A phishing scam is circulating Instagram claiming that users have made “The Nasty List” with the goal of stealing account credentials. The scam is spread via messages sent through hacked accounts claiming the recipients were spotted on the so called NastyList stating something like “OMG your actually on here, @TheNastyList_34, your number is 15! its…
Researchers believe hackers from the breakaway Luhansk People’s Republic (LPR) may be behind a spear phishing-based malware campaign that’s been actively targeting the Ukrainian government. The researchers, from FireEye, disclosed their assessment following their investigation into a malware-laced email that they were able to tie back to a 2018 phishing campaign designed to to deliver…
The Indian information technology consultancy firm Wipro has confirmed to the Economic Times that it is investigating a phishing attack that may have allowed its systems to be used to attack many of its clients. Wipro believes it was targeted, possibly by a nation-state attacker, who then used the company’s own systems to deliver follow…
Two Romanian nationals were convicted in an Ohio federal court on Thursday for their roles in the Bayrob group, an organization that launched a multi-million-dollar cybercriminal operation fueled by its own proprietary malware. Bogdan Nicolescu, 36, and Radu Miclaus, 37, were found guilty on separate 21 counts for developing and spreading the Bayrob trojan, which…
The Emotet gang has started using the emails it stole in October 2018 marking a major milestone for the group and its activities. Cofense reported the group has so far sent more than 1,000 unique emails, with their own subject line, sent and is part of an effort to get away from using template-based emails…
Researchers at Kaspersky Lab today issued a pair of reports, one revealing a newly discovered sophisticated APT framework and the other detailing the recent operations of the threat actor known as Gaza Cybergang Group1. Dubbed TajMahal, the APT framework is a fully loaded malicious toolset, replete with backdoors, loaders, orchestrators, C2 communicators, audio recorders, keyloggers,…
Verizon customers are being targeted by a phishing campaign which researchers described as having a sophisticated, mobile-first approach that optimizes its phoney sites for mobile devices and demonstrating awareness of Verizon infrastructure. Lookout researchers discovered the attack in late November 2018 and said activity has since intensified in March, when three waves of attacks were…
Security researchers have come across a waterholing campaign that have compromised four South Korean websites by injecting fake login forms to steal user credentials. Trend Micro described the campaign, which it named Soula, as a significant threat to enterprises and users and possibly the first step being taken by a cybercriminal group to launch a…
The Oregon Department of Human Services (DHS) was the victim of a phishing campaign earlier this year, resulting in a data breach that reportedly involves the records of up to 1.6 million state residents. According to a March 21 Oregon DHS press release, the incident took place last Jan. 8, when nine separate agency employees…
Windows Defender Security Intelligence’s Office 365 Threat Research team has uncovered a phishing campaign targeting Netflix and American Express that attempt to steal payment card information. The campaign was detected on the weekend of March 16 and is still active, according to the Windows Defender Security Intelligence Twitter feed. In each case the phishing emails…
