Graham Cluley

MARCH 27, 2024

Hardware wallet manufacturer Trezor has explained how its Twitter account was compromised - despite it having sensible security precautions in place, such as strong passwords and multi-factor authentication. Read more in my article on the Hot for Security blog.

Accountability 114

Accountability Cryptocurrency Manufacturing Authentication 114

Heimadal Security

OCTOBER 25, 2023

Threat actors use EvilProxy phishing-as-a-service (PhaaS) toolkit to target senior executives in the U.S. in massive phishing campaigns. EvilProxy is an adversary-in-the-middle (AiTM) PhaaS designed to steal credentials and take over accounts. Executives Using EvilProxy Phishing Kit appeared first on Heimdal Security Blog.

Phishing 89

Phishing Financial Services Insurance Manufacturing 89

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 267

Phishing Scams Banking Mobile 267

Security Affairs

AUGUST 9, 2023

Cloud account takeover scheme utilizing EvilProxy hit over 100 top-level executives of global organizations EvilProxy was observed sending 120,000 phishing emails to over a hundred organizations to steal Microsoft 365 accounts. Proofpoint noticed a worrisome surge of successful cloud account compromises in the past five months.

Accountability 91

Accountability Phishing Authentication Architecture 91

Heimadal Security

JUNE 2, 2022

The post New RuneScape Phishing Scam Aimed at Stealing Accounts and In-game Item Bank PINs appeared first on Heimdal Security Blog. However, in 2016, the Java-based client was mostly phased out in favor of a standalone C++ […].

Scams 88

Scams Banking Phishing Accountability 88

Heimadal Security

JANUARY 12, 2024

Framework Computer announced the discovery of a data breach that exposed the private data of an unspecified number of its clients following a phishing attack on Keating Consulting Group, the company’s accounting service provider.

Data breaches 64

Data breaches Phishing Accountability Cybersecurity 64

Heimadal Security

NOVEMBER 2, 2022

The threat actors gained access to one of company’s GitHub accounts after obtaining employee credentials in a successful phishing […]. The post Successful Phishing Attack Causes Dropbox Data Breach appeared first on Heimdal Security Blog.

Data breaches 98

Data breaches Phishing Accountability Cybersecurity 98

Heimadal Security

OCTOBER 17, 2022

Cybersecurity researchers spotted a new ‘Ducktail’ phishing campaign that spreads Windows information-stealing malware written in PHP and uses it to steal Facebook accounts, browser data, and cryptocurrency wallets. Using social […].

Accountability 92

Accountability Malware Cryptocurrency Phishing 92

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing 124

Phishing Accountability Hacking Scams 124

SecureList

JULY 5, 2023

Hence, cybercriminals have little motivation to invest heavily into phishing campaigns, and so, techniques used in email attacks on hot wallets are hardly ever original or complex. Sample phishing email that targets Coinbase users After the user clicks the link, they are redirected to a page where they are asked to enter their seed phrase.

Scams 96

Scams Phishing Cryptocurrency Social Engineering 96

Heimadal Security

DECEMBER 16, 2022

Phishing scams have become more complex over time, and scammers are finding new ways to obtain information about their victims. This new phishing campaign is no different. The crook hides text in the Facebook posts to trick potential victims into giving up their account credentials and personally identifiable information.

Phishing 92

Phishing Scams Accountability Cybersecurity 92

Heimadal Security

MARCH 25, 2022

A new wave of social engineering attacks has been targeting Morgan Stanley client accounts as Morgan Stanley’s wealth and asset management subsidiary claims. The post Social Engineering Attacks Target Morgan Stanley Client Accounts appeared first on Heimdal Security Blog. Vishing means that […].

Social Engineering 100

Social Engineering Engineering Accountability Phishing 100

Security Affairs

APRIL 16, 2023

Microsoft warns of a new Remcos RAT campaign targeting US accounting and tax return preparation firms ahead of Tax Day. Tax Day, Microsoft has observed a new Remcos RAT campaign targeting US accounting and tax return preparation firms. The phishing attacks began in February 2023, the IT giant reported. Ahead of the U.S.

