yaracroft @venom@nanao.cybtex.fr
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
Les signataires d'une charte « informatique et des communications électroniques » sont susceptibles d'être licenciés en cas d'incident de sécurité informatique #france #phishing #malware #ransomware #informatique
The Centre for Computing History (computinghistory.org.uk) : « sadly no online system can claim to be 100 per cent secure » #uk #phishing #databreach #informatique
https://www.theregister.com/2021/10/20/centre_for_computing_data_breach/
How Coinbase phishers steal One-Time Passwords #otp #phishing #cryptocurrency #smishing #informatique
https://krebsonsecurity.com/2021/10/how-coinbase-phishers-steal-one-time-passwords/
Abusing legitimate challenge & response services (such as #Google's reCAPTCHA) or deploying customized fake CAPTCHA-like validation. Mass phishing and grayware campaigns have become more sophisticated, using evasion techniques to escape detection by automated security crawlers. Fortunately, when malicious actors use infrastructure, services or tools across their ecosystem of malicious websites, we have a chance to leverage these indicators against them. #cyber #phishing #threats
https://unit42.paloaltonetworks.com/captcha-protected-phishing/
Since the beginning of 2020, Dutch and Belgian residents have been increasingly targeted by financially motivated cybercriminals looking to obtain access to their bank accounts. In many strikingly similar cases, fraudsters reach out to victims via email, SMS, or WhatsApp messages to deliver fake notifications containing malicious links pointing to a phishing site. Our researchers identified a Dutch-speaking criminal syndicate, codenamed Fraud Family by Group-IB, which develops, sells and rents sophisticated phishing frameworks to other #cyber criminals targeting users mainly in the Netherlands and Belgium. The phishing frameworks allow attackers with minimal skills to optimize the creation and design of #phishing campaigns to carry out massive fraudulent operations all the while bypassing 2FA. This blog post analyzes the methods and techniques used by Fraud Family's shady customers, Fraud Family's technical infrastructure, and their phishing panels.
Masquerading as #UK scholars with the University of London's School of Oriental and African Studies (SOAS), the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection efforts, established backstopping for their credential #phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links. Identified targets included experts in Middle Eastern affairs from think tanks, senior professors from well-known academic institutions, and journalists specializing in Middle Eastern coverage.
TA453 illegally obtained access to a website belonging to a world class academic institution to leverage the compromised infrastructure to harvest the credentials of their intended targets. The use of legitimate, but compromised, infrastructure represents an increase in TA453's sophistication and will almost certainly be reflected in future campaigns. TA453 continues to iterate, innovate, and collect in support of IRGC collection priorities. #cyber #threats
https://www.proofpoint.com/us/blog/threat-insight/operation-spoofedscholars-conversation-ta453
- mnt-by
- @socat
Robot
sc(r)apy | full metal packets
> We Are the Borg
> You Will be Assimilated
> Resistance is Futile
Inscrit·e en mar. 2021
yaracroft recommande :
