Phishers are spoofing email addresses belonging to US-CERT, an arm of the Department of Homeland Security that coordinates information sharing related to cyber threats, to trick users into installing malware. According to an alert Tuesday, a campaign is currently underway that targets a number of private and government organizations. The messages contain a .zip attachment, "US-CERT Operation Center Report," which is actually a malicious executable file. The alert recommends that recipients immediately delete the socially engineered emails.
US-CERT warns about spoofed US-CERT phishes
Phishers are spoofing email addresses belonging to US-CERT, an arm of the Department of Homeland Security that coordinates information sharing related to cyber threats, to trick users into installing malware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.
Aside from touting its platform's consolidated command center that enables automated vulnerability triage and risk acceptance across various stages, DefectDojo has also introduced visualization upgrades.