Malicious QR code phishing emails with PDF attachments have been leveraged to trick victims into entering a phone call with the attacker purporting to be a customer service representative who coaxes sensitive information disclosures or malware installation, according to an analysis from Cisco Talos.
More than 350 organizations and nearly 1,800 email addresses were discovered by Proofpoint researchers to have been targeted by a new phishing fraud scheme involving the spoofing of the Department of Government Efficiency initially flagged by the Scoop News Group, according to FedScoop.
Nearly 100 GB of emails from White House Chief of Staff Susie Wiles, Trump advisor Roger Stone, Trump legal counsel Lindsey Halligan, and Trump enemy Stormy Daniels were claimed to have been exfiltrated by Iranian state-sponsored threat operation Robert.
GBHackers News reports that widely used short-form video editing app CapCut has been exploited in a two-stage phishing campaign aimed at exfiltrating Apple ID credentials and credit card details.
Schools and small businesses have had their email accounts breached to spread phishing emails delivering the Remcos RAT malware in attack campaigns since last year, Hackread reports.
A red team exercise simulated attacks against organizations in the oil, gas, and energy sectors with the Golang-based RunnerBeacon backdoor as part of the new OneClik attack campaign, which has three variants, all of which involve the abuse of the Microsoft ClickOnce tool and various AWS cloud services, reports BleepingComputer.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
