Researchers investigating an Office 365 account compromise resulting from an adversary-in-the-middle (AitM) phishing attack found evidence of a much larger global attack campaign that spans the past year and is possibly tied to an infostealer malware called FormBook. "In the past few years, Sygnia’s IR teams have engaged in numerous incidents in which world-wide organizations were targeted by BEC attacks," researchers from cybersecurity firm Sygnia said in their report. "While some of these attacks were focal and concentrated, some were widely spread and affected a massive number of cross-sect ..read more

Researchers warn of a social engineering campaign by the North Korean APT group known as Kimsuky that attempts to steal email credentials and plant malware. The campaign, focused on experts in North Korean affairs, is part of this group's larger intelligence gathering operations that target research centers, think tanks, academic institutions, and news outlets globally. "Kimsuky, a suspected North Korean advanced persistent threat (APT) group whose activities align with the interests of the North Korean government, is known for its global targeting of organizations and individuals," researcher ..read more

Cybersecurity vendor Guardz has announced the release of a new AI-powered phishing protection solution to help small- and medium-sized businesses (SMBs) and managed service providers (MSPs) prevent phishing attacks. It uses AI to provide small businesses and the MSPs that support them automatic phishing detection and remediation capabilities by combining email security, web browsing protection, perimeter posture, and awareness into one native solution, according to the firm. The release comes in the wake of the Verizon 2023 Data Breach Investigations Report, which cited phishing as the second ..read more

SuperMailer, a legitimate email newsletter program, has been found abused by threat actors to conduct a high-volume credential harvesting campaign, according to network security firm Cofense. “The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyberthreat intelligence analyst at Cofense, said in a blog post. “Emails containing the unique SuperMailer string barely registered in January and February, but in the first half of May they accounted for over 5% of credential phishing emails.” To read this article in full, please click here ..read more

Facebook's parent company, Meta, has issued a warning that hackers are taking advantage of people’s interest in ChatGP and other generative AI applications to trick them into installing malware that pretends to provide AI functionality.   Since March, Meta has discovered about 10 malware families using AI themes to compromise business accounts across the internet — including social media business accounts — and blocked over 1,000 unique ChatGPT-themed malicious URLs from being shared on its platforms. To read this article in full, please click here ..read more

Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. The tech giant announced passkey availability on the eve of World Password Day as it looks to introduce more secure, reliable sign-in options. The rollout comes in the wake of Google updates on bringing passkey experiences to both Chrome and Android, as well as tech industry support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. To read this article ..read more

Iranian state-sponsored threat actor Educated Manticore has been observed deploying an updated version of PowerLess, a Windows backdoor, to target Israel for phishing attacks, according to a new report by Check Point. Researchers have also linked Educated Maticore hackers to the Phosphorus APT group, which operates in the Middle East and North America. To read this article in full, please click here ..read more

Akamai is rolling out a new service designed to provide automated detection, investigation and even takedown services for businesses looking to protect their online reputations from digital criminals and phishing campaigns. The basic concept of the new service, launched at RSA Conference in San Francisco today, is simple — Akamai, via its large array of global points of presence, monitors vast volumes of traffic, looking for indicators of intellectual property or client resources being misused, like corporate branding or certificates being used from IPs that aren’t associated with that company ..read more

Cybersecurity provider ZeroFox has announced a partnered capability with Google Cloud to warn users of malicious URLs and fake websites in a bid to disrupt phishing campaigns. As part of the partnership, ZeroFox will automatically detect phishing domains for customers and submit verified, malicious URLs through Google Cloud’s Web Risk Submission API, disrupting attacks and warning users of malicious content on billions of devices using browser warnings. This is expected to help both ZeroFox customers as well as Google Cloud users. “If a URL or domain flagged by ZeroFox is validated as maliciou ..read more

When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security researchers call APT43, Kimsuky, or Thallium has been carrying out cyberespionage and cybercrime operations at the behest of the North Korean government since at least 2018. APT43 specializes in credential harvesting and social engineering with a focus on foreign ..read more