QR Code
Russian phishing campaigns exploit Signal’s device-linking feature
Russian threat actors have been launching phishing campaigns that exploit the legitimate “Linked Devices” feature in the Signal messaging app to gain unauthorized access to accounts of interest. Over the past year, researchers observed phishing operations attributed to Russian state-aligned groups that used multiple methods to trick targets into linking their Signal account to a […]
Star Blizzard hackers abuse WhatsApp to target high-value diplomats
Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. According to a Microsoft Threat Intelligence report, the campaign was observed in mid-November 2024 and represents a tactical shift for Star Blizzard as a response to the recent exposure […]
QR codes bypass browser isolation for malicious C2 communication
Mandiant has identified a novel method to bypass browser isolation technology and achieve command-and-control operations through QR codes. Browser isolation is an increasingly popular security technology that routes all local web browser requests through remote web browsers hosted in a cloud environment or virtual machines. Any scripts or content on the visited web page is executed […]
Novel phishing campaign uses corrupted Word documents to evade security
A novel phishing attack abuses Microsoft’s Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. Threat actors constantly look for new ways to bypass email security software and land their phishing emails in targets’ […]
Clickbaity or genius? ‘BF cheated on you’ QR codes pop up across UK
“If your name is Emily and your boyfriend went out last night HE CHEATED. Heres [sic] the video for proof,” states a poster seen in Manchester, England this week. My name isn’t Emily, but anyone who comes across such a poster would stop by to take a closer look—it piques curiosity, breeds insecurity, and sparks controversy. And […]
Microsoft Sway abused in massive QR code phishing campaign
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. The attacks were spotted by Netskope Threat Labs in July 2024 after detecting a dramatic 2,000-fold increase in attacks exploiting Microsoft Sway to host phishing […]