Tag: email
-
Cloak ransomware group hacked the Virginia Attorney General’s Office
The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN,…
-
The Role of AI in Cybersecurity: Boon or Threat?
Think about it everything’s online these days, right? Your photos, your bank stuff, your emails, and even your fridge probably connect to the internet now. It’s fantastic, but it also means there’s a whole bunch of sneaky folks out there cybercriminals trying to mess with it all. They want your data, your […] The post…
-
UK Cybersecurity Weekly News Roundup 23 March 2025
Tags: ai, best-practice, compliance, cyber, cyberattack, cybersecurity, data, disinformation, election, email, espionage, exploit, group, incident, malicious, network, phishing, qr, ransomware, service, threat, update, vulnerabilityWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. NHS Scotland Confirms Cyberattack Disruption On 20 March 2025, NHS Scotland reported a major cyber incident that caused network outages across multiple health boards. The cyberattack disrupted clinical systems and led to delayed…
-
Don’t Click! Fake Chat Used in Meta Business Account Phishing
“What if you received an email stating, ‘YOUR ADS ARE TEMPORARILY SUSPENDED’? The urgency of the email instantly First seen on securityonline.info Jump to article: securityonline.info/dont-click-fake-chat-used-in-meta-business-account-phishing/
-
Security Affairs newsletter Round 516 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to…
-
New Phishing Scam Uses Fake Instagram Chatbot to Hijack Accounts
New phishing scam targets Instagram business accounts using fake chatbots and support emails, tricking users into handing over login credentials. First seen on hackread.com Jump to article: hackread.com/phishing-scam-fake-instagram-chatbots-hijack-accounts/
-
Exchange Online bug mistakenly quarantines user emails
Microsoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users’ emails. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-bug-mistakenly-quarantines-user-emails/
-
Hackers Use Fake Meta Emails to Steal Ad Account Credentials
A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive users into surrendering their Meta Business account credentials. The attackers initiate the phishing attempt by sending fraudulent emails disguised as official Instagram notifications, alerting users that their advertising accounts have been temporarily suspended due to…
-
Scammers cash in on tax season
AI-powered phishing emails, deepfake phone calls, and fake tax prep websites are making tax scams more convincing and costly than ever, according to McAfee. Cybercriminals are … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/21/tax-season-scams/
-
New Steganographic Malware Hides in JPEG Files to Spread Infostealers
A recent cybersecurity threat has been identified, where steganographic malware is being distributed through seemingly innocuous JPEG image files. This sophisticated campaign involves luring users into downloading obfuscated JPEG files that contain hidden malicious scripts and executables. Once these files are executed, the malware targets the extraction of sensitive credentials and data from browsers, email…
-
Why No-Reply Emails Are a Cybersecurity Hazard
No-reply emails may seem convenient, but they pose serious cybersecurity risks. Learn how they enable phishing, spoofing, and financial fraud”, and how to protect your business. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/why-no-reply-emails-are-a-cybersecurity-hazard/
-
SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users
SpyX, a company known for developing spyware, has experienced a data breach that compromised the personal information of nearly 2 million users. As per a report posted by Have I been Pwned, the breach, which occurred on June 24, 2024, exposed a wide array of sensitive data, including email addresses, IP addresses, device information, geographic…
-
That breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s toll
Tags: attack, breach, business, ciso, cyber, cybersecurity, data, email, incident, incident response, insurance, jobs, network, phone, ransomware, risk, risk-managementThe importance of practice in estimating costs: Quantifying the costs of an incident in advance is an inexact art greatly aided by tabletop exercises. “The best way in my mind to flush all of this out is by going through a regular incident response tabletop exercise,” Gary Brickhouse, CISO at GuidePoint Security, tells CSO. “People…
-
US DOGE Staffer Sent Unencrypted Treasury Data over Email
Agency Official Says Ex-DOGE Staffer’s Data Breach Violated Security Policy. An ex-Department of Government Efficiency staffer violated Treasury rules by sending unencrypted personal data to two senior Trump administration officials without approval, raising concerns about the task force’s apparent disregard for or lack of knowledge about critical data security policies. First seen on govinfosecurity.com Jump…
-
Fake Coinbase Migration Messages Target Users to Steal Wallet Credentials
A sophisticated phishing campaign is currently targeting cryptocurrency investors with fraudulent emails claiming to be from Coinbase. The scam attempts to trick users into transferring their funds to wallets controlled by attackers through a deceptive >>mandatory wallet migration>Migrate to Coinbase wallet,
