Phishing


Social Engineering Attack on Twilio Compromises Employee Accounts and Customer Data

Social Engineering Attack on Twilio Compromises Employee Accounts and Customer Data

Twilio has suffered a second attack, leading to the compromise of its former and current employee accounts and the loss of sensitive customer information. This text shares the details of the attack, how it happened, whether it is over, whether customers are safe, how Twilio is dealing with it, and what organizations could learn from the cyberattack.

(more…)

Healthcare Industry Continues to be Impacted By Data Breaches According to the Latest Report

Healthcare Industry Continues to be Impacted By Data Breaches According to the Latest Report

HIPAA journal has revealed the latest Healthcare Data Breach report highlighting millions of compromised healthcare records. With healthcare data breaches at their highest, affecting California and New York the most, this article shares the report’s findings, summary, and the reason behind the sudden spike in targeting cyber-attacks against Healthcare Industry.

(more…)

Cybercrime’s Latest: Matanbuchus Employed in Phishing Campaign to Infect Devices with Cobalt Strike

Cybercrime’s Latest: Matanbuchus Employed in Phishing Campaign to Infect Devices with Cobalt Strike

There is a new phishing spam campaign making headlines in the cybersecurity world that delivers malware onto compromised machines. The malware is initiated by a phishing attack and delivered by “Matanbuchus,” specially designed to deliver DLL payloads, launch malicious PowerShell commands, and persist via additional task schedules.

The attack is highly sophisticated and makes use of malicious MSI installer files leading to an Adobe Acrobat installer running a beacon for Cobalt Strike in the background.

The following sections delve deeper into how the latest malware attack takes place.

(more…)

Phishing Trends in 2022 So Far, And What You Can Learn From Them

Phishing Trends in 2022 So Far, And What You Can Learn From Them

Phishing is one of the most formidable threats in the cyber world today. Even though various news, reports, and anti-phishing campaigns attempt to spread awareness and knowledge, people still fall victim to novel phishing methods. This article seeks to summarize key statistics observed so far in 2022 by various cybersecurity organizations and present them in a useful and comprehensive manner. It is also a warning for all organizations and individuals for the rest of the year.

(more…)

The Latest Malware Jester Stealer Warning in Ukraine from CERT-UA: Here’s Everything You Need to Know

The Latest Malware Jester Stealer Warning in Ukraine from CERT-UA: Here’s Everything You Need to Know

As the conflict between Russia and Ukraine escalates, the potential of utilizing more lethal weapons, which was previously merely a fear, may now take on a new form. The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about a huge distribution campaign based on the concept of a “chemical attack.” Receiving an email like this in Ukraine’s invasion-affected regions is sure to generate widespread panic. Jester Stealer, a malicious file capable of large-scale data theft, is back on the hunt.

(more…)

Evolving Phishing Attack Trends: A Nightmare for Security Solutions

Evolving Phishing Attack Trends: A Nightmare for Security Solutions

Phishing has been one of the most widespread cyber threats and a significant challenge for security solutions for almost three decades. According to this phishing report, in 2021, 35% of all data breaches included scams trying to rob users of their sensitive information and login credentials. Over the past year, phishing attacks have increased by 29% globally. The menace of phishing poses a threat to organizations worldwide.

(more…)

Social Media Impersonation in Phishing: 2022’s Latest Wave of Cybercrime

Social Media Impersonation in Phishing: 2022’s Latest Wave of Cybercrime

Cybercrimes have escalated significantly in the past couple of years owing to the mass adoption of online services. Threat actors have exhibited their affinity towards social media profiles and emails, targeting innocent people to scam them out of their finances and private data using phishing to sell on the dark web, to be spread and used in impersonation scams. As per recent reports, social media is the most recent category that cybercrime groups are exploiting for malicious purposes.

(more…)

Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp

Voice Phishing: Surfacing of a New Cyber Threat on Whatsapp

Researchers at Armorblox found a malicious campaign that targeted WhatsApp users. The attackers have reached over 27,660 email addresses through targeted phishing attacks appearing to be from WhatsApp. When receiving attachments over email, you might be tricked by the threat actor into downloading other forms of malicious software. The following sections discuss more details about the latest phishing scheme.

(more…)

RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat

RTLO Phishing Scam Revival – Everything You Need to Know About this Age-old Cyber Threat

The RTLO (or RLO) technique is one of the cybercriminals’ oldest and most common techniques. With the help of this technique, they can make a hyperlink look less suspicious, making you think that it is safe to click on it. However, once you click on the link, it might take you to the attacker’s domain that might ask you for confidential information under a suspicious ruse or download suspicious software on your local device.

(more…)

Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks

Threat Actors are Using the Russia-Ukraine Conflict to Launch Phishing Attacks

Recently, according to a Google report, Russian and Belarusian cybercriminals have attacked Ukrainian citizens, using the ongoing conflict as an opportunity to benefit from it. The recent Russia-Ukraine war has become an opportunity for cyberattackers. CSIS reported that in February of 2022, the Ukrainian Ministries, Education, and Infrastructures were attacked. This led to a massive loss for the Ukrainian government. Grasping the understanding of the Ukrainian system gave the cybercriminals a clear understanding of how to proceed with their activities.

(more…)