A phishing campaign is attempting to trick users into downloading remote monitoring and management (RMM) software like AnyDesk, Atera, and Splashtop, according to researchers at Malwarebytes. While these tools are legitimate, they can be exploited by threat actors to carry out many of the same functions as malware. These tools may also be less likely to be flagged as malicious by antivirus software.

Researchers at Volexity warn that the suspected Iranian threat actor CharmingCypress (also known as “Charming Kitten” or “APT42”) has been launching spear phishing attacks against Middle Eastern policy experts. “Throughout 2023, Volexity observed a wide range of spear-phishing activity conducted by CharmingCypress,” the researchers write.

1. Personalization: AI algorithms can analyze large amounts of data scraped from social media, public databases, or leaked information to create highly personalized phishing emails. These emails may contain accurate details about the target’s interests, job positions, or recent activities, making them more convincing.

Today’s BEC attacks are more nuanced, more accessible, less technically demanding, and consequently, more dangerous than ever before. In our report, 2023 BEC Trends, Targets, and Changes in Techniques, we take a hard look at the anatomy of Business Email Compromise (BEC) attacks today and the lures that are drawing users to the bait in record numbers.

With Valentine’s Day just around the corner, it comes as no surprise that Egress’ Threat Intelligence team is starting to see an uptick in romance-based phishing attacks. In particular, they noted a staggering 43% increase in attacks impersonating well-established dating apps including Tinder and Hinge between January 1, 2024, until February 5, 2024, compared to 2023. This is only likely to increase as the day draws closer.

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection. I spend a lot of time on this blog talking about phishing, social engineering, smishing, deepfakes and more – all topics centered around attack techniques designed to interact and fool a user.

Organizations are finally dialing in on where they need to focus their cybersecurity strategies, starting with phishing. But the top four cited security risks all have one element in common. Organizations today realize that maintaining operational resilience is a matter of measuring and addressing risk. According to the 2024 Fortra State of Cybersecurity Survey Results Guide there is a distinct cybersecurity risk that stands out among its peers.

Since January 13th, 2024, our Threat Intelligence team has seen a steep rise in the number of fraudulent payment attacks using Venmo. By hacking existing or setting up new Venmo accounts, cybercriminals are using legitimate Venmo communications to trick users into approving fraudulent payments.

Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point. “Malicious spam is one of the oldest illicit services found on underground cybercrime forums,” the researchers write. “Spam is the most common initial vector for various attack scenario objectives such as phishing and credential harvesting, malware distribution, scams/fraud, etc.

A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials. We’ve all seen one of those posts on social media about some actor, musician or famous person that has passed away. Feeling a sense of sadness and wanting to know more details, these posts garner a lot of attention.