This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well. Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

On Wednesday, May 3, 2023, Google introduced eight new top-level domains (TLD) available for purchase and that could be used with websites and/or email addresses. From these eight new TLD’s, one that stands out as a potential security risk is.zip. The.zip TLD is concerning since it is also used as an extension of files commonly shared over the internet. With the inclusion of.zip as a domain, email clients and web platforms will now accept URLs disguised as filenames with.zip extensions.

The days of massive server rooms and having every employee all under one roof may seem like they are gone forever, but for a great many organizations the on-premise work environment is still here and unlikely to be pushed out of service any time soon. Let’s start off with a quick reminder on the importance of security an email system. Email remains the number one attack vector favored by threat actors because it involves humans, who can be a weak link in any security system.

Ransomware attacks target organizations or individuals using malware that takes systems or data hostage until a ransom is paid on the promise that a decryption key will then be sent to the organization. There are two main forms of ransomware, non-encrypting ransomware, and crypto ransomware. Non-encrypting, or screen-locking ransomware, locks victims out of their device entirely and is the least common form of ransomware used by cybercriminals.

The latest Phishing Activity Trends Report from the Anti-Phishing Working Group (APWG) shows an unrelenting upward trend in the number of phishing attacks per quarter. Despite the alarm that the growth in the number of phishing attacks should generate, this report sheds some light on what seems to be working for cybercriminals if you dig a little deeper. According to the report.

Netskope Threat Labs is tracking phishing campaigns abusing InterPlanetary File System (IPFS) to deliver their payloads. From March 1 to April 30, Netskope Threat Labs has seen a 7x increase in traffic to IPFS phishing pages. The attacks have been targeting victims mainly in North America and Asia Pacific across different segments, led by the financial services, banking, and technology sectors. IPFS was first launched in 2014 and has been steadily increasing in popularity since.

The US Federal Trade Commission has issued an alert warning of phishing campaigns that are impersonating PayPal and the MetaMask cryptowallet. “If you got an email that seems to be from MetaMask or PayPal, stop,” the FTC says. “They’re phishing scams. The MetaMask fake says your cryptocurrency wallet is blocked. And, if you don’t act fast, click a link, and update your wallet, they say your crypto will be lost.

OSINT stands for open-source intelligence. It is the collection, analysis, and dissemination of information from publicly available sources, such as social media, government reports, newspapers, and other public documents. OSINT is commonly used by intelligence agencies, private investigators, and law enforcement to gather information about an individual or organization. The OSINT framework showcases the multiple ways in which organizations can gather intelligence.

A phishing (by email) and smishing (by SMS text) operation in Madrid, Seville and Guadalajara has been taken down by the National Police of Spain.

Cybercriminals are well versed in the tactic of phishing, which aim to trick users into revealing confidential information and gain unauthorized access to user accounts and compromise corporate networks. A new type of phishing attack has now emerged, known as MFA phishing, which manages to evade the key protection measures deployed by corporate networks.