New and sophisticated tax phishing scams are targeting taxpayers, warns Microsoft. These scams impersonate trusted sources and use urgency tactics to steal personal and financial data.

Taxpayers beware! Phishing scams are on the rise again as tax season heats up. Microsoft Threat Intelligence has issued warnings about new and innovative tactics cybercriminals are using to steal your personal information and financial data.…

Read More

Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.

Secureworks claimed in a new blog post that the scammers monitor Google search trends to identify interest in obituaries following a death, and then create fake notices using generative AI (GenAI).…

Read More
What happened 

Proofpoint researchers recently observed new activity by the Iran-aligned threat actor TA450 (also known as MuddyWater, Mango Sandstorm, and Static Kitten), in which the group used a pay-related social engineering lure to target Israeli employees at large multinational organizations. TA450 is known for targeting Israeli entities particularly since at least October 2023 with the start of the Israel-Hamas war and this continues that trend with a focus on global manufacturing, technology, and information security companies. …

Read More

New research from Recorded Futures Insikt Group outlines a collaborative investigation by threat intelligence analysts and R&D engineers into the potential malicious uses of artificial intelligence (AI) by threat actors. They experimented with a variety of AI models, including large language models, multimodal image models, and text-to-speech models, without any fine-tuning or additional training, to mimic the resources threat actors might realistically have.…

Read More

Perception Point security researchers have recently identified a newly surfaced campaign targeting US-based organizations. Dubbed “PhantomBlu,” the emerging malware campaign employs new TTPs and behaviors to evade detection and deploy the notorious NetSupport RAT. This campaign signifies a sophistication in malware attack methodologies, exploiting the legitimate features of remote administration tools for nefarious purposes.…

Read More

While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions.

The report tracked MITRE ATT&CK techniques that adversaries abuse most frequently throughout the year, and two new and notable entries soared to the top 10 in 2023: email forwarding rule and cloud accounts.…

Read More
Methodology-based scamsTarget-Based ScamsPlatform-Based ScamsOnline
Read More

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.

Introduction

Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.…

Read More

According to a new report, SIM-swapping crimes are rising worldwide, mainly committed by eSIM (Embedded Subscriber Identity Modules) users. eSIMs are digitally stored SIM cards that are embedded using software into devices. As a result, hackers are now attempting to exploit vulnerabilities within this software to brute force their way into victims’ phone accounts to port their mobile numbers to their own devices through brute force. …
Read More
In today’s digital landscape, small and medium-sized businesses (SMBs) are increasingly becoming prime targets for cybercriminals looking to exploit vulnerabilities for financial gain. A recent report from cybersecurity firm Sophos sheds light on the top cyber threats facing SMBs, highlighting information-stealing malware, ransomware, and business email compromise (BEC) as the most prevalent dangers. …
Read More

Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection Report.

Released this week, the Report (PDF) is based on the analysis of almost 60,000 threats drawn from 216 petabytes of telemetry from more than 1,000 customers’ endpoints, identities, clouds, and SaaS applications throughout 2023.…

Read More

SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.

Embedded Subscriber Identity Modules (eSIMs) are digital cards stored on the chip of the mobile device and serve the same role and purpose as a physical SIM card but can be remotely reprogrammed and provisioned, deactivated, swapped, deleted.…

Read More

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy.

The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.…

Read More

Voice phishing, also known as vishing, is popular right now, with multiple active campaigns throughout the world ensnaring even savvy victims who appear to know better, defrauding them of millions of dollars. South Korea is one of the global regions hardest hit by the attack vector; in fact, a fraud in August 2022 resulted in the largest amount ever stolen in a single phishing case in the country.…
Read More

Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.

Experts find an easy way to steal a Tesla

As Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off. …

Read More