Phishers Gain Persistence at EU, Asia Hospitality Orgs
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
The SHub Reaper stealer, which hides behind fake WeChat and Miro installers, marks a shift from ClickFix social engineering to Apple script-based execution.
A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.
Threat actors are using the social engineering technique and a legitimate Microsoft tool to deploy the DCRat remote access Trojan against targets in the hospitality sector.
Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.
Microsoft detailed a sophisticated campaign that relies on a social engineering technique, "ClickFix," in which a phisher uses security verification like captcha to give the target a false sense of safety.
Attackers have added aggressive social engineering to their arsenal, along with a novel Windows-manipulating persistence mechanism that demands developer vigilance.
The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users.
Malicious attachments that exploit an RCE flaw from 2017 are propagating Agent Tesla via socially engineered emails and an evasive infection method.
A pervasive ClearFake campaign targeting Windows systems with Atomic Stealer has expanded its social engineering scams to MacOS users, analysts warn.
The socially engineered campaign used a legitimate domain to send phishing emails to large swaths of university targets.
The credential-phishing attack leverages social engineering and brand impersonation techniques to lead users to a spoofed MetaMask verification page.