August 31, 2022
Via: DataBreach TodayRansomware gets the headlines, and phishing sets off the most alerts, but business email compromise costs enterprises the most – more than $43 billion since 2016. U.S. Secret Service agents Stephen Dougherty and Michael Johns discuss the criticality of rapid […]
August 24, 2022
Via: CSO OnlineWhile businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques—business email compromise (BEC). Enterprise security has skewed toward ransomware in recent […]
August 17, 2022
Via: Security WeekIndicted in 2019, Fombe was a fugitive for three years until he was arrested on August 6. He is charged with conspiracy to commit wire fraud and money laundering, and with aggravated identity theft. The man, aged 36, has been […]
Email security, Security, Threats & Malware, Virus & Malware
July 1, 2022
Via: Help Net SecurityThe cyber threat landscape has intensified. Threat actors are organized and professionalized, with ransomware gangs outsourcing the first step of their operations to Initial Access Brokers. This alliance has proven profitable for both sides, as the illegal sale of initial […]
Cyber-crime, Email security, Phishing, Security
June 22, 2022
Via: MalwarebytesA phishing campaign is using voicemail notification messages to go after victims’ Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a […]
June 21, 2022
Via: Help Net SecurityCloudflare announced several new capabilities for Cloudflare One, its zero trust SASE platform, making it the only cloud-native zero trust solution with global network scale. New features for Cloudflare One include sophisticated email security protection, data loss prevention tools, cloud […]
Cyber-crime, Email security, Phishing, Security
June 10, 2022
Via: Threat PostEmotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants […]
Cyber-crime, Email security, Phishing, Security
May 16, 2022
Via: SecurelistThe use of embedded HTML documents in phishing e-mails is a standard technique employed by cybercriminals. It does away with the need to put links in the e-mail body, which antispam engines and e-mail antiviruses usually detect with ease. HTML […]
May 11, 2022
Via: Dark ReadingMalicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say. Phishing emails purporting to contain COVID-19 safety information from the World Health Organization (WHO) are instead phishing lures intended to spread a novel remote-access Trojan (RAT) […]
May 5, 2022
Via: Security WeekThese losses, which the FBI calls “exposed losses,” include both actual and attempted loss reported between June 2016 and December 2021. There has been an increase of 65% between 2019 and 2021, most likely due to the COVID-19 pandemic, which […]
April 21, 2022
Via: The Hacker NewsAn unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’ inboxes. “The code vulnerability […] can be easily exploited by an attacker by sending a malicious […]
March 28, 2022
Via: The Hacker NewsA new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. “The emails use a social engineering technique […]
March 21, 2022
Via: Security WeekAccording to HubSpot, the incident occured on March 18, when a “bad actor” managed to hack into an employee account. After the breach was discovered, the impacted account’s access was terminated and the company also “removed the ability for other […]
Data loss, Email security, Security, Threats & Malware
March 14, 2022
Via: Security WeekThe most recent cyberattack – and most impactful – targeted South Denver Cardiology Associates and resulted in the data of more than 287,000 patients being exfiltrated. The Colorado firm identified the attack on January 4 and later discovered that an […]
March 7, 2022
Via: Security WeekPreviously, email notifications that were automatically sent to a user when someone mentioned them in a comment in a Google Workspace document only included the comment and the commenter’s name. Now, however, Google is also including the commenter’s email address […]
Cyber-crime, Email security, Phishing, Security
January 19, 2022
Via: Help Net SecurityPhishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor (DOL), Inky‘s researchers have warned. The ploy? The DOL is ostensibly inviting companies to submit “proposals from qualified contractors […]
December 23, 2021
Via: Security WeekMon Health says it became aware of the intrusion on July 28, when a vendor notified it of a payment that had not come through. An investigation launched into the matter revealed that adversaries likely had unauthorized access to the […]
Email security, Security, Threats & Malware, Vulnerabilities
November 15, 2021
Via: Security WeekThreat intelligence organization Spamhaus reported seeing more than 100,000 fake emails being sent out in two waves. The hoax emails, coming from “[email protected],” carried the subject line “Urgent: Threat actor in systems.” The message appeared to come from the DHS […]
October 19, 2021
Via: The Hacker NewsCybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint […]
October 18, 2021
Via: Help Net SecurityBEC attacks are generally low-volume but, according to a recent survey by GreatHorn, 71% of organizations experienced at least one in the past year. Trend Micro’s latest research has revealed that scammers have been ramping up their efforts and that […]