Phishing Campaign Leverages Google Translate to Steal Google and Facebook Credentials
A phishing campaign has been detected that abuses Google Translate to make the phishing webpage appear to be an official login page for Google. The phishing emails in the campaign are similar to many other campaigns that have been run in the past. The messages have the subject “Security Alert” with a message body virtually identical to the messages sent by Google when a user’s Google account has been accessed from an unfamiliar device...
New BEC Campaign Targets Executives
Business email compromise attacks involve the impersonation of a high-level executive, often the CEO or CFO. The attacks often start with a spear phishing email to obtain the credentials of the CEO/CFO. If the credentials are obtained, the email account is used to send requests to employees. During tax season, W-2 Form data for all employees is often requested or requests are sent to the finance department to make wire transfers to...
Office 365 Phishing Campaign Uses SharePoint Collaboration Request as Lure
A single Office 365 username/password combination can give a hacker access to a vast quantity of sensitive information. Information detailed in emails can be of great value to competitors, identity thieves, and other fraudsters. Office 365 credentials also give hackers access to cloud storage repositories that can contain highly sensitive business information and compromised accounts can be used to distribute malware and conduct...
New Speakup Linux Backdoor Trojan Used in Widespread Attacks
Security researchers at Check Point have identified a new Trojan named Speakup which is being used in targeted attacks on Linux servers. The Speakup Linux backdoor Trojan can also be used to attack Mac devices. The Trojan is deployed via exploits of vulnerabilities across six Linux distributions, including the recently identified ThinkPHP vulnerability, CVE-2018-20062. The current campaign is targeting Linux devices in China,...
Xvideos Sextortion Scam Threatens to Expose Porn Viewing Habits
An xvideos sextortion scam threatens to expose users’ porn viewing habits to friends, family, and work colleagues. The scammer claims to have recorded the user via the webcam while they viewed content on the xvideos adult website. The email is made more believable by the inclusion of the user’s password in the message body. The scammer claims to have gained access to the email recipient’s computer and installed a keylogger. The...