Phishing As a Service Targets Financial Sector

The new phishing-as-a-service (PhaaS) platform, ONNX Store, has been targeting Microsoft 365 accounts at financial firms using QR codes in PDF attachments. This sophisticated platform, which leverages Telegram bots and bypasses two-factor authentication (2FA), is believed to be a rebranded version of the Caffeine phishing kit. Discovered by EclecticIQ, ONNX …

Read More

Emails Leading to False Election Contributions

According to Trellix, major regional and global events have driven cyber threat activities, with a significant increase in the last six months. China-linked threat groups, such as Volt Typhoon, are the most prolific originators of advanced persistent threat (APT) activities, accounting for 68.3% of all detections. Russia-linked APT group, Sandworm, …

Read More

Industry and Government Collaborate to Boost AI Security

The federal government, in partnership with industry leaders, recently conducted its inaugural tabletop exercise focused on AI security incidents. Over 50 AI experts from government agencies and private sector organizations participated in the four-hour simulation, held at Microsoft Corp.’s facility in Reston, Virginia. Led by the Joint Cyber Defense Collaborative …

Read More

AI Amplifies Cyber Threats


AI technology has escalated the cyber threat landscape by enabling less skilled hackers to enhance their capabilities, leading to a surge in AI-driven cyberattacks. Federal cybersecurity officials emphasize the importance of information-sharing and coordination to combat these sophisticated threats. The key to mitigating AI-fueled threats lies in increased collaboration and …

Read More

Ransomware Attacker Use Public Tools


According to a recent study by Mandiant, there’s been a significant rise in ransomware attacks, with a 75% increase in data leak site posts and a 20% rise in ransomware-related investigations from 2022 to 2023. Attackers are employing common tactics and techniques with slight variations, such as using legitimate tools …

Read More

Malicious Ad Scams


Malicious ads related to utility bills continue to target victims, directing them to call centers where scammers collect identities and extort money. Scammers are attempting to legitimize their operations by establishing fake U.S.-based entities, with many fraudulent ads found on Google. The scam campaign primarily targets mobile devices and U.S. …

Read More

Ransomware Targets Education


The Fog ransomware group is utilizing stolen VPN credentials and system vulnerabilities to access and encrypt data in virtual environments. Predominantly attacking the US education sector, Fog exploits the common cybersecurity weaknesses during summer vacations. Organizations should continue to educate employees and enforce practices related to secure credential management practices.

Phishing with Word copy paste command


Phishing emails with HTML attachments are tricking users into pasting malicious commands. The scam uses a fake MS Word message to deceive users into executing a Base64-encoded PowerShell command, leading to malware infection. The executed script downloads and runs an HTA file, ultimately infecting the system with DarkGate malware. Users …

Read More

Massive Data Breach Exposed


A significant data breach involving a Florida-based firm specializing in background checks and personal information handling was reported today. Criminal group known as USDoD is allegedly selling a database containing 2.9 billion records, which includes sensitive information about US, Canadian, and British citizens. The database reportedly contains full names, addresses, …

Read More

Security Concerns with Windows “Recall”


Microsoft’s upcoming AI feature, Recall, has sparked significant security concerns. Slated for release on June 18th as part of the new Copilot Plus PCs, Recall is designed to capture screenshots of all user activity on a PC, using local AI models to allow quick search and retrieval. Cybersecurity expert Kevin …

Read More