Tag Archives: phishing

US offers $10 million for info on group behind Signal and WhatsApp hacking spree

Federal authorities are offering a reward of up to $10 million for information leading to the identification or location of a Russian state cyber group that has compromised thousands of Signal and WhatsApp accounts belonging to investigative reporters and US government employees. The operation has been active since at least March, when the FBI published… Read More: US offers $10 million for info on group behind Signal… »

Microsoft warns of new “Payroll Pirate” scam stealing employees’ direct deposits

Microsoft is warning of an active scam that diverts employees’ paycheck payments to attacker-controlled accounts after first taking over their profiles on Workday or other cloud-based HR services. Payroll Pirate, as Microsoft says the campaign has been dubbed, gains access to victims’ HR portals by sending them phishing emails that trick the recipients into providing… Read More: Microsoft warns of new “Payroll Pirate” scam stealing employees’ direct… »

That annoying SMS phish you just got may have come from a box like this

The researchers added: “This campaign is notable in that it demonstrates how impactful smishing operations can be executed using simple, accessible infrastructure. Given the strategic utility of such equipment, it is highly likely that similar devices are already being exploited in ongoing or future smishing campaigns.” Sekoia said it’s unclear how the devices are being… Read More: That annoying SMS phish you just got may have come… »

Adult sites are stashing exploit code inside racy .svg files

The obfuscated code inside an .svg file downloaded from one of the porn sites. Credit: Malwarebytes The obfuscated code inside an .svg file downloaded from one of the porn sites. Credit: Malwarebytes Once decoded, the script causes the browser to download a chain of additional obfuscated JavaScript. The final payload, a known malicious script called… Read More: Adult sites are stashing exploit code inside racy .svg files »

Phishers have found a way to downgrade—not bypass—FIDO MFA

Researchers recently reported encountering a phishing attack in the wild that bypasses a multifactor authentication scheme based on FIDO (Fast Identity Online), the industry-wide standard being adopted by thousands of sites and enterprises. If true, the attack, reported in a blog post Thursday by security firm Expel, would be huge news, since FIDO is widely… Read More: Phishers have found a way to downgrade—not bypass—FIDO MFA »

Why MFA is getting easer to bypass and what to do about it

These sorts of adversary-in-the-middle attacks have grown increasingly common. In 2022, for instance, a single group used it in a series of attacks that stole more than 10,000 credentials from 137 organizations, and led to the network compromise of authentication provider Twilio, among others. One company that was targeted in the attack campaign but wasn’t… Read More: Why MFA is getting easer to bypass and what to… »

Russia takes unusual route to hack Starlink-connected devices in Ukraine

“Microsoft assesses that Secret Blizzard either used the Amadey malware as a service (MaaS) or accessed the Amadey command-and-control (C2) panels surreptitiously to download a PowerShell dropper on target devices,” Microsoft said. “The PowerShell dropper contained a Base64-encoded Amadey payload appended by code that invoked a request to Secret Blizzard C2 infrastructure.” The ultimate objective… Read More: Russia takes unusual route to hack Starlink-connected devices in Ukraine »