 2025 admin

Summary: Cybercriminals are exploiting vulnerabilities in Mitel MiCollab and Oracle WebLogic Server, including a critical zero-day flaw. The US Cybersecurity and Infrastructure Security Agency (CISA) has added these vulnerabilities to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.

Threat Actor: Unknown | unknown Victim: Mitel and Oracle | Mitel and Oracle

Key Point :

Two vulnerabilities in Mitel MiCollab (CVE-2024-41713 and CVE-2024-55550) and one in Oracle WebLogic Server (CVE-2020-2883) are actively being exploited.…

Cyber Attack

Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections

January 9, 2025January 25, 2025 TheHackerNews

Summary: Cybersecurity researchers have identified ongoing malspam campaigns where threat actors spoof sender email addresses, often using neglected domains to bypass security measures. These campaigns include phishing attempts and extortion schemes targeting various sectors, utilizing tactics like QR codes and impersonation of trusted brands.

Threat Actor: Muddling Meerkat | Muddling Meerkat Victim: Various sectors including legal, government, and construction | Various sectors

Key Point :

Threat actors are using old, neglected domains to spoof sender addresses and evade security checks.…

Cyber Security News

Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year

January 7, 2025January 25, 2025 TheHackerNews

Summary: This article reflects on the cybersecurity solutions that have become obsolete in 2024, highlighting their vulnerabilities and the advancements that have emerged to replace them. It emphasizes the importance of adapting to evolving cyber threats and the shift towards more secure technologies.

Threat Actor: Cybercriminals | cybercriminals Victim: Organizations | organizations

Key Point :

Legacy Multi-Factor Authentication (MFA) became obsolete due to vulnerabilities to modern attack techniques like phishing and SIM swapping.…

Cyber Attack

FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices

January 6, 2025January 25, 2025 TheHackerNews

Summary: FireScam is an Android malware disguised as a premium Telegram app that steals sensitive data and maintains remote control over infected devices through a sophisticated multi-stage infection process.

Threat Actor: Unknown | FireScam Victim: Android Users | Telegram

Key Point :

FireScam is distributed via a phishing site that mimics the RuStore app store, delivering a dropper APK that installs the main malware payload.…

Cyber Attack

New FireScam Android malware poses as RuStore app to steal data

January 5, 2025January 25, 2025 BleepingComputer

Summary: A new Android malware called ‘FireScam’ is being distributed as a fake premium version of the Telegram app through phishing sites that imitate RuStore, Russia’s app marketplace. This malware is designed to steal user credentials and sensitive information while employing advanced evasion techniques.

Threat Actor: Unknown | FireScam Victim: Android users | Telegram

Key Point :

FireScam is delivered via a dropper module that installs the main malware payload while evading detection.…

Threat Research

Inside FireScam : An Information Stealer with Spyware Capabilities

December 30, 2024 Cyfirma

The report delves into FireScam, a sophisticated Android malware disguised as a Telegram Premium app, highlighting its distribution methods, operational features, and implications for user security. The findings underscore the urgent need for enhanced cybersecurity measures to combat such threats. #FireScam #AndroidMalware #Cybersecurity

Keypoints :

FireScam is an information-stealing malware with spyware capabilities.…

Tag: SMS