eSecurity Planet

SEPTEMBER 3, 2021

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. Therein lies a key issue raised by the phishing campaign.

Phishing 142

Phishing Architecture Education Marketing 142

Webroot

OCTOBER 13, 2021

And darkness we found – from million-dollar ransoms to supply chain attacks, these malware variants were The 6 Nastiest Malware of 2021. Phishing continues to be key for these campaigns and it’s typically the first step in compromising a business for the nastiest malware. How malware disrupted our lives.

Malware 145

Malware Small Business Antivirus Backups 145

Heimadal Security

OCTOBER 15, 2021

In a blog post published yesterday, Google said that in 2021, it sent approximately 50.000 alerts to users whose accounts had been compromised by government-backed hacker gangs conducting phishing and malware campaigns. Google Security Engineer […]. Google Security Engineer […].

Hacking 74

Hacking Engineering Phishing Government 74

eSecurity Planet

SEPTEMBER 15, 2021

Since then, the company has steadily cast off the need for passwords for various accounts, and by May 2020, 150 million people had stopped using passwords. Now the company is expanding the passwordless push to all Microsoft accounts. Google automatically makes account holders use two-factor authentication. They’re inconvenient.

Accountability 122

Accountability Passwords Authentication Phishing 122

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. Image: Cloudflare.com. 2, and Aug.

Mobile 300

Mobile Phishing Authentication Accountability 300

Security Boulevard

FEBRUARY 28, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021. The sudo vulnerability aka CVE-2001-3156 , seemed to go under the radar after it was announced and patches were released on 26th January 2021. Npower App Hack.

Energy and Utilities 145

Energy and Utilities Ransomware DDOS Accountability 145

Security Boulevard

APRIL 20, 2022

Download your free copy of the 2022 ThreatLabz Phishing Report, and check out our infographic. For decades, phishing has been a complex and time-consuming challenge for every security team. Avoiding the latest breed of phishing attacks requires heightened awareness from users, additional context, and a zero trust approach.

Phishing 115

Phishing Retail Risk Architecture 115

Security Affairs

APRIL 21, 2022

Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. The identified phishing e-mail warned the victims about overdue payments to the IRS, which should then be paid via PayPal, the e-mail contained an HTML attachment imitating an electronic invoice.

Scams 103

Scams Phishing Government Passwords 103

Security Boulevard

OCTOBER 2, 2023

Phishing Threats Are Increasing in Scale and Sophistication Phishing remains one of the most dangerous and widespread cybersecurity threats. Phishing is now the most common initial attack vector, overtaking stolen or compromised credentials. In 2021 alone, estimated adjusted losses from BEC totaled $2.4

DNS 64

DNS Phishing Social Engineering Engineering 64

eSecurity Planet

DECEMBER 3, 2021

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space. Krebs wrote for The Washington Post between 1995 and 2009 before launching his current blog KrebsOnSecurity.com. Also read: Top Endpoint Detection and Response (EDR) Solutions for 2021.

Accountability 139

Accountability Cybersecurity Penetration Testing InfoSec 139

Security Affairs

MAY 10, 2022

“Frappo” acts as a Phishing-as-a-Service and enables cybercriminals the ability to host and generate high-quality phishing pages which impersonate major online banking, e-commerce, popular retailers, and online-services to steal customer data. The last update of the service was registered May 1, 2022.

Phishing 72

Phishing Banking Retail Financial Services 72

Security Boulevard

MARCH 31, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021. FatFace CEO Liz Evans released a statement which said “ On 17th January 2021 FatFace identified some suspicious activity within its IT systems. conduct penetration testing.

Energy and Utilities 122

Energy and Utilities Ransomware Banking Hacking 122

SecureWorld News

JANUARY 28, 2022

Phishing attacks have steadily been on the rise, and according to Proofpoint's 2021 State of the Phish Report , over half of all participants reported receiving a successful phishing attack in 2020. Criminals use departmental reputation to trick users into trusting phishing lures.

