What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-07-19 13:08:17 | " Stranger scams " : des cybercriminels vident le portefeuille des fans de la série fantastique à succès (lien direct) | Début juillet, la quatrième saison de la série acclamée Stranger Things a été diffusée. Malgré une interruption de trois ans liée à la pandémie, la série fortement attendue a battu de nouveau des records d'audience en streaming. Malheureusement, l'impatience des fans, avides de visionner sans plus tarder les nouveaux épisodes, a été exploitée de diverses manières par des fraudeurs. En effet, les chercheurs de Kaspersky ont découvert de nombreux exemples d'emails de spam et de pages de phishing conçus pour (...) - Malwares | Spam | ||
 |
2022-07-07 08:10:19 | Alert (AA22-181A) #StopRansomware: MedusaLocker (lien direct) | FortiGuard Labs is aware that a joint Cybersecurity Advisory (CSA) on MedusaLocker ransomware was released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN). MedusaLocker infection typically occurs through Remote Desktop Protocol (RDP) compromise, propagates MedusaLocker throughout the network, and uses AES-256 encryption to encrypt files.Why is this Significant?This is significant as the joint Cybersecurity Advisory (CSA) is the latest #StopRansomware advisory released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury, and the Financial Crimes Enforcement Network (FinCEN), which provides observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.What is MedusaLocker Ransomware?MedusaLocker is a ransomware that encrypts files in the compromised machines with the AES-256 encryption algorithm and demands victims to pay a ransom in order to recover the affected files. According to the advisory, MedusaLocker primarily takes advantage of an insecure RDP configuration as an initial infection vector, however email spam and malicious attachments are also used.The advisory also states that MedusaLocker ransomware uses multiple infection processes:Uses a batch file to execute PowerShell script, which propagates the ransomware throughout the network. Restarts the LanmanWorkstation service, which allows registry edits to take effect. Kills the processes belonging to well-known security, accounting, and forensic software. Restarts the machine in safe mode.Encrypts files in the compromised machines with the AES-256 encryption algorithmRuns every 60 seconds, encrypting all files except those critical to the functionality of the victim's machine and those that have the designated encrypted file extension. Establishes persistence by copying an executable (svhost.exe or svhostt.exe) to the %APPDATA%\Roaming directory and scheduling a task to run the ransomware every 15 minutes. Attempts to prevent standard recovery techniques by deleting local backups, disabling startup recovery options, and deleting shadow copies.Leaves a ransom note into every folder containing instruction on how to reach out to the attacker either via MedusaLocker's Tor sites or emails.The following is a list of known file extensions that MedusaLocker adds to the encrypts files:.1btc.bec.cn.datalock.deadfilesgr.decrypme.encrypted.faratak.FartingGiraffeAttacks.fileslock.fileslocked.jpz.nz.key1.lock.lockdata7.lockfiles.lockfilesUS.marlock01.marlock02.marlock08.marlock11.marlock13.marlock25.marlock6.marlock011.matlock20.mylock.newware.NET1.NZ.perfection.Readinstruction.READINSTRUCTION.ReadInstructions.readinstructions.rs.skynet.stopflies.tyco.tyco.uslockhh.uslockhh.zoomzoomn.exent_lock20.networkmaze.VinDizelPux.EG.support.deadfiles.readtheinstructions.lr.divsouth.lockfilesCO.lockfilesKR.EMPg296LCKThe following is a list of known MedusaLocker's ransom notes:! _HOW_RECOVERY_FILES _!. HTML!!!HOW_TO_DECRYPT!!!how_to_ recover_data.html HOW_TO_OPEN_FILES.htmlHOW_TO_RECOVER_DATA.htmlhow_to_recover_data.html.marlock01How_to_recovery.txtinstructions.html READINSTRUCTION.html readinstructions.html readme_to_recover_filesrecovery_instruction.htmlrecovery_instructions.html What is the Status of Coverage?FortiGuard Labs provides the following AV coverage against known samples of MedusaLocker ransomware:W32/MedusaLocker.0FEB!trW32/MedusaLocker.9106!tr.ransomW32/MedusaLocker.C!tr.ransomW32/Ransom_Win32_MEDUSALOCKER.SMTHW32/Ransom_Win32_MEDUSALOCKER.SMTH!trW32/Ransom_Win32_MEDUSALOCKER.SMTH!tr.ransomW32/DelShad.BMQ!tr.ransomW32/Filecoder.FV!trW32/Filecoder.NSF!tr.ransomW32/Filecoder.NYA!tr.ransomW32/Generic.AC.171!trW32/Generik.DGWKQJO!trW32/Kryptik.HFBI!trW32/PossibleThreatW32/Ransomware.GUN!trW32/Zudochka.VHO!tr.ransomW64/Filecoder.DF!tr.ransomPossibleThreat.FAIRiskware/DelShad | Ransomware Spam | ||
