New Fake Zoom Meeting Invite Scam Spreads Malware on Windows PCs
Cybersecurity researchers at Sublime Security have discovered a new scam that uses realistic, interactive JavaScript-based Zoom meeting invites to trick users into installing malware.
phishing
Russian APT Exploits Zimbra Vulnerability Against Ukraine
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
The post Russian APT Exploits Zimbra Vulnerability Against Ukraine appeared first on SecurityWeek.
New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes.
Security Firm Executive Targeted in Sophisticated Phishing Attack
The attackers used a DKIM-signed phishing email, trusted redirect infrastructure, compromised servers, and Cloudflare-protected phishing pages.
The post Security Firm Executive Targeted in Sophisticated Phishing Attack appeared first on SecurityWeek.
INTERPOL Operation Synergia III Shuts Down 45,000 Malicious IPs, 94 Arrested
INTERPOL’s Operation Synergia III led to 94 arrests and the takedown of 45,000 malicious IPs in 72 countries targeting phishing, malware, and fraud networks.
Starbucks Data Breach Impacts Employees
Starbucks said the incident involved phishing attacks targeting an employee portal, affecting hundreds.
The post Starbucks Data Breach Impacts Employees appeared first on SecurityWeek.
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe.
China-Linked Hackers Hit Qatar with Backdoor Disguised as War News
China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors.
HR, recruiters targeted in year-long malware campaign
An attack campaign targeting HR departments and job recruiters has been stealthily compromising systems, Aryaka researchers have discovered. By avoiding analysis environments and leveraging a specialized module designed to kill antivirus and endpoint d…
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog researchers have warned. The cloned AWS phishing page (Source: Datadog Securit…