Accountability 92

Accountability Phishing Financial Services Surveillance 92

SecureWorld News

OCTOBER 17, 2022

A low-cost Phishing-as-a-Service (PhaaS) platform that has an open registration process could allow just about anyone with email to become a cybercriminal. While phishing campaigns are nothing new, this "as-a-service" approach is a bit concerning, as it makes it easier for people with nefarious intentions to access and use the type of attack.

Phishing 114

Phishing Cybercrime Accountability Advertising 114

Heimadal Security

SEPTEMBER 22, 2022

Scammers send phishing emails trying to convince Netflix users that their account is somehow in jeopardy, and […]. The post Phishing Scams Are Targeting Netflix Users appeared first on Heimdal Security Blog.

Scams 88

Scams Phishing Social Engineering Engineering 88

Adam Levin

JANUARY 23, 2019

A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. Take the quiz here.

Phishing 166

Phishing Authentication Accountability Passwords 166

Security Boulevard

FEBRUARY 2, 2022

Historically, account takeover (ATO) has been recognized as an attack in which cybercriminals take ownership of online accounts using stolen passwords and usernames. The post What You Need to Do Today to Protect Against Account Takeover Attacks appeared first on Blog. They use these credentials to deploy bots […].

Accountability 98

Accountability Social Engineering Data breaches Phishing 98

Heimadal Security

DECEMBER 15, 2022

Threat actors found a new attack vector spamming open-source ecosystem with packages that contain links to phishing campaigns. 144,294 phishing-related packages have been uploaded to open-source package repositories, like NPM, PyPi, and NuGet.

Phishing 94

Phishing Accountability Cybersecurity 94

CSO Magazine

MAY 24, 2023

“The SuperMailer-generated emails have been reaching inboxes at an increasingly remarkable volume,” Brah Haas, cyber threat intelligence analyst at Cofense, said in a blog post. To read this article in full, please click here

Phishing 92

Phishing Cyber threats Network Security Accountability 92

Malwarebytes

SEPTEMBER 1, 2023

Not long ago I wrote about a recent campaign to hold LinkedIn users' accounts to ransom. Since he doesn’t use the LinkedIn app on his mobile he checked his account on his laptop first thing in the morning. A reset of the account’s password worked, but failed to remove the unwanted active session.

Accountability 132

Accountability Passwords Mobile Authentication 132

Heimadal Security

MARCH 3, 2022

European government personnel involved in helping Ukraine refugees with logistics support has been the target of a spear-phishing campaign, a new report underlines. The post Countries Assisting Ukraine Refugees Targeted in Phishing Cyberattacks appeared first on Heimdal Security Blog.

Phishing 100

Phishing Government Accountability Cybersecurity 100

Security Affairs

MAY 3, 2023

Google announced the introduction of the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. Google is rolling out the passwordless secure sign-in with Passkeys for Google Accounts on all platforms. In 2022, Google announced it would begin work to support passkeys on its platform to replace passwords.

Accountability 94

Accountability Passwords Password Management Phishing 94

Graham Cluley

APRIL 14, 2023

Accountants are being warned to be on their guard from hackers, as cybercriminals exploit the rush to prepare tax returns for clients before the deadline of US Tax Day. Read more in my article on the Tripwire State of Security blog.

Accountability 115

Accountability Phishing Malware 115

Heimadal Security

MAY 5, 2022

For about six months, more than 100 National Health Service (NHS) employees in the United Kingdom had their email accounts used in various phishing attacks, some of which intended to steal Microsoft logins.

Accountability 101

Accountability Phishing Authentication Hacking 101

Heimadal Security

NOVEMBER 12, 2021

As the frequency of bait attacks, also known as reconnaissance attacks, increases, it seems that cybercriminals who send this type of phishing email choose to run their operations using Gmail accounts. The post Hackers Use Gmail Accounts to Execute Baiting Attacks appeared first on Heimdal Security Blog.