 |
2022-07-01 05:48:14 | I Don\'t Want to Receive Any Unnecessary Information! (lien direct) | According to Section 50 of the ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, anyone who wishes to send promotional information for commercial purposes via electronic transmission media must receive explicit consent of the receiver in advance. Spam refers to promotional information sent or posted for commercial purposes through communications networks although it is unwanted by the user. This post will present the analysis of a program that sends messages automatically on a particular web portal.... | Spam | ||
 |
2022-06-28 19:11:00 | Anomali Cyber Watch: API Hammering Confuses Sandboxes, Pirate Panda Wrote in Nim, Magecart Obfuscates Variable Names, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: API hammering, APT, China, Phishing, Ransomware, Russia, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Lockbit Ransomware Disguised as Copyright Claim E-mail Being Distributed
(published: June 24, 2022)
ASEC researchers have released their analysis of a recent phishing campaign, active since February 2022. The campaign aims to infect users with Lockbit ransomware, using the pretense of a copyright claim as the phishing lure. The phishing email directs the recipient to open the attached zip file which contains a pdf of the infringed material. In reality, the pdf is a disguised NSIS executable which downloads and installs Lockbit. The ransomware is installed onto the desktop for persistence through desktop change or reboot. Prior to data encryption, Lockbit will delete the volume shadow copy to prevent data recovery, in addition to terminating a variety of services and processes to avoid detection.
Analyst Comment: Never click on suspicious attachments or run any executables from suspicious emails. Copyright infringement emails are a common phishing lure. Such emails will be straight forward to rectify if legitimate. If a copyright email is attempting to coerce you into opening attachments, such emails should be treated with extreme caution.
MITRE ATT&CK: [MITRE ATT&CK] Phishing - T1566 | [MITRE ATT&CK] Data Encrypted for Impact - T1486 | [MITRE ATT&CK] Impair Defenses - T1562
Tags: malware:Phishing, malware:Lockbit, Lockbit, Copyright, Ransomware
There is More Than One Way To Sleep: Deep Dive into the Implementations of API Hammering by Various Malware Families
(published: June 24, 2022)
Researchers at Palo Alto Networks have released their analysis of new BazarLoader and Zloader samples that utilize API Hammering as a technique to evade sandbox detection. API Hammering makes use of a large volume of Windows API calls to delay the execution of malicious activity to trick sandboxes into thinking the malware is benign. Whilst BazarLoader has utilized the technique in the past, this new variant creates large loops of benign API using a new process. Encoded registry keys within the malware are used for the calls and the large loop count is created from the offset of the first null byte of the first file in System32 directory. Zloader uses a different form of API Hammering to evade sandbox detection. Hardcoded within Zloader are four large functions with many smaller functions within. Each function makes an input/output (I/O) call to mimic the behavior of many legitimate processes.
Analyst Comment: Defense in depth is the best defense against sophisticated malware. The Anomali Platform can assist in detection of malware and Match anomalous activity from all telemetry sources to provide the complete picture of adversary activity within your network.
