Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. "Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology," cybersecurity firm AdvIntel said in a … [Read more...] about Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector
attack
Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary … [Read more...] about Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
A new IoT botnet malware dubbed RapperBot has been observed rapidly evolving its capabilities since it was first discovered in mid-June 2022. "This family borrows heavily from the original Mirai source code, but what separates it from other IoT malware families is its built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented … [Read more...] about New IoT RapperBot Malware Targeting Linux Servers via SSH Brute-Forcing Attack
Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default
With Microsoft taking steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default across Office apps, malicious actors are responding by refining their new tactics, techniques, and procedures (TTPs). "The use of VBA and XL4 Macros decreased approximately 66% from October 2021 through June 2022," Proofpoint said in a report shared with The … [Read more...] about Hackers Opting New Attack Methods After Microsoft Blocked Macros by Default
Sky Mavis robbed of $540 million in spyware attack
We often write about scams promising someone mountains of gold, when in reality the opposite happens and their pockets get emptied. Similarly, cybercriminals can get their hands on the money of entire companies by exploiting the greed and negligence of their employees. That’s exactly what happened with the Ronin Networks blockchain system, created by Sky Mavis for the … [Read more...] about Sky Mavis robbed of $540 million in spyware attack
Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
A suspected ransomware intrusion against an unnamed target leveraged a Mitel VoIP appliance as an entry point to achieve remote code execution and gain initial access to the environment. The findings come from cybersecurity firm CrowdStrike, which traced the source of the attack to a Linux-based Mitel VoIP device sitting on the network perimeter, while also identifying a … [Read more...] about Hackers Exploit Mitel VoIP Zero-Day in Likely Ransomware Attack
Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second
Cloudflare on Wednesday disclosed that it acted to mitigate a 15.3 million request-per-second (RPS) distributed denial-of-service (DDoS) attack. The web infrastructure and website security company called it one of the "largest HTTPS DDoS attacks on record." "HTTPS DDoS attacks are more expensive in terms of required computational resources because of the higher cost of … [Read more...] about Cloudflare Thwarts Record DDoS Attack Peaking at 15 Million Requests Per Second
What is a browser-in-the-browser (BitB) attack?
In their relentless pursuit of folks’ credentials, secret keys and other valuable information, cybercriminals are continually inventing new ways to deceive users. It’s worth noting that normally, no matter how sophisticated these schemes become, they’re all aimed at users who drop their guard. If you just pay close attention to a few details — first and foremost, the address of … [Read more...] about What is a browser-in-the-browser (BitB) attack?
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks. According to penetration tester and security researcher, who goes by the handle mrd0x_, the method takes advantage of third-party single … [Read more...] about New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
Enhancing Fileless Attack Detection with Memory Scanning
CrowdStrike introduces memory scanning into the CrowdStrike Falcon® sensor for Windows to enhance existing visibility and detection of fileless threats The Falcon sensor integrates Intel threat detection technology to perform accelerated memory scanning for malicious byte patterns Memory scanning is optimized for performance on Intel CPUs, including high-performance operation, … [Read more...] about Enhancing Fileless Attack Detection with Memory Scanning