Bleeping Computer

AUGUST 17, 2023

An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide. [.]

Phishing 84

Phishing Accountability 84

SecureList

SEPTEMBER 27, 2023

Unlike phishing links that are easy to check and block, QR code is a headache for security solutions. Malevolent uses of QR codes in email Fraudsters use QR codes to encode links to phishing and scam pages. We observed new email campaigns featuring QR codes in the spring of 2023.

Phishing 113

Phishing Passwords Scams Accountability 113

Anton on Security

APRIL 20, 2023

The famous Mandiant 2023 M-Trends (NOT G-Trends, mind you…) report is out, and here are some of the things that I found to be surprising and NOT surprising :-) Mandiant M-Trends 2023 Detection by Source SURPRISING “Mandiant experts note a decrease in the percentage of global intrusions involving ransomware between 2021 and 2022.

Social Engineering 130

Social Engineering Ransomware Cybercrime Cybersecurity 130

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 65

Phishing Social Engineering Authentication Engineering 65

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. emphasized collective action and individual accountability. Protect IT."

Cybersecurity 149

Cybersecurity Cyber threats Authentication Phishing 149

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing 122

Phishing Marketing Scams Accountability 122

Malwarebytes

NOVEMBER 7, 2023

After 1Password, BeyondTrust, and Cloudflare detected unauthorized log-in attempts to their in-house Okta administrator accounts, they reported the incidents to Okta who started an investigation. To gain access to that service account, the attacker compromised an Okta employee. 2FA that relies on a FIDO2 device can’t be phished.

Accountability 120

Accountability Passwords Data breaches Phishing 120

Security Affairs

DECEMBER 5, 2023

Microsoft warns that the Russia-linked APT28 group is actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. ANSSI investigations confirm that APT28 exploited the Outlook 0-day vulnerability CVE-2023-23397.

Accountability 103

Accountability Government Phishing Authentication 103

SecureList

AUGUST 14, 2023

Examples include automation with phishing kits or Telegram bots. Besides tucking a phishing page inside the website they hack, scammers can steal all of the data on the server and completely disrupt the site’s operation. The rest of this article will deal with phishing pages on hacked websites that are powered by WordPress.

Phishing 79

Phishing Hacking Banking Scams 79

Security Boulevard

FEBRUARY 27, 2024

Enterprises spent over $2 billion in hard dollars on phishing prevention in 2023. In addition, they spent at least 10x that amount in lost productivity due to employee time spent completing periodic phishing awareness training. Such investments make sense when phishing is one of enterprise CISOs’s top three priorities.

Phishing 59

Phishing Accountability Cybersecurity 59

SecureList

NOVEMBER 28, 2022

Although the main types of threats (phishing, scams, malware, etc.) Below, we present a number of key ideas about what the consumer-oriented threat landscape will look like in 2023, and describe how users could be lured into cybertraps with fake content and third-party apps. 2023 promises a wealth of new releases.

Education 121

Education Phishing Scams Social Engineering 121

Identity IQ

APRIL 19, 2024

Identity Theft in 2023: A Year of Record-Breaking Scams IdentityIQ Throughout the past year, IDIQ®, a leading financial intelligence company, tracked the trends in identity theft and related scams through reports from its IdentityIQ brand. Spear phishing scams , targeting specific individuals, witnessed an alarming 150% increase.

Identity Theft 52

Identity Theft Scams Phishing Technology 52

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. SQL Injection Most high-risk vulnerabilities in 2021–2023 were associated with SQL Injection. More than a third (39%) used the microservice architecture.

Passwords 108

Passwords Authentication Architecture Risk 108

SecureList

NOVEMBER 6, 2023

The Newzoo report for 2023 reveals that two in five — more than three billion — across the globe are gamers, which is 6.3 In this report, we provide our insights into the gaming-related threat landscape in 2023. We also analyzed phishing pages using various game titles and gaming platforms as a lure. percent more than last year.

Mobile 98

Mobile Phishing Accountability Scams 98

Malwarebytes

FEBRUARY 6, 2024

The report reveals that, awash with money, the number of known Big Game attacks surged by 68% in 2023, thanks to Ransomware-as-a-Service groups like LockBit and ALPHV. Big game attacks extort vast ransoms from organizations by holding their data hostage—either with encryption, the threat of damaging data leaks, or both.

Ransomware 99

Ransomware Cybercrime Malware Social Engineering 99

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. Currently, most initial access attempts are carried out with social engineering, commonly phishing. What’s the attack?

Phishing 65

Phishing Mobile Social Engineering Data breaches 65

Security Affairs

AUGUST 18, 2023

ESET researchers uncovered a mass-spreading phishing campaign targeting users of the Zimbra Collaboration email server since April 2023. The phishing messages include a phishing page in the attached HTML file, they warn the recipient of an email server update, account deactivation, or similar issue.