MITRE ATT&CK: [MITRE ATT&CK] Virtualization/Sandbox Evasion - T1497
Tags: malware:BazarLoad |
Ransomware Spam Malware Tool Vulnerability Threat | APT 28 APT 23 | |
 |
2022-06-22 10:31:08 | (Déjà vu) New Phishing Attack Infects Devices With Cobalt Strike (lien direct) | Security researchers have discovered a new malicious spam campaign that delivers the ‘Matanbuchus’ malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads. First spotted in February 2021 in advertisements on the dark web, […] | Spam Malware Threat | ||
 |
2022-06-20 11:15:09 | CVE-2022-1801 (lien direct) | The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | Spam | ★★ | |
 |
2022-06-18 10:06:03 | (Déjà vu) New phishing attack infects devices with Cobalt Strike (lien direct) | Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. [...] | Spam Malware | ★★★ | |
|
2022-06-18 10:06:03 | Wave of \'Matanbuchus\' spam is infecting devices with Cobalt Strike (lien direct) | Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. [...] | Spam Malware | ||
 |
2022-06-17 16:00:25 | How to spot malicious spam – Week in security with Tony Anscombe (lien direct) | >As the risk of receiving a malware-laden email increases, take a moment to consider how to spot attacks involving malicious spam | Spam | ||
 |
2022-06-13 02:00:00 | 9 ways hackers will use machine learning to launch attacks (lien direct) | Machine learning and artificial intelligence (AI) are becoming a core technology for some threat detection and response tools. The ability to learn on the fly and automatically adapt to changing cyberthreats give security teams an advantage.However, some threat actors are also using machine learning and AI a to scale up their cyberattacks, evade security controls, and find new vulnerabilities all at an unprecedented pace and to devastating results. Here are the nine most common ways attackers leverage these technologies.1. Spam, spam, spam, spam Defenders have been using machine learning to detect spam for decades, says Fernando Montenegro, analyst at Omdia. "Spam prevention is the best initial use case for machine learning," he says.To read this article in full, please click here | Spam Threat | ★★★ | |
 |
2022-06-11 00:04:22 | Adconion Execs Plead Guilty in Federal Anti-Spam Case (lien direct) | On the eve of their federal criminal trial for allegedly stealing vast swaths of Internet addresses for use in large-scale email spam campaigns, three current or former executives at online advertising firm Adconion Direct have agreed to plead guilty to lesser misdemeanor charges of fraud and misrepresentation via email. | Spam Guideline | ||
 |
2022-06-10 15:49:40 | WhatsApp spam offers up “B&Q Father\'s Day Contest 2022” (lien direct) | We take a look at a scam barbeque quiz that asks "winners" to send a lot of WhatsApp messages to qualify. | Spam | ||
|
2022-06-08 10:15:10 | CVE-2022-1709 (lien direct) | The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack | Spam | ||
|
2022-06-08 10:15:09 | CVE-2022-1569 (lien direct) | The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed | Spam | ★★★★★ | |
 |
2022-06-07 16:38:51 | Texas AG enters Musk/Twitter fight by ordering Twitter to provide spam data (lien direct) | Paxton demands the spam data that Musk hasn't been able to get from Twitter. | Spam | ||
 |
2022-06-07 01:14:19 | Researchers Warn of Spam Campaign Targeting Victims with SVCReady Malware (lien direct) | A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up. SVCReady is said to be in its early stage of development, with the | Spam Malware Threat | ||
 |
2022-06-06 16:11:22 | Musk seeks a way out, claims Twitter violated deal by not providing spam data (lien direct) | Musk waived due diligence but claims he can kill deal if he doesn't get user data. | Spam | ||
 |
2022-05-27 12:04:11 | The $44 Billion Smishing Problem and How to Not Be a Victim (lien direct) |
Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were targeted by these schemes in 2021, resulting in $44 billion in losses. Consumers on average get an average of 19.5 spam texts per month, over double the rate it was three years ago. |
Spam | ||
|
2022-05-17 17:15:07 | Musk says Twitter must show data behind spam estimate or he\'ll kill the deal (lien direct) | Musk replied to Twitter CEO's spam explanation with criticism and a poop emoji. | Spam | ||
 |
2022-05-17 12:24:22 | Musk: Doubt About Spam Accounts Could Scuttle Twitter Deal (lien direct) | 
|
Spam | ||
 |
2022-05-17 12:11:00 | Twitter réplique à Elon Musk au sujet des spams, et explique comment il lutte contre les faux comptes (lien direct) | Le PDG du réseau social joue la carte de la transparence en expliquant comment ses équipes traquent les spams et faux comptes. Un processus complexe qui nécessite une adaptation constante.  |
Spam | ||
|
2022-05-13 15:28:09 | Musk says Twitter deal “on hold” over concern about number of spam accounts (lien direct) | Musk "still committed" to purchase amid talk he could back out or renegotiate. | Spam | ||
 |
