article thumbnail

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 343
article thumbnail

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National Committee hack and the wave of attacks aimed at the 2016 US Presidential Elections.

Phishing 123
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Google Creates “Phishing Quiz” for Better Cyber Hygiene

Adam Levin

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. Take the quiz here.

Phishing 166
article thumbnail

How Phishers Are Slinking Their Links Into LinkedIn

Krebs on Security

This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. A recent phishing site that abused LinkedIn’s marketing redirect. A recent phishing site that abused LinkedIn’s marketing redirect. Urlscan also found this phishing scam from Jan. Image: Urlscan.io.

Phishing 359
article thumbnail

Why Take9 Won’t Improve Cybersecurity

Schneier on Security

” was an awareness campaign from 2016, by the Department of Homeland Security—this was before CISA—and the National Cybersecurity Alliance. Current phishing attacks have evolved from those older Nigerian scams filled with grammar mistakes and typos. I doubt they tested the idea on actual users. “ Stop.

article thumbnail

Fake Cisco ‘Critical Update’ used in phishing campaign to steal WebEx credentials

Security Affairs

Crooks are using a fake Cisco “critical security advisory” in a new phishing campaign aimed at stealing victims’ Webex credentials. The Cofense’s phishing defense center has uncovered an ongoing phishing campaign that uses a Cisco security advisory related to a critical vulnerability as a lure. name=CVE-2016-9223.

Phishing 145
article thumbnail

Russian-speaking cybercrime evolution: What changed from 2016 to 2021

SecureList

Back in 2016, the primary focus of our expert was on major cybergangs that targeted financial institutions, banks in particular. This browser attack chain, popular in 2016, is no longer possible. Then and now: a comparison of how cybercrime groups looked in 2016 vs 2021. Change of targets.