Beware of Fake Timesheet Report Email Leading to the Tycoon 2FA Phishing Kit

Pinterest Visual Bookmark: The link leads to a page hosted on Pinterest, displaying a Microsoft logo and a “Visit” button. Fake Timesheet Notification: According to SpiderLabs’ post on X, the attack begins with an email titled “Timesheet Report,” claiming new information has been added to the recipient’s timesheet. Obfuscated Code: The phishing pages use heavily obfuscated JavaScript and HTML code, making it difficult for security tools and analysts to detect malicious intent. The email includes a “View Timesheet” button, which redirects the user to a Pinterest Visual Bookmark link. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Session Cookie Harvesting: Tycoon 2FA intercepts session cookies from Microsoft 365 or Gmail accounts, allowing attackers to bypass MFA even if it’s enabled. Cloudflare CAPTCHA Challenge: Clicking “Visit” redirects users to a page with a Cloudflare CAPTCHA challenge. Fake Microsoft Login Page: After completing the CAPTCHA, users are taken to a fake Microsoft login page. First identified in August 2023, it has evolved significantly to bypass MFA protections, making it one of the most advanced phishing kits in circulation. Spider labs warn users to stay vigilant as these attacks aim to bypass Multi-Factor Authentication (MFA) and harvest sensitive credentials. By exploiting trusted platforms like Pinterest and bypassing MFA protections, attackers are making it harder for traditional defenses to keep up. Traffic Filtering: The phishing kit employs advanced traffic filtering techniques, such as blocking datacenter IPs, Tor traffic, and specific bot user agents. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Feb 2025 06:40:06 +0000


Cyber News related to Beware of Fake Timesheet Report Email Leading to the Tycoon 2FA Phishing Kit

Beware of Fake Timesheet Report Email Leading to the Tycoon 2FA Phishing Kit - Pinterest Visual Bookmark: The link leads to a page hosted on Pinterest, displaying a Microsoft logo and a “Visit” button. Fake Timesheet Notification: According to SpiderLabs’ post on X, the attack begins with an email titled ...
2 months ago Cybersecuritynews.com
New Astaroth 2FA Phishing Kit Targeting Gmail, Yahoo, Office 365, and 3rd-Party Logins - To safeguard against sophisticated phishing attacks like the Astaroth 2FA phishing kit, users should create strong, unique passwords, enable two-factor authentication (2FA) using authenticator apps, and exercise caution when handling links or ...
2 months ago Cybersecuritynews.com
10 Best Email Security Gateways in 2025 - Barracuda Email Security Gateway is a solution that helps protect organizations from email-borne threats such as spam, viruses, phishing, and other malicious content. It uses various methods, including filtering, encryption, and sandboxing, to ...
1 month ago Cybersecuritynews.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
The 6 Best Email Security Software & Tools of 2024 - To guarantee full protection against email threats, important features to consider when picking an email security solution include email filtering and spam detection, sandboxing, mobile support, advanced machine learning, and data loss prevention. ...
6 months ago Esecurityplanet.com
Accelerating Cloud-Native Data Security Deployments at Scale with Imperva's eDSF Kit - Elastic DSF is the vision of DSF. The first phase of this vision is creating automatic, click of a button processes to deploy and upgrade DSF with the introduction of Imperva eDSF Kit. eDSF Kit simplifies the product deployment, upgrades, and ongoing ...
1 year ago Imperva.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
1 week ago Bleepingcomputer.com
Tycoon 2FA Phishing Kit Employs New Evasion Techniques to Bypass Endpoint Detection Systems - At its core, Tycoon 2FA employs three principal evasion techniques: custom CAPTCHA implementation through HTML5 canvas, JavaScript obfuscation using invisible Unicode characters, and aggressive anti-debugging measures that prevent security analysis. ...
5 days ago Cybersecuritynews.com
Tycoon2FA phishing kit targets Microsoft 365 with new tricks - In a separate but related report, Trustwave says it has identified a dramatic increase in phishing attacks using malicious SVG (Scalable Vector Graphics) files, driven by PhaaS platforms like Tycoon2FA, Mamba2FA, and Sneaky2FA. Trustwave underlines ...
6 days ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
1 year ago Bleepingcomputer.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Phishing-as-a-service operation uses DNS-over-HTTPS for evasion - Once the victim reaches the final destination, the phishing kit loads and queries the victim’s email domain’s MX record using DoH via Google or Cloudflare. When the victim clicks a link in a phishing email, the kit is loaded on their ...
3 weeks ago Bleepingcomputer.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
11 months ago Hackread.com
Beware: PayPal "New Address" feature abused to send phishing emails - The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase confirmation for a MacBook M4, and to call the enclosed PayPal number if you did not authorize the purchase. The goal of ...
1 month ago Bleepingcomputer.com
Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
1 year ago Cysecurity.news
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
1 month ago Bleepingcomputer.com
Mandiant says X account brute forced without 2FA protection The Register - Well, Mandiant's carefully worded response basically said it wasn't implemented. It didn't specifically point to the policy change X announced in February 2023, which was to disable SMS-based 2FA for users who didn't pay for Twitter Blue, but some ...
1 year ago Go.theregister.com
Email Security Trends And Predictions in 2024 - One of the most critical aspects of this broad topic is email security. Email security refers to the collective measures used to secure the access and content of an email account or service. An email service provider implements email security to ...
1 year ago Cybersecuritynews.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
1 year ago Bleepingcomputer.com
Tycoon2FA Phishkit Updates Tactics with PDF Lures and Redirects - Tycoon is back with a new phishing trick! The threat group has updated its tactics, using PDF lures and clever redirects to steal credentials. The script first displays a Cloudflare “Verify You’re a Human” check: a common tactic used to ...
1 month ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)