2022-05-11 15:49:52 | I/O 2022: Android 13 security and privacy (and more!) (lien direct) | Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy TeamEvery year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we're making the latest release safer, and more private, while continuing to offer a seamless experience. So let's dig into the tools we're building to better secure your data, enhance your privacy and increase trust in the apps and experiences on your devices. Low latency, frictionless securityRegardless of whether a smartphone is used for consumer or enterprise purposes, attestation is a key underpinning to ensure the integrity of the device and apps running on the device. Fundamentally, key attestation lets a developer bind a secret or designate data to a device. This is a strong assertion: "same user, same device" as long as the key is available, a cryptographic assertion of integrity can be made. With Android 13 we have migrated to a new model for the provisioning of attestation keys to Android devices which is known as Remote Key Provisioning (RKP). This new approach will strengthen device security by eliminating factory provisioning errors and providing key vulnerability recovery by moving to an architecture where Google takes more responsibility in the certificate management lifecycle for these attestation keys. You can learn more about RKP here.  We're also making even more modules updatable directly through Google Play System Updates so we can automatically upgrade more system components and fix bugs, seamlessly, without you having to worry about it. We now have more than 30 components in Android that can be automatically updated through Google Play, including new modules in Android 13 for Bluetooth and ultra-wideband (UWB). Last year we talked about how the majority of vulnerabilities in major operating systems are caused by undefined behavior in programming languages like C/C++. Rust is an alternative language that provides the efficiency and flexibility required in advanced systems programming (OS, networking) but Rust comes with the added boost of memory safety. We are happy to report that Rust is being adopted in security critical parts of Android, such as our key management components and networking stacks. Hardening the platform doesn't just stop with continual improvements with memory safety and expansion of anti-exploitation techniques. It also includes hardening our API surfaces to provide a more secure experience to our end users. In Android 13 we implemented numerous enhancements to help mitigate potential vulnerabilities that app developers may inadvertently introduce. This includes making runtime receivers safer by allowing developers to specify whether a particular broadcast receiver in their app s |
Spam Vulnerability | ||
 |
2022-05-11 12:13:51 | Novel Phishing Trick Uses Weird Links to Bypass Spam Filters (lien direct) | A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains. | Spam | ★★★ | |
|
2022-05-06 18:15:08 | CVE-2021-27758 (lien direct) | There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | Spam Vulnerability | ★★★★★ | |
 |
2022-05-04 15:01:01 | Phishers taking advantage of Gmail\'s SMTP relay service to impersonate brands (lien direct) | Since April 2022 phishing emails have been sent to Gmail users from legitimate addresses, making it hard to tell spam from legitimate sources. | Spam | ||
 |
2022-04-29 09:49:00 | Vulnerable plugins plague the CMS website security landscape (lien direct) | Backdoors, card skimming, and spam are also common factors in website compromise. | Spam | ||
|
2022-04-19 15:00:00 | Anomali Cyber Watch: RaidForums Seized, Sandworm Attacks Ukrainian Power Stations, North Korea Steals Chemical Secrets, and More (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, China, Cyberespionage, North Korea, Spearphishing, Russia, Ukraine, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Lazarus Targets Chemical Sector
(published: April 14, 2022)
In January 2022, Symantec researchers discovered a new wave of Operation Dream Job. This operation, attributed to the North Korea-sponsored group Lazarus, utilizes fake job offers via professional social media and email communications. With the new wave of attacks, Operation Dream Job switched from targeting the defense, government, and engineering sectors to targeting South Korean organizations operating within the chemical sector. A targeted user executes an HTM file sent via a link. The HTM file is copied to a DLL file to be injected into the legitimate system management software. It downloads and executes the final backdoor: a trojanized version of the Tukaani project LZMA Utils library (XZ Utils) with a malicious export added (AppMgmt). After the initial access, the attackers gain persistence via scheduled tasks, move laterally, and collect credentials and sensitive information.
Analyst Comment: Organizations should train their users to recognize social engineering attacks including those posing as “dream job” proposals. Organizations facing cyberespionage threats should implement a defense-in-depth approach: layering of security mechanisms, redundancy, fail-safe defense processes.