Phishing 79

Phishing Education Social Engineering Security Awareness 79

Security Boulevard

MAY 3, 2021

roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, April 2021. MI5 said the faked LinkedIn accounts are created and operation by nation-state spy agencies, with an intent to recruit individuals or gather sensitive information.

Ransomware 124

Ransomware Passwords Scams Government 124

Security Affairs

MAY 27, 2022

This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations.” Crooks obtain the information by conducting spear-phishing and ransomware attacks, or other means. To nominate, please visit:?.

Cybercrime 129

Cybercrime Education Accountability Phishing 129

SecureList

JULY 29, 2021

This is our latest installment, focusing on activities that we observed during Q2 2021. We have designated it as a new threat actor and named it “HotCousin” The attacks began with a spear-phishing email which led to an ISO file container being stored on disk and mounted. The most remarkable findings.

Malware 143

Malware Phishing Password Management Social Engineering 143

Krebs on Security

APRIL 6, 2022

Since surfacing in late 2021, LAPSUS$ has gained access to the networks or contractors for some of the world’s largest technology companies, including Microsoft , NVIDIA , Okta and Samsung. Microsoft blogged about its attack at the hands of LAPSUS$, and about the group targeting its customers. “voice phishing” a.k.a.

Social Engineering 252

Social Engineering Phishing Engineering Accountability 252

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Why should I care about Phish? The reason why phishing is still reigning supreme?

Phishing 52

Phishing Accountability Social Engineering Mobile 52

The Last Watchdog

JANUARY 3, 2023

For instance, phishing, one of the most common, is a social engineering attack used to steal user data. 2021 saw a massive increase in phishing attacks , and that trend has continued into 2022. With the rise in social media, criminals have more platforms with which to target potential phishing victims.

Risk 203

Risk Cybersecurity Antivirus Phishing 203

BH Consulting

JANUARY 11, 2022

In that spirit, we’ve rounded up five of our most popular blogs from the past year. From ransomware and scams to security frameworks and employee privacy, our 2021 ‘greatest hits’ show how broad the areas of cybersecurity and data protection can be. You can read the full blog and recommendations here. Risk vs reward.

Cybersecurity 59

Cybersecurity Insurance Scams Cyber Risk 59

Webroot

DECEMBER 14, 2020

One thing the cybersecurity experts at Webroot agree on is that work from home is here to stay for 2021, or at least it won’t recede to pre-pandemic levels in even the medium-term. The biggest change for 2021 will be securing remote workforces and remote perimeters, which include home networks and home devices, particularly personal devices.

Cybersecurity 74

Cybersecurity Engineering Phishing Social Engineering 74

Security Affairs

APRIL 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstorm APT (previously tracked by Microsoft as PHOSPHORUS ) to a series of attacks aimed at US critical infrastructure between late 2021 to mid-2022.

Energy and Utilities 88

Energy and Utilities Accountability Education Media 88

Security Affairs

FEBRUARY 28, 2024

The Mirai -based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February 2021, in November 2021, it started exploiting a critical command injection flaw ( CVE-2021-36260 ) in the webserver of several Hikvision products. ” reads the joint report. ” continues the report.

Energy and Utilities 94

Energy and Utilities Government Firewall Malware 94

eSecurity Planet

JUNE 1, 2021

Cybersecurity experts at both Microsoft and SecureWorks said that the hacker group – called Nobelium by Microsoft but which also is known as APT29 – accessed the Constant Contact email marketing account used by the U.S. Agency for International Development (USAID) to launch phishing campaigns against a broad array of targets.

Phishing 67

Phishing Mobile Government Cybersecurity 67

eSecurity Planet

MAY 4, 2023

In a major move forward for passwordless authentication, Google is introducing passkeys across Google Accounts on all major platforms. Passkeys can be created within Google accounts at g.co/passkeys. Still, passkeys do allow anyone with physical access to your unlocked device to access your account. Step 2: Yeet the password.”

Authentication 98

Authentication Passwords Accountability Phishing 98

SecureList

MAY 12, 2021

Botmasters and account resellers are tasked with providing initial access inside the victim’s network. For a more detailed overview we chose two of the most noteworthy Big Game Hunting ransomware in 2021. REvil operators have demanded the highest ransoms in 2021. The first one is the REvil (aka Sodinokibi) gang.

