24 May 2021

This massive phishing campaign delivers password-stealing malware disguised as ransomware

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised

Read More
21 May 2021

Microsoft, Google Clouds Hijacked for Gobs of Phishing

Attackers are targeting Microsoft and Google Clouds to perform mass phishing attempts, sending roughly 52 million malicious messages leveraging the likes of Office 385, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage. The reported influx in phishing attempts was recorded in Q1 of 2021 and is likely a result of threat

Read More
19 May 2021

Recruiter’s Cloud Snafu Exposes 20,000 CVs and ID Documents

Website Planet researchers recently uncovered an AWS S3 web bucket left unsecured by FastTrack Reflex Recruitment, which has been renamed to TeamBMS. The database included personal information pertaining to tens of thousands of jobseekers and held sensitive data and documents such as dates of birth, email addresses, full names, home

Read More
18 May 2021

Patient data could be ‘abused’ after health service attack, warns Irish government

In the aftermath of a destructive ransomware attack against the Irish Health Service Executive (HSE), the Irish government has warned that sensitive medical information and other patient data may be leaked. Officials have condemned any public release by the attackers of stolen patient data, stating that the move would be

Read More
12 May 2021

Fake Chrome App Anchors Rapidly Worming ‘Smish’ Cyberattack

A new malware on Android impersonating the Google Chrome App has spread to hundreds of thousands of people. The app is a part of a hybrid cyberattack that also uses mobile phishing to steal credentials. Targets first receive an SMS text asking for custom fees to be paid to release

Read More
28 Apr 2021

Threat Actors Impersonate Chase Bank

Researchers at Armorblox have discovered two new phishing scams seeking to trick customers of JPMorgan Chase Bank into submitting login credentials. Both of the identified scams utilize social engineering and brand impersonation tactics to deceive targets into believing the messages are legitimate. One scam involved email notifications that appeared to

Read More
23 Apr 2021

Costco Issues Scam Warning

Costo Wholesale Corporation has released a scam warning, advising its customers to be wary of more than a dozen digital scams currently targeting its customer base. Costco posted screenshots of 14 fraudulent emails, texts, and posts, in which cybercriminals are impersonating Costco to scam its customers. It seems as though

Read More
15 Apr 2021

CISA Urges Caution for Security Researchers Targeted in Attack Campaign

The Cybersecurity and Infrastructure Security Agency (CISA) has advised cybersecurity researchers to be aware of a recent phishing campaign that targets professionals within the field. The attacks were first disclosed in January and were found to be targeting researchers working on vulnerability research and development within various organizations. The individuals

Read More
01 Apr 2021

College Students Targeted in Newest IRS Scam

The Internal Revenue Service (IRS) has warned of a scam targeting college students. The scam is a phishing attempt in which the perpetrators are posing as the IRS with subject lines such as “Tax Refund Payment,” according to a warning released by the agency. The IRS sought to alert educators,

Read More
29 Mar 2021

US charges close to 500 individuals for COVID-19 fraud, criminal activity

The US Department of Justice has arrested almost 500 individuals for criminal activity relating to the Covid-19 pandemic. Many cybercriminals have been leveraging the pandemic to launch more convincing cyber campaigns such as phishing attacks, capitalizing on widespread public fear. The US government has observed campaigns pushing fraudulent Covid-19 ‘treatments,’

Read More