Phishing 82

Phishing Social Engineering Accountability Engineering 82

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 104

Social Engineering Authentication Engineering Accountability 104

CyberSecurity Insiders

DECEMBER 23, 2022

This year, organizations have spent significant time and resources attempting to mitigate the risks associated with Business Communication Compromise, including phishing attacks and Personally-Identifiable Information leakages. Below are my top 5 predictions for Business Communication Compromise in 2023.

Social Engineering 142

Social Engineering Phishing Risk Engineering 142

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing 112

Phishing Scams Education Passwords 112

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. 8e-sefdea4.um9. ” concludes the experts.

Phishing 85

Phishing Accountability Authentication Hacking 85

SecureList

JULY 5, 2023

Hence, cybercriminals have little motivation to invest heavily into phishing campaigns, and so, techniques used in email attacks on hot wallets are hardly ever original or complex. Sample phishing email that targets Coinbase users After the user clicks the link, they are redirected to a page where they are asked to enter their seed phrase.

Scams 101

Scams Phishing Cryptocurrency Social Engineering 101

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing 270

Phishing Telecommunications Malware Scams 270

SecureList

MARCH 27, 2023

technologies — the distributed file system IPFS — for email phishing attacks. URL formats can be quite different, for example: [link] [link] Phishing and IPFS In 2022, scammers began actively using IPFS for email phishing attacks. The use of a distributed file system allows attackers to cut back on phishing page hosting costs.

Phishing 105

Phishing Technology Internet Internet 105

Security Affairs

MAY 29, 2023

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and.rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials.

Encryption 90

Encryption Phishing Accountability Authentication 90

Malwarebytes

OCTOBER 11, 2023

In other news, both LockBit and the Akira ransomware gang, the latter of which has tallied 125 victims since we first began tracking them in April 2023, were confirmed last month to be exploiting a specific zero-day flaw ( CVE-2023-20269 ) in Cisco VPN appliances. In September, they had a staggering 53 victims.

Ransomware 112

Ransomware Social Engineering Backups Engineering 112

Security Affairs

AUGUST 16, 2023

A phishing campaign employing QR codes targeted a leading energy company in the US, cybersecurity firm Cofense reported. “Beginning in May 2023, Cofense has observed a large phishing campaign utilizing QR codes targeting the Microsoft credentials of users from a wide array of industries.”

Phishing 85

Phishing Energy and Utilities Insurance Manufacturing 85

Malwarebytes

FEBRUARY 9, 2024

2023 was an explosive year for ransomware. Through thec onsistenciess and evolutions over the last year, one fact remains clear: 2023 broke records with its total number of 4475 ransomware attacks, a 70% increase from 2022. Together, the top 10 sectors accounted for 80% of all ransomware attacks.

Ransomware 68

Ransomware Education Social Engineering Manufacturing 68

The Hacker News

SEPTEMBER 18, 2023

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The fact that Google Authenticator syncs to

Social Engineering 115

Social Engineering Phishing Engineering Authentication 115

Security Affairs

AUGUST 1, 2023

Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. Palo Alto Network Unit 42 discovered a previously unreported phishing campaign that distributed a Python variant of the NodeStealer. ” reads the analysis published by Palo Alto Networks.

Accountability 87

Accountability Cryptocurrency Malware Phishing 87

SecureWorld News

AUGUST 28, 2023

In May 2023, a phishing campaign was launched that targeted a major U.S. The emails in the campaign purported to be from Microsoft, and they claimed that the recipient needed to update their account security settings or activate two-factor authentication (2FA)/multi-factor authentication (MFA) within 72 hours.

Phishing 78

Phishing Scams Mobile Media 78

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 89

Accountability Phishing Financial Services Surveillance 89

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait. Others offered the coveted Green Pass without vaccination.

Phishing 97

Phishing Scams Accountability Energy and Utilities 97

Google Security

MAY 2, 2024

Sriram Karra and Christiaan Brand, Google product managers Last year, Google launched passkey support for Google Accounts. Today, we announced that passkeys have been used to authenticate users more than 1 billion times across over 400 million Google Accounts. This post will seek to clarify these topics.

Accountability 60

Accountability Passwords Authentication Password Management 60

CyberSecurity Insiders

APRIL 10, 2023

Why is identity management and security important in 2023? “In In the current digital landscape, identity security has gained paramount importance due to the growing cyber risks posed by phishing and social engineering attacks utilizing AI.

Identity Theft 105

Identity Theft Education Authentication Data breaches 105

SecureList

NOVEMBER 20, 2023

Methodology In this research, we examine various types of threats, such as financial malware and phishing pages that imitate the world’s largest retail platforms, banks and payment systems. This data spans the period from January through October 2023. In the screenshot below, a phishing site mimics Chanel.

Phishing 119

Phishing Banking Retail Scams 119

eSecurity Planet

JANUARY 5, 2023

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. 2023, he predicted, “will not be any easier when it comes to keeping users’ data safe and private.”

Ransomware 145

Ransomware CISO Software Cybercrime 145