Accountability 95

Accountability Phishing Cybersecurity 95

Heimadal Security

JUNE 9, 2022

Cybersecurity specialists discovered a massive phishing campaign that used Facebook Messenger to trick millions of individuals into entering their login details and watching advertisements on phishing pages. American AI-focused cybersecurity […].

Phishing 102

Phishing Advertising Accountability Cybersecurity 102

Pen Test Partners

FEBRUARY 14, 2024

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing (QR Code phishing) and how new AI powered email gateways can potentially block these attacks. Currently, most initial access attempts are carried out with social engineering, commonly phishing. What’s the attack?

Phishing 66

Phishing Mobile Social Engineering Data breaches 66

SecureWorld News

AUGUST 28, 2023

In May 2023, a phishing campaign was launched that targeted a major U.S. The emails in the campaign purported to be from Microsoft, and they claimed that the recipient needed to update their account security settings or activate two-factor authentication (2FA)/multi-factor authentication (MFA) within 72 hours.

Phishing 76

Phishing Scams Mobile Media 76

Security Affairs

APRIL 6, 2022

Ukraine’s technical security and intelligence service warns of threat actors targeting aimed at gaining access to users’ Telegram accounts. State Service of Special Communication and Information Protection (SSSCIP) of Ukraine spotted a new wave of cyber attacks aimed at gaining access to users’ Telegram accounts.

Accountability 105

Accountability Phishing Passwords Hacking 105

Heimadal Security

NOVEMBER 23, 2022

Malicious actors operated a brand impersonation phishing campaign on 22,000 students and managed to bypass the Microsoft email security system. The hackers were aiming to obtain the victim`s Instagram credentials in order to gain full access to their accounts.

Phishing 75

Phishing Accountability Cybersecurity 75

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 What is phishing? This is part of what makes phishing attacks so dangerous.

Phishing 76

Phishing Social Engineering Authentication Engineering 76

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait. Others offered the coveted Green Pass without vaccination.

Phishing 93

Phishing Scams Accountability Energy and Utilities 93

Security Affairs

AUGUST 15, 2022

Microsoft has disrupted activity by SEABORGIUM, a Russia-based actor launching persistent phishing, credential and data theft, intrusions, and hack-and-leak campaigns tied to espionage. More details + TTPs in this MSTIC blog: [link] — Microsoft Security Intelligence (@MsftSecIntel) August 15, 2022. Pierluigi Paganini.

Phishing 92

Phishing Accountability Hacking Surveillance 92

Heimadal Security

AUGUST 25, 2021

Revere Health, the largest independent multispecialty physician group in Utah, has recently revealed that an employee was targeted by a phishing operation. On June 21st, the email account of one of the physician group’s employees […]. What Happened?

Phishing 97

Phishing Accountability Data breaches Cybersecurity 97

Security Boulevard

NOVEMBER 30, 2023

Imagine this scenario, highlighting the need for multi-channel phishing defense: Your company’s Finance department employs thousands of employees in 100+ countries. Recently, 1000+ employees from this department received an email, purportedly from the CEO, asking them to transfer $100,000 of the company’s funds to an unfamiliar bank account.

Phishing 52

Phishing Banking Accountability 52

NSTIC

OCTOBER 24, 2022

This blog will officially wrap up our 2022 Cybersecurity Awareness Month blog series — today we have a special interview from Marian Merritt, deputy director, lead for industry engagement for the National Initiative for Cybersecurity Education (NICE)! This week’s Cybersecurity Awareness

Phishing 67

Phishing Cybersecurity Education Accountability 67

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Other Iranian-based cyberattacks have included hackers targeting Albanian government systems and spear phishing scams. Here are four new phishing trends keeping businesses on their toes. Spear phishing. Phishing via texting.

Phishing 124

Phishing Scams Cybercrime Passwords 124