Email security

QR codes increasingly exploited in phishing attacks

More threat actors have been exploiting QR codes to facilitate advanced phishing attacks, reports SiliconAngle. Aside from integrating phishing links and malware into QR codes, which have become more prevalent since the COVID-19 pandemic, attackers have also been abusing apps' and websites' QR code login functionality with the new QRLJacking technique in a bid to enable session hijacking, a report from SlashNext revealed. Evolving cyber threats involving QR codes should prompt the implementation of more robust security protocols against malicious QR codes, as well as QR threat awareness campaigns, according to SlashNext. Meanwhile, users have been urged by Tanium Chief Security Advisor Timothy Morris to be wary of emails that include QR codes. "As we see with any phishing attempt, be suspicious of anything from unknown sources or that instills a sense of urgency. Report it as a phish, delete it or ignore it. For enterprises, it is of the utmost importance to employ good email security, use web content filtering, and provide user training," Morris added.

Related

Czechia, Germany targeted by long-term APT28 cyberespionage campaign

Attacks leveraging the critical Microsoft Outlook privilege escalation vulnerability, tracked as CVE-2023-23397, have been launched by Russian state-sponsored threat operation APT28 — also known as Forest Blizzard, BlueDelta, Fancy Bear, and TA422 — against the Czech Republic and Germany as part of a long-term cyberespionage campaign, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.