SecureTeam

Avoiding Business Email Compromise (BEC) Attacks in Microsoft 365

Business Email Compromise (BEC) is a sophisticated form of cybercrime where attackers impersonate trusted individuals or organisations to manipulate victims into transferring money, sharing sensitive information, or taking other actions that benefit the attacker. BEC attacks often involve social engineering techniques, such as email spoofing, spear phishing, or even infiltrating legitimate email accounts. Unlike traditional […]

Avoiding Business Email Compromise (BEC) Attacks in Microsoft 365 Read More »

Strela Stealer Malware – From Invoice Phishing to Thread Hijacking

Articles, Malware, Social Engineering / Ian Reynolds

In recent months, a notable wave of cyber-attacks has swept across Europe, orchestrated by the cybercriminal group known as Hive0145. This group, also referred to by various threat intelligence entities as a highly organised Advanced Persistent Threat (APT), has been delivering a specific strain of malware—Strela Stealer—to infiltrate and compromise systems. Targeting countries primarily including

Strela Stealer Malware – From Invoice Phishing to Thread Hijacking Read More »

Microsoft Teams Used in Social Engineering Attacks

News, Social Engineering / Ian Reynolds

Highly targeted phishing attacks have been carried out by the threat actor Midnight Blizzard, previously known as NOBELIUM, via Microsoft Teams. These attacks targeted a range of organisations including government and non-government organisations, IT services, technology businesses, manufacturing, and media companies. Through social engineering techniques Midnight Blizzard were able to achieve token and credential theft

Microsoft Teams Used in Social Engineering Attacks Read More »

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer

Articles, Information Assurance / Ian Reynolds

EvilExtractor is an info stealer malware tool designed for data theft attacks on Windows operating systems. Researchers at Fortinet’s threat research group FortiGuard Labs have published an analysis of this tool detailing the attack method for this malware, and its impact on its victims. The research concluded that although there are no specific industries targeted

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer Read More »

Open-Source Phishing Kit Used in AiTM Attacks

Articles, Information Assurance / Ian Reynolds

Adversary in the middle (AiTM) is a phishing attack technique in which a proxy server is deployed between the victim and the website they are attempting to access. This allows for the attacker to be placed ‘in the middle’ of the victim and the target website, allowing the attacker to intercept and steal the victim’s

Open-Source Phishing Kit Used in AiTM Attacks Read More »

Fake ChatGPT Installs Windows and Android Malware

News / Ian Reynolds

Threat actors are using the name and image associated with ChatGPT to distribute malware through phishing sites, social media pages, and malicious Android applications. ChatGPT is a well-known AI chatbot run by OpenAI and has reported more than 100 million users in January 2023, only 3 months after its initial launch. The high volume of

Fake ChatGPT Installs Windows and Android Malware Read More »

Microsoft OneNote Attachments Malware Campaign

News / Ian Reynolds

A malware campaign using the Qbot (aka QakBot) banking trojan has been identified in the wild that is spread through malicious Microsoft OneNote .one attachments. This malware campaign has been referred to as ‘QakNote’ due to the trojan used and the method of using Microsoft OneNote files. It has been observed by security researchers at

Microsoft OneNote Attachments Malware Campaign Read More »

Preparing for the Cyber Security Threats of 2023

Articles, Information Assurance / Ian Reynolds

The cyber security challenges faced by organisations last year can give hints towards the way cyber crime is evolving this year. Ransomware has established itself as a constant threat, and is now available on demand through ransomware-as-a-service models, phishing events have increased, with more sophisticated landing pages, and widespread flaws such as Log4j continue to

Preparing for the Cyber Security Threats of 2023 Read More »

Evolving Cyber Security Threats in 2022

Articles, Information Assurance / Ian Reynolds

The threats faced in cyber security are constantly evolving, with state actors taking part in cyber espionage, and cyber criminal groups creating paid-for campaigns and offering services for hire. The National Cyber Security Centre (NCSC), a part of GCHQ, and the UK government’s technical authority for cyber security, have released their annual review for 2022

Evolving Cyber Security Threats in 2022 Read More »

Fake Phantom Security Update Malware Scam

News, Tools / Ian Reynolds

A fake Phantom security update scam has been sent in the form of phishing NFTs to Solana cryptocurrency owners. The NFTs were airdropped into the cryptowallets of users, claiming to be from the developers of Phantom with names such as ‘PHANTOMUPDATE.COM’ or ‘UPDATEPHANTOM.COM’, and descriptions that gave instructions on how to apply this fake update.

Fake Phantom Security Update Malware Scam Read More »

phishing

Avoiding Business Email Compromise (BEC) Attacks in Microsoft 365

EvilExtractor Sold as ‘Educational Tool’ is Info Stealer

Open-Source Phishing Kit Used in AiTM Attacks

Fake ChatGPT Installs Windows and Android Malware

Microsoft OneNote Attachments Malware Campaign

Preparing for the Cyber Security Threats of 2023

Evolving Cyber Security Threats in 2022

Fake Phantom Security Update Malware Scam

Our Address

Talk to us

Office Hours

Company Number

VAT Registration Number

Penetration Testing

Risk & Compliance Services

Quick Links

information. secured.

Head Office Address

Opening Hours

Stay in Touch