Fraudulent American Express email bypassed Google Workspace security and directed users to spoofed page to enter credentials, Amorblox researchers reported.
The FBI and U.S. Secret Service have joined the government of Lexington, Kentucky, in investigating the business email compromise attack against the city government that resulted in the theft of $4 million in federal housing assistance funds, reports The Record, a news site by cybersecurity firm Recorded Future.
BleepingComputer reports that phishing emails and malware-laced space images from the James Webb telescope are being leveraged in the new 'GO#WEBBFUSCATOR' malware campaign involving Golang-based payloads.
The Robin Banks phishing-as-a-service platform has recently targeted financial institutions in the U.S., Canada and Australia, according to IronNet research.
Twilio announced that 93 users of its Authy two-factor authentication service had their accounts compromised by the same sophisticated phishing attack that impacted the communication tools firm earlier this month, according to The Hacker News.
More than 130 other organizations have been compromised by the same 0ktapus phishing campaign that resulted in successful attacks against Twilio, Klaviyo, and MailChimp, as well as an averted attack attempt against Cloudflare, according to BleepingComputer.
BleepingComputer reports that novel download request filtering techniques have been implemented by North Korean threat group Kimsuky since the beginning of the year in an effort to restrict malicious payload downloads to their targets alone.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
