Top

Category: Phishing


Hacker, Phishing

Zoho abused by cyber criminals worldwide

October 4, 2018

Via: TechRadar

One of the world’s most popular online software suites has been hijacked to deliver phishing campaigns, new research has found, Zoho and its online platforms are currently linked to 40 percent of keylogger and phishing campaigns in the last month, […]


Phishing, Threats & Malware

Roaming Mantis part III: iOS crypto-mining and spreading via malicious content delivery system

October 1, 2018

Via: Securelist

In Q2 2018, Kaspersky Lab published two blogposts about Roaming Mantis sharing details of this new cybercriminal campaign. In the beginning, the criminals used DNS hijacking in vulnerable routers to spread malicious Android applications of Roaming Mantis (aka MoqHao and […]


Phishing

Account Takeover Attacks Become a Phishing Fave

September 21, 2018

Via: Dark Reading

More than three-quarters of ATOs resulted in a phishing email, a new report shows. Why spoof an email address for phishing messages when you can hijack an account and send them from the real one? That’s the theory behind account […]


Phishing, Vulnerabilities

Threats posed by using RATs in ICS

September 20, 2018

Via: Securelist

While conducting audits, penetration tests and incident investigations, we have often come across legitimate remote administration tools (RAT) for PCs installed on operational technology (OT) networks of industrial enterprises. In a number of incidents that we have investigated, threat actors […]


Email security, Phishing

State Department confirms breach of unclassified email system

September 19, 2018

Via: CSO Online

The U.S. State Department confirmed it suffered a data breach that exposed employee data; the breach affected the State Department’s unclassified email system. It’s not like the agency suddenly decided to tell the public about the breach, though. The incident […]


Identity theft, Phishing

Here’s Why Business Email Compromise Is Still Driving Executive Identity Theft

September 12, 2018

Via: Security Intelligence

All it took was access to a lawyer’s email, and suddenly, almost $532,000 was in the wrong hands. This business email compromise (BEC) scam began simply: A criminal in Los Angeles named Ochenetchouwe Adegor Ederaine, Jr. gained access to a […]


Cyber-crime, Phishing, Spam, Threats & Malware

Loki Bot: On a hunt for corporate passwords

August 29, 2018

Via: Securelist

Starting from early July, we have seen malicious spam activity that has targeted corporate mailboxes. The messages discovered so far contain an attachment with an .iso extension that Kaspersky Lab solutions detect as Loki Bot. The malware’s key objective is […]


Cyber-crime, Phishing

DNC ‘spearphishing attack’ was actually a test

August 24, 2018

Via: Naked Security

The Democratic National Committee (DNC), on Wednesday: We’ve been spearphished! The committee called the FBI about what it said was a fake login page designed to intercept usernames and passwords that would get attackers into the party’s voter database. The […]


Cyber-crime, Phishing

False Alarm: Phishing Attack Against DNC Was Just a Test

August 24, 2018

Via: DataBreach Today

A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee’s voter database has turned out to be part of an uncoordinated security exercise. The false alarm has highlighted the benefits […]


Phishing

Necurs Botnet Goes Phishing for Banks

August 17, 2018

Via: Dark Reading

The Necurs botnet has resurfaced in a new phishing campaign targeting banks with malicious Microsoft Publisher and PDF files packed with the FlawedAmmyy remote-access Trojan. Cofense researchers first detected the campaign early on August 15 and have confirmed 3,071 banking […]