phishing

Pierluigi Paganini September 07, 2020
Epic Manchego gang uses Excel docs that avoid detection

A recently discovered cybercrime gang, tracked as Epic Manchego, is using a new technique to create weaponized Excel files that are able to bypass security checks Security experts from NVISO Labs recently spotted the activity of a new malware gang, tracked as Epic Manchego, that is actively targeting companies across the world with phishing emails since […]

Pierluigi Paganini September 05, 2020
Hackers use overlay screens on legitimate sites to steal Outlook credentials

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are displayed on top of legitimate webpages to […]

Pierluigi Paganini August 23, 2020
A Google Drive weakness could allow attackers to serve malware

A bug in Google Drive could be exploited by threat actors to distribute malicious files disguised as legitimate documents or images. An unpatched weakness in Google Drive could be exploited by threat actors to distribute weaponized files disguised as legitimate documents or images. enabling bad actors to perform spear-phishing attacks comparatively with a high success […]

Pierluigi Paganini August 14, 2020
Threat Report Portugal: Q2 2020

The Threat Report Portugal: Q2 2020 compiles data collected on the malicious campaigns that occurred from April to Jun, Q2, of 2020. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and also has a strong contribution […]

Pierluigi Paganini August 09, 2020
Homoglyph attacks used in phishing campaign and Magecart attacks

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. The hackers targeted visitors of several sites using typo-squatted domain names, and modified favicons […]

Pierluigi Paganini July 20, 2020
A flaw in Zoom’s Vanity URL feature could have been exploited in phishing attacks

A vulnerability affecting the Zoom feature dubbed Vanity URL could have been exploited by hackers for phishing attacks. A vulnerability affecting the Zoom feature dubbed Vanity URLs could have been exploited by hackers for phishing attacks. The popularity of the Zoom video conferencing service exploded during the COVID-19 outbreak when it was chosen by organizations, schools, […]

Pierluigi Paganini June 29, 2020
Office 365 users that are returning to the workplace targeted with Coronavirus training resources

Experts are warning of a new phishing campaign aimed at Office 365 users that are returning to the workplace with Coronavirus training resources. Threat actors continue to use Coronavirus lures adapting their technique to the current situation. The attack techniques adopted by the threat actors depends on the state of businesses in each region. In […]

Pierluigi Paganini June 13, 2020
COVID-19 themed attacks increase in Brazil, India, and UK

Threat actors continue to use COVID-19 lures, Google is reporting an increase in Coronavirus-themed phishing attempts in Brazil, India, and the UK. While Coronavirus spreads on a global scale, threat actors continues to use COVID-19 lures, in April Google announced that the Gmail malware scanners have blocked around 18 million phishing and malware emails using […]

Pierluigi Paganini June 09, 2020
Hackers target German Task Force for COVID-19 PPE procurement

Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE) against COVID-19. Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE). Threat actors are targeting executives of a German multinational corporation part of a government-private sector task force that […]

Pierluigi Paganini May 13, 2020
Crooks continues to use COVID-19 lures, Microsoft warns

Microsoft discovered a new phishing campaign using COVID-19 lures to target businesses with the infamous LokiBot information-stealer. Microsoft has discovered a new COVID-19 themed phishing campaign targeting businesses with the LokiBot Trojan. Lokibot was already employed in Coronavirus-themed campaigns, early of April, security experts at FortiGuard Labs discovered phishing attacks using alleged messages from the World Health Organization […]