HackDig : Dig high-quality web security articles for hackers

Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic, it accounted for 46 percent of the total number of fake web pages. Singapore, 09/18/2020 — Group-IB, a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. It ca
Publish At:2020-09-18 08:41 | Read:105 | Comments:0 | Tags:Cyber Crime Hacking Malware Reports Security hacking news in

Hundreds of Magento Stores Hacked Daily in Major Skimming Campaign

Thousands of Magento-powered online stores have been hacked over the past few days as part of a skimming campaign that has been described as the “largest ever.”The attack is being monitored by Sansec, a Netherlands-based cybersecurity company that specializes in solutions designed to counter digital skimming. Sansec on Monday reported seeing nearly 2,000 Mag
Publish At:2020-09-14 13:26 | Read:163 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Phishing Malware Cyb

Serious Security: Hacking Windows passwords via your wallpaper

byPaul DucklinOur cybersecurity antennae always start vibrating when we see warnings about attacks that involve a new type of file.We’re sure you have the same sort of reaction.After all, if a file type that you’ve treated for years as mostly harmless suddenly turns out to be possibly very dangerous, you’re faced with a double dilemma: How
Publish At:2020-09-11 13:10 | Read:215 | Comments:0 | Tags:Phishing Vulnerability phishing serious security vulnerabili

CISA Warns Election-Related Entities to Be on Watch for Phishing Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned election-related entities to be on the lookout for phishing attacks.In an insight piece published on September 10, CISA highlighted malicious actors’ preference for phishing attacks in their efforts to target political parties, think tanks and other entities that might be involved
Publish At:2020-09-11 08:10 | Read:165 | Comments:0 | Tags:IT Security and Data Protection Latest Security News CISA el

O365 Phishing Attack Used Real-Time Validation against Active Directory

A phishing attack used real-time validation against an organization’s Active Directory in order to steal users’ Office 365 credentials.According to Armorblox, the phishing attack targeted an executive working at an American brand that was named one of the world’s Top 50 most innovative companies for 2019 on a Friday evening.The email used s
Publish At:2020-09-10 12:42 | Read:73 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Active

Warner Music Discloses Data Breach Affecting e-Commerce Websites

Warner Music Group last week started informing customers of its e-commerce websites that their personal information may have been compromised as a result of a data breach suffered by an external service provider.In a data breach notification submitted to the California Attorney General, the music company said it learned of the breach on August 5, but the hac
Publish At:2020-09-07 09:22 | Read:165 | Comments:0 | Tags:NEWS & INDUSTRY Fraud & Identity Theft Phishing Cybe

Epic Manchego gang uses Excel docs that avoid detection

A recently discovered cybercrime gang, tracked as Epic Manchego, is using a new technique to create weaponized Excel files that are able to bypass security checks Security experts from NVISO Labs recently spotted the activity of a new malware gang, tracked as Epic Manchego, that is actively targeting companies across the world with phishing emails since J
Publish At:2020-09-07 06:47 | Read:181 | Comments:0 | Tags:Breaking News Hacking Malware Epic Manchego Excel hacking ne

Visa Issues Alert for 'Baka' JavaScript Skimmer

A JavaScript skimmer identified earlier this year uses dynamic loading to avoid detection by static malware scanners, Visa warns.Referred to as Baka, the e-commerce skimmer was first discovered in February 2020, but has already impacted several merchant websites across numerous global regions.The skimmer is basic, containing the expected components and funct
Publish At:2020-09-07 05:28 | Read:215 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Phishing Virus &

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are dis
Publish At:2020-09-05 11:47 | Read:236 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

Targeted Company’s Homepage Used in Message Quarantine Phish

Security researchers observed that malicious actors had incorporated a targeted company’s homepage into a message quarantine phishing campaign.The Cofense Phishing Defense Center found that the phishing campaign began with an attack email that disguised itself as a message quarantine notification from the targeted company’s IT department.The emai
Publish At:2020-09-04 11:58 | Read:152 | Comments:0 | Tags:IT Security and Data Protection Latest Security News email m

IT threat evolution Q2 2020

IT threat evolution Q2 2020. PC statistics IT threat evolution Q2 2020. Mobile statistics Targeted attacks PhantomLance: hiding in plain sight In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’. The campaign involved a backdoor Trojan that the attackers distributed via dozens of apps
Publish At:2020-09-03 16:30 | Read:296 | Comments:0 | Tags:Featured Malware reports Backdoor Exploit Kits Malware Descr

The Evolution of Phishing: Welcome "Vishing"

Post-mortem analysis of data breaches shows that most of today’s cyber-attacks are front ended by phishing campaigns. The most recent CryptoForHealth Twitter Hacker is just one of many examples. This is not surprising, since the easiest way for a threat actor to gain access to sensitive data is by compromising an end user’s identity and credentials. Things g
Publish At:2020-09-03 14:32 | Read:202 | Comments:0 | Tags:INDUSTRY INSIGHTS Phishing Vishing

Phishing scam uses Sharepoint and One Note to go after passwords

byPaul DucklinHere’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes.From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way.Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in
Publish At:2020-09-02 10:18 | Read:228 | Comments:0 | Tags:Phishing BEC one note phishing

Iranian Hackers Target Academic Researcher via WhatsApp, LinkedIn

The Iran-linked hacking group known as Charming Kitten recently switched to WhatsApp and LinkedIn to conduct phishing attacks, Clearsky security researchers reveal.Active since at least 2011, the adversary is also tracked as Ajax Security Team, APT35, ITG18, NewsBeef, Newscaster, and Phosphorus, and was previously observed targeting a U.S. presidential candi
Publish At:2020-08-28 15:01 | Read:181 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Phishing Cybercrime

UltraRank Group Stole Card Data From Hundreds of Sites Using JS Sniffers

A sophisticated cybercrime group has stolen payment card data from hundreds of websites over the past five years using JavaScript sniffer malware, threat hunting and intelligence company Group-IB reported on Thursday.Named UltraRank by Group-IB, the threat actor has launched at least three campaigns since 2015, including one that appears to be ongoing. While
Publish At:2020-08-27 11:42 | Read:239 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Fraud & Identity

Tools

Tag Cloud