FISA

  The hyperconnected world has made it easier than ever for businesses and consumers to exchange documents, approve transactions, and complete critical financial workflows with just a click. Digital file sharing and electronic signature platforms used widely across banking, real estate, insurance, and everyday business operations, have become essential to how modern organizations move at speed. But that same convenience creates an opening for cyber criminals. Email security researchers at Check Point have recently uncovered a phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. In this incident, attackers sent over  40,000 phishing emails  targeting roughly  6,100 customers  over the past two weeks. All malicious links were funneled through https://url.za.m.mimecastprotect.com, increasing trust by mimicking familiar redirect flows. The hyperconnected world has...

  A cyber threat group affiliated with Hamas has been conducting espionage across the Middle East. " Wirte " — tracked by Palo Alto's Unit 42 as "Ashen Lepus" — has been spying on regional government bodies and diplomatic entities since 2018. Lately, it's been expanding its interests into countries less directly associated with the Israel-Palestine conflict, like Oman and Morocco. And to match its broadening scope, Wirte has invented a new malware suite with a variety of features useful for evading cybersecurity programs. "When the group first started they used very simple tools — it didn't seem like the people behind the group had a lot of technical know-how," say Unit 42 researchers, who requested anonymity for this article. "However, over the years we've seen this group evolve their tools and techniques; we're now observing an evolution and enhancement in their capabilities." Hamas's New Malware & TTPs T...

  Artificial intelligence (AI) agents are a breeze to create using Microsoft Copilot Studio, and almost just as easy to manipulate into divulging sensitive corporate data. Despite broad security concerns about AI agents, last year, Microsoft decided to allow even totally nontechnical users to deploy their own autonomous bots. You don't need to know how to code at all now — using a simple graphical interface, employees can spin up robots that automate business processes, integrate with other business platforms, and can perform customer-facing functions. There's a certain lack of shock factor, then, in a new Tenable report detailing just how insecure these agents can be. In a simple experiment, researchers created a basic agent, and then very easily demonstrated how it could be coaxed into spilling private data and granting attackers other silly powers. "These tools can naively become a massive risk due to their level of access, ability to perform actions, a...

  A stealthy campaign with 19 extensions on the VSCode Marketplace has been active since February, targeting developers with malware hidden inside dependency folders. The malicious activity was uncovered recently, and security researchers found that the operator used a malicious file posing as a .PNG image. The VSCode Market is Microsoft’s official extensions portal for the widely used VSCode integrated development environment (IDE), allowing developers to extend its functionality or add visual customizations. Due to its popularity and potential for high-impact supply-chain attacks, the platform is constantly targeted by threat actors with evolving campaigns. ReversingLabs, a company specializing in file and software supply-chain security, found that the malicious extensions come pre-packaged with a ‘ node_modules ’ folder to prevent VSCode from fetching dependencies from the npm registry when installing them. Inside the bundled folder, th...

  Introduction: A Vulnerability Hidden in Plain Sight Online platforms increasingly rely on verification systems to stop fake accounts and fraudulent activities. Yet a new study by University of Cambridge researchers reveals that one of the most widely used security methods, SMS verification can be bypassed for just a few cents , calling into question the effectiveness of this defense. Their findings highlight a growing challenge in the fight against online fraud. SMS Verification: Not as Secure as We Think Most websites, apps, and social platforms request a phone number and send a one-time SMS code during registration. This method is supposed to prove that a user is legitimate. However, the Cambridge team found that cheap disposable phone numbers can bypass this process entirely , making it extremely easy for fraudsters to operate at scale. Key points from the research: Fake accounts can be created using SMS activation services for less than 30 cents per number. In some...

  A newly discovered Android malware dubbed DroidLock can lock victims’ screens for ransom and access text messages, call logs, contacts, audio recordings, or even erase data. DroidLLock allows its operator to take complete control of the device via the VNC sharing system and can steal the device lock pattern by placing an overlay on the screen. According to researchers at mobile security company Zimperium, the malware targets Spanish-speaking users and is distributed through malicious websites promoting fake applications that impersonate legitimate packages. In a report today, Zimperium says that the "infection starts with a dropper that deceives the user into installing the secondary payload that contains the actual malware." The malicious apps introduce the main payload via an update request and then ask for Device Admin and Accessibility Services permissions, which let it to perform fraudulent activities. Some of the actions it can take are ...