Lawrence Abrams reports: A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim’s authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. […] This week, cybersecurity researcher mr.d0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user’s authentication cookies and log into…
Category: Phishing
Expensive week for Carnival Corp: a $1.25 million settlement with states over one breach, then a $5 million settlement with New York for violating state cybersecurity regulation
It seems this was the week for following up on Carnival Corporation breaches. Earlier this week, state attorneys general announced a $1.25 million multistate settlement with the cruise line over a 2019 data breach first disclosed in 2020. But there was other news concerning the cruise line this week, too. On Friday, the New York…
Phishing gang behind several million euros worth of losses busted in Belgium and the Netherlands
A cross-border operation, supported by Europol and involving the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie), resulted in the dismantling of an organised crime group involved in phishing, fraud, scams and money laundering. The action day on 21 June 2022 led to: 9 arrests in the Netherlands 24 house searches in the Netherlands…
Voicemail phishing emails steal Microsoft credentials
Jeff Burt reports: Someone is trying to steal people’s Microsoft 365 and Outlook credentials by sending them phishing emails disguised as voicemail notifications. This email campaign was detected in May and is ongoing, according to researchers at Zscaler’s ThreatLabz, and is similar to phishing messages sent a couple of years ago. This latest wave is…
Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns
Stephen Pritchard reports: A new way of carrying out phishing attacks is being adopted by criminal groups – and it could make threat actors virtually undetectable, security researchers warn. The technique involves using ‘reverse tunnel’ services and URL shorteners to launch large-scale phishing attacks. What’s more, the groups using these techniques leave no trace. Instead, threat actors…
GA: Funds stolen from Floyd County Schools in cyberattack, police investigating
John Bailey and John Druckenmiller reported this on June 8: The Floyd County school system confirmed on Wednesday reports of a cyberattack, discovered Monday, that resulted in $194,672.76 being stolen from the school system. “Floyd County Schools has been made aware of a spear phishing incident, which is a targeted email attack pretending to be…