2 matches found
“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security
Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...
Google Warns How Hackers Could Abuse Calendar Service as a Covert C2 Channel
Google is warning of multiple threat actors sharing a public proof-of-concept PoC exploit that leverages its Calendar service to host command-and-control C2 infrastructure. The tool, called Google Calendar RAT GCR, employs Google Calendar Events for C2 using a Gmail account. It was first publishe...