In 2023, SpyCloud reported that 61 percent of data breaches were associated with infostealer malware. Cyber threat actors use infostealers to exfiltrate sensitive data on the systems they infect, such as saved browser passwords and cookies, cryptocurrency wallets, and more.
A recently observed phishing campaign impersonates Amazon and states that the recipient’s Prime membership is set to renew; however, their payment method needs updating. The email includes a link that leads to a webpage with a Google Docs URL, claiming to be from Amazon.
The holiday season presents an attractive target for financially motivated cybercriminals who seek to exploit online retailers and shoppers. Despite the challenges posed by high inflation rates, the National Retail Federation (NRF) predicts a three to four percent increase in retail sales...
Consistent with open-source reporting, the NJCCIC detected increased attempts to exploit DocuSign APIs to deliver fraudulent invoices. Unlike traditional phishing scams, which rely on misleading emails and links, these attacks use real DocuSign accounts and templates to mimic companies.
LastPass Password Manager warned customers about a new social engineering campaign in which threat actors are leaving five-star reviews, posing as support on the LastPass extension review page on Google Chrome. In these reviews, they provide customers with a fake number...
Quick-response (QR) codes are convenient and easy to use in everyday life to access information and navigate to websites. Unfortunately, cyber threat actors continue to take advantage of the increased adoption of QR code scanning.
The NJCCIC’s email security solution has observed an uptick in phishing attacks impersonating Truist Bank and Wells Fargo Bank. These emails were flagged for using uncommon URL domains, abused URL services, and uncommon senders. Read more about signs to look for.
Octo2, the newest variant of Octo, has been observed in a campaign in several European countries. Originally spotted in 2016 as Exobot, Octo2 has undergone many upgrades and transformations since its humble beginnings as a banking trojan. After Octo’s source code was leaked...
Security researchers have discovered a new campaign to steal a user’s login account credentials. In this campaign, a target’s browser is forced to load in kiosk mode, a full-screen mode that prevents users from navigating away from the selected webpage. This attack targets Google accounts.
Analysts recently identified a cybercrime group known as Marko Polo, linked to at least 30 unique cryptocurrency and gaming-related scams that have likely compromised thousands of devices worldwide. The group is identified as a financially motivated “traffer team.ˮ