MITRE ATT&CK: [MITRE ATT&CK] Scheduled Task - T1053 | [MITRE ATT&CK] User Execution - T1204 | [MITRE ATT&CK] Windows Management Instrumentation - T1047 | [MITRE ATT&CK] Process Injection - T1055 | [MITRE ATT&CK] Valid Accounts - T1078 | [MITRE ATT&CK] Signed Binary Proxy Execution - T1218 | [MITRE ATT&CK] Credentials from Password Stores - T1555
Tags: Lazarus, Operation Dream Job, North Korea, source-country:KP, South Korea, target-country:KR, APT, HTM, CPL, Chemical sector, Espionage, Supply chain, IT sector
Old Gremlins, New Methods
(published: April 14, 2022)
Group-IB researchers have released their analysis of threat actor OldGremlin’s new March 2022 campaign. OldGremlin favored phishing as an initial infection vector, crafting intricate phishing emails that target Russian industries. The threat actors utilized the current war between Russia and Ukraine to add a sense of legitimacy to their emails, with claims that users needed to click a link to register for a new credit card, as current ones would be rendered useless by incoming sanctions. The link leads users to a malicious Microsoft Office document stored within Dropbox. When macros are enabled, the threat actor’s new, custom backdoor, TinyFluff, a new version of their old TinyNode |
Ransomware Spam Malware Vulnerability Threat Guideline Medical | APT 38 APT 28 | |
 |
2022-04-14 11:00:00 | Threat Source newsletter (April 14, 2022) - It\'s Tax Day, and you know what that means (lien direct) | By Jon Munshaw. Welcome to this week's edition of the Threat Source newsletter. The deadline to file taxes in the United States is Monday. That means a few things: everyone should probably make sure their liquor cabinet is fully stocked, your spam filters are all turned on in your email... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Spam Threat | ||
|
2022-04-11 15:15:08 | CVE-2022-0949 (lien direct) | The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 6.930 does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection | Spam Guideline | ||
|
2022-03-25 12:15:07 | CVE-2022-1064 (lien direct) | SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1. | Spam | ||
|
2022-03-14 15:15:09 | CVE-2022-0254 (lien direct) | The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | Spam Guideline | ||
|
2022-03-13 14:26:20 | Filter Blocked 70,000 Emails to Indiana Lawmakers on Bill (lien direct) | A spam filter blocked as many as 70,000 emails sent to Indiana legislators about a contentious bill that aimed to place restrictions on teaching about racism and political topics. | Spam | ||
|
2022-03-09 20:48:00 | Chinese hackers attempted phishing on emails affiliated with US government (lien direct) | All phishing emails were successfully marked as spam and filtered by Gmail in February. | Spam | ||
|
2022-03-04 17:23:01 | Picking up the phone still might be the best way to do business (lien direct) | State of the Call report shows that voice calls remain preferred form of communication, despite spam risks | Spam | ||
|
2022-02-15 22:31:33 | SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming (lien direct) | Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell. | Spam | ||
|
2022-02-15 14:24:51 | CyberheistNews Vol 12 #07 [Heads Up] FBI Warns Against New Criminal QR Code Scams (lien direct) |
[Heads Up] FBI Warns Against New Criminal QR Code Scams
Email not displaying? |
CyberheistNews Vol 12 #07 | Feb. 15th., 2022
[Heads Up] FBI Warns Against New Criminal QR Code Scams
QR codes have been around for many years. While they were adopted for certain niche uses, they never did quite reach their full potential. They are a bit like Rick Astley in that regard, really popular for one song, but well after the boat had sailed. Do not get me wrong, Rick Astley achieved a lot. In recent years, he has become immortalized as a meme and Rick roller, but he could have been so much more.
However, in recent years, with lockdown and the drive to keep things at arms length, QR codes have become an efficient way to facilitate contactless communications, or the transfer of offers without physically handing over a coupon. As this has grown in popularity, more people have become familiar with how to generate their own QR codes and how to use them as virtual business cards, discount codes, links to videos and all sorts of other things.
QRime Codes
As with most things, once they begin to gain a bit of popularity, criminals move in to see how they can manipulate the situation to their advantage. Recently, we have seen fake QR codes stuck to parking meters enticing unwitting drivers to scan the code, and hand over their payment details believing they were paying for parking, whereas they were actually handing over their payment information to criminals.
