Stay Ahead of Cyber Threats – Daily Security Insights, Powered by AI
New and sophisticated tax phishing scams are targeting taxpayers, warns Microsoft. These scams impersonate trusted sources and use urgency tactics to steal personal and financial data.
Taxpayers beware! Phishing scams are on the rise again as tax season heats up. Microsoft Threat Intelligence has issued warnings about new and innovative tactics cybercriminals are using to steal your personal information and financial data.…
Threat actors are attempting to compromise Social Security numbers with a tax phishing attack targeting small business owners and self-employed filers.
Worryingly, the social engineering scammers are likely operating with little more than a cheap email list of self-employed US residents, according to the latest advisory from Malwarebytes Labs.…
Security researchers have warned of a slew of fake obituaries designed to make money for their creators by redirecting visitors to adult entertainment sites and initiating antivirus (AV) popups.
Secureworks claimed in a new blog post that the scammers monitor Google search trends to identify interest in obituaries following a death, and then create fake notices using generative AI (GenAI).…
Proofpoint researchers recently observed new activity by the Iran-aligned threat actor TA450 (also known as MuddyWater, Mango Sandstorm, and Static Kitten), in which the group used a pay-related social engineering lure to target Israeli employees at large multinational organizations. TA450 is known for targeting Israeli entities particularly since at least October 2023 with the start of the Israel-Hamas war and this continues that trend with a focus on global manufacturing, technology, and information security companies. …
New research from Recorded Futures Insikt Group outlines a collaborative investigation by threat intelligence analysts and R&D engineers into the potential malicious uses of artificial intelligence (AI) by threat actors. They experimented with a variety of AI models, including large language models, multimodal image models, and text-to-speech models, without any fine-tuning or additional training, to mimic the resources threat actors might realistically have.…
Perception Point security researchers have recently identified a newly surfaced campaign targeting US-based organizations. Dubbed “PhantomBlu,” the emerging malware campaign employs new TTPs and behaviors to evade detection and deploy the notorious NetSupport RAT. This campaign signifies a sophistication in malware attack methodologies, exploiting the legitimate features of remote administration tools for nefarious purposes.…
Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast.
With new threats like AI and deepfake technology, the stakes are higher than ever to execute a strong cyber defense.…
While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions.
The report tracked MITRE ATT&CK techniques that adversaries abuse most frequently throughout the year, and two new and notable entries soared to the top 10 in 2023: email forwarding rule and cloud accounts.…
The fraudulent activities take place across online platforms.
Travel
Fake vacation packages which offer hidden fees or non-existent accommodations.
Utility
Impersonating utility companies to demand immediate payment or threaten with service disconnection.
Tricking individuals into unwanted subscriptions or memberships by offering free trials that automatically convert into paid subscriptions.…
Since early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.
IntroductionSince early 2022, we have been monitoring an APT campaign that targets several government entities worldwide, with a strong focus in Southeast Asia, but also seen targeting Europe, America, and Africa.…
The U.S. Department of Justice (DoJ) is recovering $2.3 million worth of cryptocurrency linked to a “pig butchering” fraud scheme that victimized at least 37 people across the United States.
Pig butchering is a social engineering scam where fraudsters contact people (the “Pigs”) on social media and messaging platforms to build trust. …
A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts.
SIM swapping is an unauthorized porting of a targeted person’s phone number to another physical SIM card or eSIM chip controlled by the attacker.…
Cloud account attacks, increasing Mac malware, malvertising morphing from the distribution of adware to more dangerous malware, and more, are all discussed by Red Canary in its 2024 Threat Detection Report.
Released this week, the Report (PDF) is based on the analysis of almost 60,000 threats drawn from 216 petabytes of telemetry from more than 1,000 customers’ endpoints, identities, clouds, and SaaS applications throughout 2023.…
In this report, we will analyze the MATANBUCHUS loader, a C++ malware, to determine its function and capabilities:
API Hashing Stack Strings Checks number of running process PEB Traversal Anti-Sandbox techniquesWe’ll start with resolving APIs and decoding the strings, then proceed through the loader’s techniques.…
SIM swappers have adapted their attacks to steal a target’s phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models.
Embedded Subscriber Identity Modules (eSIMs) are digital cards stored on the chip of the mobile device and serve the same role and purpose as a physical SIM card but can be remotely reprogrammed and provisioned, deactivated, swapped, deleted.…
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy.
The company launched Safe Browsing in 2005 to defend users against web phishing attacks and has since upgraded it to block malicious domains that push malware, unwanted software, and various social engineering schemes.…
Researchers have found a new way of hijacking WiFi networks at Tesla charging stations for stealing vehicles- a design flaw that only needs an affordable, off-the-shelf tool.
Experts find an easy way to steal a TeslaAs Mysk Inc. cybersecurity experts Tommy Mysk and Talal Haj Bakry have shown in a recent YouTube video hackers only require a simple $169 hacking tool known as Flipper Zero, a Raspberry Pi, or just a laptop to pull the hack off. …