In a major international crackdown, Belgian and Dutch authorities, supported by Europol and Eurojust, have dismantled a phone phishing gang responsible for large-scale financial fraud across Europe. The operation resulted in eight arrests and significant seizures. Action Day Results Law enforcement executed 17 coordinated searches across Belgium and the Netherlands, culminating in: The Criminal Scheme The gang, based mainly in the Netherlands, conducted widespread phishing campaigns to steal financial data from victims in at least 10 European countries. Posing as police or bank employees, they targeted older individuals both online and in person. After draining victims’ accounts, the stolen funds…
Author: ISB Staff Reporter
The McAfee mobile research team has identified a significant global rise in predatory loan applications, commonly referred to as SpyLoan apps, which primarily target Android users. These applications, classified as potentially unwanted programs (PUP), utilize social engineering tactics to manipulate users into sharing sensitive information and granting excessive permissions, leading to extortion, harassment, and financial losses. The investigation uncovered fifteen SpyLoan apps that have been installed over eight million times. These apps employ a shared framework for encrypting and exfiltrating data to a command and control (C2) server, utilizing similar HTTP endpoint infrastructures. Their primary operations are concentrated in South America, Southern Asia, and Africa, often promoted…
A rich resource of data from nearly 350 million security scans of Internet-facing assets is now freely accessible for industry and academic research, thanks to the ImmuniWeb Community Edition. Through this initiative, the global cybersecurity community, educational institutions, government agencies, and even individual researchers can access historical data on the security of Internet-accessible resources. To support this, the following dynamic statistics are now publicly available: Global SSL Security Statistics for SSL/TLS encryption visibility, vulnerabilities, and weaknesses in web applications, APIs, email servers, and network appliances. From Q1 2024 to date, there have been 1,421,781 SSL/TLS events. In Q3 2024, the US…
Attackers leveraging vulnerabilities in Virtual Private Networks (VPNs) and exploiting weak passwords accounted for 28.7% of ransomware incidents in Q3 2024, according to Corvus Insurance’s latest Cyber Threat Report. Common credentials like “admin” and a lack of multi-factor authentication (MFA) left VPN systems vulnerable to automated brute-force attacks, highlighting the need for improved basic cyber hygiene. “Attackers are exploiting the easiest entry points, and VPNs were the favored method this quarter,” said Jason Rebholz, Chief Information Security Officer at Corvus. “As we look forward, businesses must strengthen defenses with multi-layered security approaches that extend beyond MFA. Today, MFA is mere…
Horizon3.ai, a provider of autonomous security solutions, has debuted NodeZero Kubernetes Pentesting, a feature designed to empower entities with advanced offensive security capabilities within Kubernetes environments. Available to all NodeZero users, this tool helps security teams simulate real-world attacks within Kubernetes clusters, identifying vulnerabilities from a malefactor’s perspective and helping safeguard critical infrastructure. With Kubernetes serving as a cornerstone for scalable, containerized applications, its adoption across platforms like AWS Elastic Kubernetes Service (EKS), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS) has introduced new security challenges. NodeZero Kubernetes Pentesting addresses these risks through real-time runtime security testing, uncovering potential…
Cyware, a provider of threat intelligence management and cyber fusion solutions, has attained Federal Risk and Authorization Management Program (FedRAMP) Ready status. With FedRAMP Ready status, Cyware says it is positioned to accelerate the authorization process, facilitate broader implementation of its solutions within federal environments, and strengthen cyber resilience across the federal government. Cyware believes this achievement marks a significant step toward enhancing secure, real-time threat intelligence exchange across US federal agencies, reinforcing collective cyber defenses for critical infrastructure. FedRAMP is a government initiative that ensures that cloud services used by federal entities adhere to stringent security standards, supporting secure…
Sixty-nine percent of organizations now manage more machine identities than human ones, with nearly half handling ten times as many. Machine identities—ranging from applications, databases, and bots to IoT devices and SaaS tools—are becoming more prevalent, with nearly three-quarters (72%) of security professionals acknowledging that managing these identities is more challenging due to poor internal processes and inadequate tools. As a result, 66% rely on manual processes for managing machine identities, straining already limited IT and security resources. These were some of the key findings of recent research by SailPoint Technologies called “Machine Identity Crisis: The Challenges of Manual Processes…
Cybercriminals are leveraging increasingly sophisticated attack methods, including the strategic deployment of infostealers, research from Check Point Software’s October 2024 Global Threat Index reveals. The report also notes that the ‘Lumma Stealer’ malware, which leverages fake CAPTCHA pages to infiltrate systems through phishing and cracked game downloads, has surged to 4th in Check Point’s monthly global malware rankings. Once installed, it exfiltrates sensitive data, underscoring the effectiveness of today’s infostealers. Maya Horowitz, VP of Research at Check Point Software, says these findings highlight the need for more advanced cybersecurity defenses. “The rise of sophisticated infostealers underscores a growing reality. Cybercriminals…
Researchers at cybersecurity firm Perception Point have identified a new type of two-step phishing attack that exploits Microsoft Visio files (.vsdx) and Microsoft SharePoint. This strategy uses the .vsdx format to embed malicious URLs, effectively bypassing conventional security measures and targeting sensitive user credentials. How Two-Step Phishing Leverages Microsoft Visio Microsoft Visio, a widely used tool for creating diagrams like flowcharts and process maps, saves files in the .vsdx format, which has traditionally been considered a low-risk file type. However, recent phishing attacks have transformed these files into delivery vehicles for credential theft by embedding malicious URLs. Phishing attacks have…
Fortinet’s FortiGuard Labs has uncovered a sophisticated phishing campaign distributing a new variant of the Remcos Remote Access Trojan (RAT). The campaign begins with a phishing email containing a malicious Excel document designed to exploit vulnerabilities and deliver the Remcos malware onto victims’ devices. Remcos is a commercial remote administration tool (RAT) readily available for purchase, offering features intended for legitimate remote management of computers. However, it has become a powerful tool in the hands of cybercriminals, who misuse it to access sensitive information, control victim devices, and execute further malicious activities. This latest campaign showcases Remcos’s evolving tactics in…