The rise in QR code fraud resulted in the FBI releasing an advisory warning against fake QR codes that are being used to scam users. In many cases, a fake QR code will lead people to a website that looks like the intended legitimate site. So, the usual verification process of checking the URL and any other red flags apply.
CONTINUED with links and 4 example malicious QR codes on the KnowBe4 blog:
https://blog.knowbe4.com/qr-codes-in-the-time-of-cybercrime
|
Ransomware Data Breach Spam Malware Threat Guideline | APT 15 APT 43 | |
|
2022-02-14 11:52:32 | Half of all emails in 2021 were spam (lien direct) | Email spam rates averaged 46% over the year globally, according to a new report by Kaspersky. In its new Spam and Phishing in 2021 report, the Russian AV company revealed that spam rates peaked at 48% in June. The majority came from machines in Russia (25%), followed by Germany (14%), the US (10%) and China (9%). […] | Spam | ||
 |
2022-02-11 10:08:00 | Half of Global Emails Were Spam in 2021 (lien direct) | COVID-19 still looms large in corporate inboxes | Spam | ||
 |
2022-02-09 10:00:28 | Spam and phishing in 2021 (lien direct) | Statistics on spam and phishing with the key trends in 2021: investment scams, fake streaming websites, theft of corporate credentials and COVID-19. | Spam | ||
|
2022-01-28 03:10:59 | Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing (lien direct) | Microsoft has disclosed details of a large-scale, multi-phase phishing campaign that uses stolen credentials to register devices on a victim's network to further propagate spam emails and widen the infection pool. The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication (MFA), thereby making it possible for the adversary to take | Spam | ||
 |
2022-01-24 12:05:20 | Emotet spam uses unconventional IP address formats to evade detection (lien direct) | Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam […] | Spam Malware Threat | ||
 |
2022-01-10 14:54:48 | Email spam is breaking through again. Here\'s what you can do to minimize it (lien direct) | Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam […] | Spam | ||
|
2021-12-20 16:56:12 | Spam Calling Rates Spike Globally (lien direct) |
Spam calls in the US spiked in October, according to Truecaller's annual Global Spam Report. The report observed that Truecaller customers in the US received 3,115,861 spam calls in October. The researchers note that a user in the US receives an average of 4.8 spam calls per month, totalling approximately 1.4 billion calls across the country every month. |
Spam | ||
|
2021-12-17 11:47:21 | Phorpiex botnet is back, in 2021 it $500K worth of crypto assets (lien direct) | Experts reported the resurgence of the Phorpiex botnet, in one year it allowed to steal crypto assets worth of half a million dollars. Experts at Check Point Research have monitored the resurgence of the Phorpiex botnet, an old threat that was involved in sextortion spam campaigns, crypto-jacking, cryptocurrency clipping (substituting the original wallet address saved in […] | Spam Threat | ||
|
2021-12-13 11:15:09 | CVE-2021-24863 (lien direct) | The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL statement to save it, leading to a SQL injection | Spam Guideline | ||
|
2021-12-08 16:00:01 | Fight back against spam calls with this subscription to the RoboKiller app (lien direct) | RoboKiller will nip those annoying, automated calls in the bud. Now it's available for a discount on a five-year subscription. | Spam | ||
|
2021-12-08 15:47:28 | Credential-Harvesting Phishing Campaign Urges Review of Spam (lien direct) |
Researchers at MailGuard have observed a phishing campaign that's using phony “spam notification” emails that purport to come from Microsoft Office 365. The emails tell recipients that an important-looking email has been sent to their spam folder, and they'll need to click a link to view the supposed message. |
Spam | ||
|
2021-12-05 11:07:37 | Convincing Microsoft phishing uses fake Office 365 spam alerts (lien direct) | A persuasive and ongoing series of phishing attacks are using fake Office 365 notifications asking the recipients to review blocked spam messages, with the end goal of stealing their Microsoft credentials. [...] | Spam | ||
|
2021-12-03 07:46:29 | Talos Takes Ep. #79: Emotet\'s back with the worst type of holiday present (lien direct) | By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. Emotet is back, and it brought the worst possible holiday present (just in time for peak spam season, too!). We... [[ This is only the beginning! Please visit the blog for the complete entry ]] | Spam |
To see everything:
Our RSS (filtrered)
