Blog, Cybersecurity and Phishing - Cyber Security Informer

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. million in an elaborate voice phishing attack. The phishing domain used to steal roughly $4.7 Image: Shutterstock, iHaMoo. “ Annie.”

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Crooks bank on Microsoft’s search engine to phish customers

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering

Engineering Phishing Banking Authentication

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing

Phishing Scams Banking Mobile

Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

Heimadal Security

NOVEMBER 1, 2024

An ongoing spear-phishing campaign is affecting a variety of companies, including governmental agencies. According to Microsoft, the Russian APT group Midnight Blizzard (also known as APT29, UNC2452, and Cozy Bear) is behind the attacks.

Phishing

Phishing Cybersecurity

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8

Phishing

Phishing Education Cybersecurity Threat Detection

Cybersecurity Awareness Month 2023 Blog Series | Recognizing and Reporting Phishing

NSTIC

OCTOBER 24, 2023

During this week’s blog series, we sat down with two of our NIST experts from the Visualization and Usability Group at NIST — Shanée Dawkins and Jody Jacobs — who discussed the importance of recognizing and reporting phishing. This week’s Cybersecurity Awareness Month theme is ‘recognize and report phishing.’

Phishing

Phishing Cybersecurity Technology

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

eSecurity Planet

OCTOBER 28, 2024

A July Microsoft SharePoint issue has been added to the Cybersecurity Infrastructure and Security Agency’s catalog of known exploitable vulnerabilities. We’ll also look at increased phishing attacks, a couple of different Cisco flaws, and a Fortinet vulnerability that took some time to get its own CVE.

Phishing

Phishing Authentication Software VPN

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. Lets explore the top current cybersecurity trends this year. The challenge?

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Anton on Security

OCTOBER 12, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fourth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 , my unofficial blog for #3 ).

Cybersecurity

Cybersecurity Malware Accountability Authentication

Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

Anton on Security

JULY 7, 2022

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our third Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blog for #2 ). Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

Cybersecurity

Cybersecurity Cryptocurrency Ransomware Education

When Prevention Fails: How Hackers and AI Are Forcing a Cybersecurity Rethink

Jane Frankland

MAY 18, 2025

Cybersecurity has entered a new era. In this blog, Ill be examining how AI is reshaping the fight on both sides, shedding light on the unprecedented collaboration among hackers, and why the old cybersecurity playbook is no match for todays challenges. The harsh truth is that no prevention strategy can ever be 100% effective.

Cybersecurity

Cybersecurity Backups Ransomware Firewall

Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data

ZoneAlarm

NOVEMBER 18, 2024

Cybersecurity researchers have exposed a global fraud network known as “SilkSpecter,” responsible for operating 4,700 fake shopping websites to steal credit card details. This sophisticated phishing campaign used professional designs and search engine manipulation to target unsuspecting shoppers worldwide.

Phishing

Phishing Engineering Cybersecurity Data privacy

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

SEPTEMBER 21, 2022

Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Rising popularity.

Phishing

Phishing Artificial Intelligence Cybercrime Social Engineering

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Figure 12: The actual phishing page that follows Finally, all the data is combined with the username and password and sent to the remote server via a POST request.

Advertising

Advertising Accountability Phishing Scams

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” Nag attacks add to the litany of phishing techniques. Over the years, endless phishing variants have emerged, including: •Bulk phishing. Spear phishing. Cybersecurity training needs to be timely and relevant. One must admire the ingenuity of cybercriminals.

Phishing

Phishing Social Engineering Scams Software

The Urgent Call: How a Phishing Email Pushed Buckeye Elementary to Strengthen Cyber Defenses

Security Boulevard

NOVEMBER 11, 2024

In our latest webinar, we explored real-world cybersecurity and online safety incidents, focusing on strategies that K-12 techs can use to prepare for hidden digital threats. The post The Urgent Call: How a Phishing Email Pushed Buckeye Elementary to Strengthen Cyber Defenses appeared first on Security Boulevard.

Phishing

Phishing Technology Ransomware Cybersecurity

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

To empower, not intimidate: a new model for cybersecurity awareness

BH Consulting

JUNE 18, 2025

It’s time to shift the mindset of cybersecurity awareness and challenge the traditional fear-based approach to training people. In the webinar, Brian talked about moving ‘beyond fear’ to develop new awareness models that empower users, as this leads to more sustainable and effective cybersecurity behaviour. You mean a scam.”

Cybersecurity

Cybersecurity Phishing Scams Education

Report Shows Ransomware Has Grown 41% for Construction Industry

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. Phishing is favored by threat actors for its simplicity and effectiveness.

Ransomware

Ransomware Phishing Cyber threats Malware

GUEST ESSAY: Marshaling automated cybersecurity tools to defend automated attacks

The Last Watchdog

MARCH 17, 2022

Cybersecurity tools evolve towards leveraging machine learning (ML) and artificial intelligence (AI) at ever deeper levels, and that’s of course a good thing. The larger question: Can cybersecurity be truly automated? Threat actors are now using advanced methods to conduct intricate, personalized phishing and targeted attacks.

Cybersecurity

Cybersecurity Scams Artificial Intelligence Software

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

FEBRUARY 20, 2024

Malicious intent or manipulation: AI chatbots can be exploited to spread misinformation, execute social engineering attacks or launch phishing. While AI chatbots have cybersecurity vulnerabilities, adopting proactive measures like secure development practices and regular assessments can effectively mitigate risks.

Cybersecurity

Cybersecurity Penetration Testing Authentication Social Engineering

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. The average cost of a cybersecurity breach was $4.45 The average cost of a cybersecurity breach was $4.45 Stay proactive.

