A new social engineering campaign tracked as “FakeSG” is distributing the NetSupport remote access Trojan (RAT) via phony browser updates, according to researchers at Malwarebytes. The campaign is similar but distinct from the widespread “SocGholish” campaign, which also uses fake browser updates to deliver NetSupport.
For over 25 years, a technology utilized for vital data and voice radio communications globally has remained under wraps, preventing in-depth testing for potential vulnerabilities. However, a small group of researchers in the Netherlands has now shed light on it, uncovering significant flaws, including a deliberate backdoor.
The US Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.
Microsoft was the most impersonated brand in phishing attacks during Q2, 2023, according to Check Point’s latest Brand Phishing Report.
A new report focused on the healthcare sector sheds light on the state of cyber attacks in the European Union, including the types of attacks, who’s targeted, motivations, and who’s responsible. The newly-released Health Threat Landscape report from the European Union Agency for Cybersecurity (ENISA) is the first analysis completed by the agency and covers incidents from 2021 through March of 2023.
The latest data from the FBI’s Internet Crime Complaint Center (IC3) ups the estimate for the cost of losses and exposure through business email compromise (BEC) attacks from 2013 through 2023. In the latest advisory from the IC3 entitled “Business Email Compromise: The $50 Billion Scam,” there was a 17% increase in losses from BEC attacks in 2022.
Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet. “Cybercriminals are always on the lookout for new opportunities and techniques to exploit, and the recent availability of '.ZIP' domains for public purchase has unfortunately created such an opportunity,” the researchers write.
CyberWire wrote: "Researchers at SlashNext describe a generative AI cybercrime tool called “WormGPT,” which is being advertised on underground forums as “a blackhat alternative to GPT models, designed specifically for malicious activities.” The tool can generate output that legitimate AI models try to prevent, such as malware code or phishing templates.
