Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic designed to bypass traditional email defenses by subtly changing the prefixes (a.k.a. schemes) of malicious URLs in hyperlinks. (Sean Gallup/Getty Images) Threat hunters say they’ve seen a concerted rise in the use of a phishing tactic
Tag: campaign
New ransomware campaign exploits weak MySQL credentials to lock thousands of databases
Researchers at Guardicore Labs have uncovered a year-long malware-less ransomware campaign targeting millions of internet-facing MySQL databases. The campaign, named PLEASE_READ_ME by researchers, has been going on since January 2020 and has utilized an “extremely simple” attack chain to carry out at least 92 separate attacks over the past year, with
Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame?
Building 92 at Microsoft Corporation headquarters in Redmond, Washington. (Coolcaesar, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons) An email security company says its researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft’s servers were not enforcing protective DMARC authentication
Report: Lazarus Group has large-scale Covid-19 phishing campaign in the works
North Korea’s Lazarus group is likely behind a planned coronavirus-related phishing campaign taking aim at more than 5 million businesses and people in the U.S. and five other countries June 21. “The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support
Vulnerability in Trump campaign app revealed keys and secrets
A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered. A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided
Cryptomining campaign targets Kubernetes via machine learning framework
A malware campaign is abusing the popular machine-learning (ML) framework Kubeflow in order to target Kubernetes clusters with a crypto miner, Microsoft’s Azure Security Center (ASC) warns. Tens of clusters running on the Kubernetes open-source container orchestration system have already been impacted, the ASC notes in a blog post published this
Phishing campaign targets remote workers with fake voicemail notifications
Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their
Covid-related malspam campaign impersonates U.S. Treasury to steal taxpayer credentials
The advocacy group Abuse.ch has found a Covid-19-related malspam campaign that impersonates the U.S. Treasury Department and more than likely looks to steal a taxpayer’s credentials using a remote access trojan. In a recent Twitter post, the group shows a fraudulent letter from the Treasury Department that seeks to get the
PhantomLance campaign slipped trojanized apps into marketplaces for years
A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces. Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with
India’s ruling party accused of running deceptive Twitter campaign to gain support for a controversial law
Bharatiya Janata Party, the ruling party in India, has been accused of running a highly deceptive Twitter campaign to trick citizens into supporting a controversial law. First, some background: The Indian government passed the Citizenship Amendment Act (CAA) last month that eases the path of non-Muslim minorities from the neighboring