Top

Tag: Phishing


Email security, Security

Top enterprise email threats and how to counter them

November 15, 2022

Via: Help Net Security

A research from Tessian, the State of Email Security Report, found that enterprise email is now the No. 1 threat vector for cyberattacks. According to the report, 94% of organizations experienced a spear phishing or impersonation attack, and 92% suffered […]


Cyber-crime, Mobile, Mobile security, Phishing

Outmaneuvering cybercriminals by recognizing mobile phishing threats’ telltale markers

November 4, 2022

Via: Help Net Security

Preventative medicine has long been recognized as a vital approach in safeguarding our physical health. We take a variety of tests and assessments so that doctors can uncover key biological markers that may indicate the potential development of certain diseases […]


Network security, Security

Secure web browsers for the enterprise compared: How to pick the right one

October 10, 2022

Via: CSO Online

The web browser has long been the security sinkhole of enterprise infrastructure. While email is often cited as the most common entry point, malware often enters via the browser and is more difficult to prevent. Phishing, drive-by attacks, ransomware, SQL […]


Cyber-crime, Phishing

Phishing attacks skyrocketing, over 1 million observed

September 26, 2022

Via: Help Net Security

The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed. The total for June was 381,717 attacks or […]


Cyber-crime, Phishing

EvilProxy phishing-as-a-service with MFA bypass emerged on the dark web

September 6, 2022

Via: Help Net Security

Following the recent Twilio hack leading to the leakage of 2FA (OTP) codes, cybercriminals continue to upgrade their attack arsenal to orchestrate advanced phishing campaigns targeting users worldwide. Resecurity has recently identified a new Phishing-as-a-Service (PhaaS) called EvilProxy advertised in […]


Cyber-crime, Phishing

Threat Actor Phishing PyPI Users Identified

September 1, 2022

Via: Dark Reading

Security researchers have identified a previously unknown group dubbed “JuiceLedger” as the threat actor behind a recent and first-known phishing campaign specifically targeting users of the Python Package Index (PyPI). The threat actor first surfaced early this year and is […]


Email security, Security

Business Email Compromise: Secret Service on How to Respond

August 31, 2022

Via: DataBreach Today

Ransomware gets the headlines, and phishing sets off the most alerts, but business email compromise costs enterprises the most – more than $43 billion since 2016. U.S. Secret Service agents Stephen Dougherty and Michael Johns discuss the criticality of rapid […]


Cyber-crime, Phishing

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

August 29, 2022

Via: Threat Post

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which […]


Cyber-crime, Phishing

0ktapus phishing campaign: Twilio hackers targeted other 136 organizations

August 26, 2022

Via: Security Affairs

The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Most of the victims are organizations providing IT, software development, and cloud services. The […]


Cyber-crime, Phishing

Cisco has been hacked by a ransomware gang

August 11, 2022

Via: Help Net Security

U.S. networking giant Cisco Systems has been hacked, the company confirmed on Wednesday, after Yanluowang ransomware operators claimed the attack on their leak site. But according to Cisco’s Talos threat intelligence team, the breach resulted in the exfiltraton of inconsequential […]


Data loss, Threats & Malware

Twilio confirms data breach after its employees got phished

August 9, 2022

Via: Help Net Security

Cloud communications company Twilio has announced that some of it employees have been phished and that the attackers used the stolen credentials to gain access to some internal company systems and customer data. What happened? The attackers impersonated Twilio’s IT […]


Cyber-crime, Phishing

FCC warns of steep rise in phishing over SMS

August 5, 2022

Via: Malwarebytes

After the FCC (Federal Communications Commission) made a huge splash weeks ago when it told Google and Apple to pull TikTok from their respective app stores, the federal agency is now warning Americans of an increased wave of SMS phishing […]


Network security, Security

Three Common Mistakes That May Sabotage Your Security Training

August 4, 2022

Via: The Hacker News

Phishing incidents are on the rise. A report from IBM shows that phishing was the most popular attack vector in 2021, resulting in one in five employees falling victim to phishing hacking techniques. The Need for Security Awareness Training Although […]


Cyber-crime, Phishing

Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts

August 3, 2022

Via: Help Net Security

An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The attackers are using a […]


Cyber-crime, Phishing

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

July 26, 2022

Via: Threat Post

The bloom is back on phishing attacks with criminals doubling down on fake messages abusing popular brands compared to the year prior. Microsoft, Facebook and French bank Crédit Agricole are the top abused brands in attacks, according to study on […]


Cyber-crime, Phishing

Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud

July 13, 2022

Via: Help Net Security

A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication (MFA) set up to protect the accounts. The attackers use proxy servers and phishing websites […]


Cyber-crime, Phishing

‘Callback’ Phishing Campaign Impersonates Security Firms

July 12, 2022

Via: Threat Post

A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download malware. Researchers at CrowdStrike Intelligence discovered the campaign because CrowdStrike is actually one […]


Cyber-crime, Phishing

Ukrainian Authorities Arrested Phishing Gang That Stole 100 Million UAH

July 4, 2022

Via: The Hacker News

The Cyber Police of Ukraine last week disclosed that it apprehended nine members of a criminal gang that embezzled 100 million hryvnias via hundreds of phishing sites that claimed to offer financial assistance to Ukrainian citizens as part of a […]


Cyber-crime, Malware

Researchers Warn of ‘Matanbuchus’ Malware Campaign Dropping Cobalt Strike Beacons

June 27, 2022

Via: The Hacker News

A malware-as-a-service (Maas) dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to download and execute second-stage […]


Cyber-crime, Hacker, Phishing, Threats & Malware

Police seize and dismantle massive phishing operation

June 23, 2022

Via: Malwarebytes

Europol has coordinated a joint operation to arrest members of a cybercrime gang and effectively dismantle their campaigns that netted million in Euros. This operation also led the Belgian Police (Police Fédérale/Federale Politie) and the Dutch Police (Politie) to nine […]