Credential harvesting campaign targets government, military, and private sector organisations

Cyjax analysts have uncovered a mass credential harvesting campaign targeting a wide range of sectors, including government, military, law enforcement, healthcare, finance, technology, manufacturing, and energy. Key campaign attributes Malicious use of the SendGrid email marketing service to distribute URLs to the landing pages. Phishing emails leverage an image with an embedded URL that masquerades …

Credential harvesting campaign targets government, military, and private sector organisations Read More »

Office 365 credential-harvesting campaign leveraging Basecamp

Cyjax analysts recently uncovered an Office 365 credential-harvesting campaign that masquerades as “A Message from Your CEO”. The delivery system leveraged in these attacks uses multiple techniques to bypass secure email gateways (SEG), one of which has surfaced again in a BazarLoader infection chain. This technique is effective because Basecamp and Google Cloud hosting are …

Office 365 credential-harvesting campaign leveraging Basecamp Read More »

Geopolitical and Cybersecurity Weekly – 26 May 2020

COVID-19 Cybersecurity Update The US Federal Trade Commission (FTC) has warned users about scam coronavirus (COVID-19) contact tracing texts. There has been an increasing number of SMiShing messages asking users to click a malicious link. The FTC claims that clicking the link will download software onto the device, enabling scammers access to personal and financial …

Geopolitical and Cybersecurity Weekly – 26 May 2020 Read More »

Scroll to Top