Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks
Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.
"Unlike other phishing webpage distribution behavior through HTML content, these attacks use the response header sent by a server, which occurs before the processing of the HTML content," Palo Alto
Kimsuky-linked hackers use similar tactics to attack Russia and South Korea, researchers say
The threat actor known as Konni, which has been previously linked to the North Korean state-sponsored group Kimsuky, is intensifying its attacks on South Korea and Russia, according to a recent report
CISA says SonicWall bug being exploited as experts warn of ransomware gang use
Federal cybersecurity experts are warning that a vulnerability affecting products from SonicWall is being exploited, and ordered all federal civilian agencies to implement a patch for the bug by the end of the month.
North Korean Hackers Targets Job Seekers with Fake FreeConference App
North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview.
The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for
Chinese ‘Spamouflage’ operatives are mimicking disillusioned Americans online
A Chinese influence operation has ramped up its efforts to impact online discourse around the U.S. elections, creating fake personas across social media platforms to spread divisive messages about the state of the country.
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus.
"Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools.
"For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
The nature of bug bounty programs is changing, and their ‘auntie’ is worried
Moussouris is the founder and CEO of Luta Security, a cybersecurity company specializing in vulnerability management.
Nigerian national who laundered funds from romance and BEC scams gets 10-year sentence
A Nigerian national was sentenced on Monday to 10 years in United States prison for laundering millions obtained from internet scams.
Telecom organizations in Africa targeted by Iran-linked hackers
A cyber-espionage group linked to Iran’s intelligence service has been targeting telecommunications companies in Egypt, Sudan and Tanzania, researchers have found.
UK sets out how pornographic websites must verify users’ ages
According to Ofcom, the average age at which children first see online pornography is 13, although a tenth of children are as young as 9 when they encounter it for the first time.