-
Hackers Exploit Hard Disk Image Files to Deploy VenomRAT
In a recent cybersecurity threat, hackers have been using virtual hard disk image files (.vhd) to distribute the VenomRAT malware, exploiting a novel technique to bypass security measures. This campaign begins with a phishing email that uses a purchase order as a lure, enticing users to open an attached archive file. Upon extraction, the archive…
-
Sophisticated Phishing Attack Leverages Microsoft 365 Infrastructure to Target Users
Tags: attack, business, control, credentials, cyber, email, exploit, infrastructure, microsoft, phishingA highly sophisticated phishing campaign has been uncovered exploiting Microsoft 365’s trusted infrastructure to facilitate credential harvesting and account takeover attempts. This attack leverages legitimate Microsoft domains and tenant misconfigurations to conduct Business Email Compromise (BEC) operations, effectively bypassing traditional email security controls by exploiting inherent trust mechanisms within the Microsoft ecosystem. Attack Mechanism The…
-
White House exempts cyber pros from mass layoffs; Judge reinstates CISA firings
CISA document process raises security concerns: It’s unclear why CISA posted its request for fired employees to send a password-protected attachment containing personally identifiable information to a publicly promoted email address. It’s also unclear how the password-protected document process would work. CISA did not respond to CSO’s request for clarification.Some cybersecurity professionals cast doubt on…
-
New Steganographic Malware Hides in JPG Files to Deploy Multiple Password Stealers
A recent cybersecurity threat has emerged in the form of a steganographic campaign that uses seemingly harmless JPG files to distribute multiple types of malware, including password stealers like Remcos and AsyncRAT. This sophisticated attack begins with a phishing email containing a malicious Excel document that exploits a known vulnerability, CVE-2017-0199, to initiate the infection…
-
Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users’ Actions
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users’ actions.That’s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim’s security and privacy.”The features available in CSS allow attackers and spammers…
-
£1M Lost as UK Social Media and Email Account Hacks Skyrocket
Action Fraud reported a spike in social media and email account hacks in 2024, resulting in losses of nearly £1m First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-social-media-email-account-hacks/
-
SingCERT Alerts Public on Fraudulent Emails Impersonating CSA and SPF
The Singapore Cyber Emergency Response Team (SingCERT) has issued a warning regarding the rise in fraudulent emails, with scammers impersonating officials from the Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/fraudulent-emails-scam/
-
Security Affairs newsletter Round 515 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New MassJacker clipper targets pirated software seekers Cisco IOS XR flaw allows attackers to crash BGP process on…
-
Invisible C2″Š”, “Šthanks to AI-powered techniques
Tags: ai, api, attack, breach, business, chatgpt, cloud, communications, control, cyberattack, cybersecurity, data, defense, detection, dns, edr, email, encryption, endpoint, hacker, iot, LLM, malicious, malware, ml, monitoring, network, office, openai, powershell, service, siem, soc, strategy, threat, tool, update, vulnerability, zero-trustInvisible C2″Š”, “Šthanks to AI-powered techniques Just about every cyberattack needs a Command and Control (C2) channel”Š”, “Ša way for attackers to send instructions to compromised systems and receive stolen data. This gives us all a chance to see attacks that are putting us at risk. LLMs can help attackers avoid signature based detection Traditionally, C2…
-
Coinbase phishing email tricks users with fake wallet migration
A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/coinbase-phishing-email-tricks-users-with-fake-wallet-migration/
-
Week-long Exchange Online outage causes email failures, delays
Microsoft says it partially mitigated a week-long Exchange Online outage causing delays or failures when sending or receiving email messages. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/week-long-exchange-online-outage-causes-email-failures-delays/
-
Symantec Uses OpenAI Operator to Show Rising Threat of AI Agents
Symantec threat researchers used OpenAI’s Operator agent to carry out a phishing attack with little human intervention, illustrating the looming cybersecurity threat AI agents pose as they become more powerful. The agent learned how to write a malicious PowerShell script and wrote an email with the phishing lure, among other actions. First seen on securityboulevard.com…
-
Fraudsters Impersonate Clop Ransomware to Extort Businesses
Barracuda observed threat actors impersonating the Clop ransomware group via email to extort payments, claiming to have exfiltrated sensitive data First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fraudsters-clop-ransomware-extort/