Inter skimming kit used in homoglyph attacks
Threat actors load credit card skimmers using a known phishing technique called homoglyph attacks.
As we continue to track web threats and credit card skimming in particular, we often...
A 7-Step Cybersecurity Plan for Healthcare Organizations
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.1 of 8
Healthcare organizations, on...
Security Firms & Financial Group Team Up to Take Down Trickbot
Microsoft and security firms ESET, Black Lotus Labs, and Symantec collaborated with the financial services industry to cut off the ransomware operation's C2 infrastructure.Technology and security companies teamed up...
North Korea’s Lazarus Group Expands to Stealing Defense Secrets
Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.The Lazarus Group, North Korea's advanced persistent threat (APT) actor,...
LinkedIn Phishing Ramps Up With More-Targeted Attacks
Seeking to take advantage of out-of-work users, malware groups continue to use LinkedIn and business services to offer fictional jobs and deliver infections instead.Phishing attacks are targeting out-of-work users...
JavaScript Obfuscation Moves to Phishing Emails
Attackers are hiding malicious payloads in phishing emails via a technique traditionally used to hide malicious code planted on websites.JavaScript, the ubiquitous scripting language used across Web applications worldwide,...
Release the Kraken: Fileless injection into Windows Error Reporting service
We discovered a new attack that injected its payload—dubbed "Kraken—into the Windows Error Reporting (WER) service as a defense evasion mechanism.
This blog post was authored by Hossein Jazi...
Attackers Leverage IMAP to Infiltrate Email Accounts
Researchers believe cybercriminals are using a tool dubbed Email Appender to directly connect with compromised email accounts via IMAP.A newly detected wave of spam emails is bypassing transport layers...
Researchers Learn From Nation-State Attackers’ OpSec Mistakes
Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten.When security intelligence teams talk about human error,...
LogoKit Group Aims for Simple Yet Effective Phishing
A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and...
