The Federal Bureau of Investigation (FBI) this week issued an alert to warn the public of spoofed FBI-related Internet domains.According to the agency, “unattributed cyber actors” are registering domains designed to spoof legitimate websites pertaining to the FBI, “indicating the potential for future operational activity.”In addition to spoofed domains, stat
Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to discuss.
But let’s start from a different angle: how rel
Widely regarded as the official start to the Christmas shopping season, Black Friday and Cyber Monday are exciting because many retailers announce limited-time sales that promise huge savings to die-hard consumers. Not even the pandemic looks like it will dent consumers’ enthusiasm. In September 2020, for instance, Bloomberg shared research from Deloitte tha
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned.
The incident is the latest incursion at GoDaddy that relied on tricking employees into transf
Black Friday 2020 promises to be somewhat different from years gone by thanks to COVID-19. The annual surge of in-store chaos and trolley dashes isn’t compatible with social distancing, and so retailers will be looking to drive shoppers online.
Friday 27th November is when things kick off this year, and yet some aspects will be radically different. If you
Targeted attacks
MATA: Lazarus’s multi-platform targeted malware framework
The more sophisticated threat actors are continually developing their TTPs (Tactics, Techniques and Procedures) and the toolsets they use to compromise the systems of their targets. However, malicious toolsets used to target multiple platforms are rare, because they required sig
Malicious actors launched a phishing attack that’s using redirector websites with custom subdomains in order to evade detection.On November 16, Microsoft Security Intelligence tweeted out that it had spotted the phishing attack attempting to lure in recipients with emails disguised as password update reminders, helpdesk tickets and other seemingly legi
byPaul DucklinWe know what you’re thinking: “Another year; another vendor; another threat report……and when I open it, I’ll be stuck in a thinly disguised product brochure.”Well, not this one.We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Re
Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware.
Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America.
Experts at Cybereason Nocturnus have uncovered an active
Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection.
Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection.
“We’re tracking an active credential phi
Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozilla’s Firefox and Thunderbird to Google’s Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, we took a look at a new ransomware called RegretLo
Experts spotted a creative Office 365 phishing campaign that inverts images used as backgrounds for landing pages to avoid getting flagged as malicious.
Researchers at WMC Global have spotted a new creative Office 365 phishing campaign that has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by security s
<p>The life of a phishing site is brief, but impactful. A <a href="https://www.usenix.org/system/files/sec20-oest-sunrise.pdf">study</a> published earlier this year found the average time span between the first and last victim of a phishing attack is just 21 hours. The same study observed the average phishing site shows up in indu
A Russian-speaking threat actor has been targeting hundreds of industrial enterprises for more than two years, Kaspersky’s security researchers report.Focused on companies in Russia, the ongoing attacks are highly targeted, leveraging phishing emails for malware deployment. In some cases, legitimate documents that were stolen in previous attacks are leverage
A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations.UK-based cybersecurity company 7 Elements identified the vulnerability while conducting incident response activities for a customer. An analysis of the attack revealed that t