Ransomware 129

Ransomware Encryption Malware Cybercrime 129

Security Affairs

APRIL 6, 2023

0xSI_f33d has been part of the official VirusTotal ingestors since July 2021 allowing the community to verify threats worldwide provided by this feed. The submissions were classified as either phishing or malware. A growing trend in phishing submissions was observed in Q3 and Q4 (25369), with malware having 1.3% in Q2 2022.

Threat Reports 81

Threat Reports Phishing Malware Banking 81

BH Consulting

APRIL 13, 2021

The 2021 SANS Security Awareness Report offers an interesting look back over the past year. Report author Lance Spitzner of SANS blogged : “The more that managing human risk becomes a dedicated, prioritised effort, the more effective organizations will become at managing their human risk.” billion in 2019. Sign up here.

Cybercrime 52

Cybercrime Security Awareness IoT Risk 52

Thales Cloud Protection & Licensing

MAY 13, 2024

In 2021, Microsoft exceeded 200 million active users on Azure AD, 200 million paying users on O365 apps, and 145M active users on Teams (source: Microsoft) Microsoft also announced that they discovered in a particular month in 2020 1.2

Authentication 62

Authentication Phishing Marketing Cloud Migration 62

Malwarebytes

JUNE 1, 2021

This blog post was authored by Hossein Jazi. On December 2020, KISA (Korean Internet & Security Agency) provided a detailed analysis about the phishing infrastructure and TTPs used by Kimsuky to target South Korea. Phishing Infrastructure. Figure 1: Phishing service model. Victimology.

Government 145

Government Phishing Encryption Media 145

CyberSecurity Insiders

JANUARY 27, 2022

.–( BUSINESS WIRE )– Area 1 Security today reported that its growth rate more than doubled in 2021 (268% compared to the previous year), and its partner base grew by 150%. The company launched “ PhishU ” — its new self-paced sales and technical enablement platform — as well as a new partner portal and deal registration program.

Phishing 52

Phishing Retail Marketing Financial Services 52

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks.

System Administration 91

System Administration Government Phishing Malware 91

Troy Hunt

APRIL 12, 2021

I have to be aware that phishing scams may be used against me. The second problem is that you don't need a data breach to get spam, unsolicited phone calls or phishes. Spam, unsolicited phone calls and phishes don't just come from data breaches and it's enormously difficult to reliably attribute them back to a source.

Data breaches 347

Data breaches Phishing Scams Advertising 347

SecureWorld News

OCTOBER 19, 2021

Microsoft, for instance, just released the 2021 Digital Defense Report pointing a finger at Russia as making up 58% of all nation-state cyberattack incidents observed by the corporation. Developing advanced phishing techniques to lure victims. When they did, attackers sent them phishing links in follow-on correspondence.".

Phishing 75

Phishing Social Engineering Authentication Government 75

Security Boulevard

JANUARY 20, 2022

In December 2021, the ThreatLabz research team identified several macro-based MS office files uploaded from Middle Eastern countries such as Jordan to OSINT sources such as VT. During our investigation we discovered that the campaign has been active since July 2021. Introduction. Threat attribution. Figure 7: Encoded string.

Accountability 118

Accountability DNS Phishing Architecture 118

Herjavec Group

DECEMBER 15, 2021

Needless to say, in 2021 cybersecurity was front and center for individuals, enterprises, and governments alike. While this was a big task to take on, I have to admit – I’m leaving 2021 behind feeling encouraged and hopeful for cybersecurity in the New Year. The Rise of Ransomware.

Cybersecurity 52

Cybersecurity Digital transformation Ransomware Cyber Risk 52

Security Through Education

DECEMBER 18, 2023

Phishing emails with holiday themes will also increase during this time of year. Unfortunately, according to the Internet Crime Complaint Center’s (IC3) 2021 report , non-payment or non-delivery scams cost people more than $337 million. With this time of year coming around, however, we see an increasing amount of holiday related scams.

Scams 52

Scams Media Phishing Accountability 52