Small Business

Small Business Cybersecurity Technology Accountability

Phishing Campaign Uses Reverse Tunnels and URL Shorteners

Heimadal Security

JUNE 6, 2022

Phishing is a deceptive tactic used to obtain sensitive user information (credit card numbers, passwords, etc.). If phishing is effective, hostile third parties steal confidential data. The post Phishing Campaign Uses Reverse Tunnels and URL Shorteners appeared first on Heimdal Security Blog. Hackers use […].

Phishing

Phishing Identity Theft Passwords Cybersecurity

Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!

Anton on Security

JANUARY 3, 2023

This is my completely informal, uncertified, unreviewed and otherwise completely unofficial blog inspired by my reading of our fifth Threat Horizons Report ( full version ) that we just released ( the official blog for #1 report , my unofficial blogs for #2 , #3 and #4 ). Now, go and read the report!

Cybersecurity

Cybersecurity Backups DDOS Accountability

Can Cybersecurity Make You a Millionaire?

Hacker's King

OCTOBER 22, 2024

The world of cybersecurity is booming, with digital threats increasing and businesses needing to protect their data. But can cybersecurity make you a millionaire ? As the demand for cybersecurity professionals continues to rise, so do the financial opportunities for those who excel in this domain.

Cybersecurity

Cybersecurity CISO Engineering Education

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

The Last Watchdog

MAY 15, 2025

Yet despite their importance, many lack the cybersecurity expertise and resources to fend off a rising tide of digital threats. AI is now supercharging these threats helping cybercriminals scale attacks, tailor phishing lures, write malware, and even evade detection. For small businesses, smart prioritization is key.

Small Business

Small Business Cybercrime Cyber Insurance Phishing

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing

Phishing Authentication Engineering Banking

Employee monitoring app exposes users, leaks 21+ million screenshots

Malwarebytes

APRIL 28, 2025

Ive lost count of how many blogs Ive written about stalkerware -type apps that not only exposed the people they spied on but also ended up exposing the spies themselves. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Passwords

Passwords Phishing Spyware Password Management

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

The Last Watchdog

JANUARY 3, 2023

Malicious online actors grow ever more sophisticated, making cybersecurity as big a concern for everyday consumers as it ever has been. For instance, phishing, one of the most common, is a social engineering attack used to steal user data. 2021 saw a massive increase in phishing attacks , and that trend has continued into 2022.

Risk

Risk Cybersecurity Antivirus Phishing

Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Security Boulevard

APRIL 4, 2025

Thats a critical question cybersecurity teams grapple with every day. Strengthening API security should not simply be seen as a protective measure; it can also enable organisations to enhance agility, simplicity and productivity, reads a companion NCSC blog titled New guidance on securing HTTP-based APIs. or token-based authentication.

Cybersecurity

Cybersecurity DNS Government Authentication

Over 21,000 Zoom Users Targeted in a Phishing Attack

Heimadal Security

OCTOBER 17, 2022

A recent phishing attack that was intercepting Zoom users to get their Microsoft exchange credentials was unraveled. The post Over 21,000 Zoom Users Targeted in a Phishing Attack appeared first on Heimdal Security Blog. How the Attack Works […]. How the Attack Works […].

Phishing

Phishing Healthcare Cybersecurity

Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics

Heimadal Security

SEPTEMBER 13, 2023

Storm-0324 recently moved from deploying ransomware to breaching corporate networks through Microsoft Teams phishing attacks. More about the Teams Phishing Attacks Microsoft stated […] The post Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics appeared first on Heimdal Security Blog.

Phishing

Phishing Ransomware Cybersecurity

LockBit Affiliate Uses Amadey Bot in Phishing Campaign

Heimadal Security

NOVEMBER 9, 2022

affiliate is targeting companies with phishing emails, tricking them into installing the Amadey Bot and taking control of their devices. The post LockBit Affiliate Uses Amadey Bot in Phishing Campaign appeared first on Heimdal Security Blog. A LockBit 3.0 The attack’s LockBit 3.0 What Is the Amadey Bot?

Phishing

Phishing Encryption Malware Cybersecurity

What Is Quishing: QR Code Phishing Explained

Heimadal Security

MARCH 24, 2023

Are you aware of QR code phishing or “quishing”? Let’s dive in and learn about this latest threat in […] The post What Is Quishing: QR Code Phishing Explained appeared first on Heimdal Security Blog. This form of social engineering attack is gaining popularity among cybercriminals eager to steal your data.

Phishing

Phishing Social Engineering Engineering Cybersecurity

SLED Cybersecurity Threats in 2025: What You Need to Know to Stay Ahead

Security Boulevard

FEBRUARY 28, 2025

A virtual frontline has formed, and cybersecurity measures must defend against a rising tide of cyber threats. The post SLED Cybersecurity Threats in 2025: What You Need to Know to Stay Ahead appeared first on Security Boulevard.

Digital transformation

Digital transformation Cybersecurity IoT Cyber threats

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

The Last Watchdog

MAY 2, 2023

The rising complexity and prevalence of cybersecurity threats are making experts anxious. Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. These feelings are a side effect of cybersecurity burnout.

Cybersecurity

Cybersecurity Firewall Risk Cyber Risk

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

FEBRUARY 25, 2025

The common maxim in cybersecurity is that the industry is always on the back foot. While cybersecurity practitioners build higher walls, adversaries are busy creating taller ladders. MFA Fatigue: The I Give Up Button in Cybersecurity While MFA is extremely effective at preventing unauthorized access, it is not impervious to abuse.

Social Engineering

Social Engineering Authentication Risk Accountability

Growing Interest in Flipper Zero Capitalized by Cybercriminals in Phishing Campaign

Heimadal Security

JANUARY 4, 2023

A new phishing campaign is taking advantage of the community’s growing interest in Flipper Zero to steal both their personal data and cryptocurrencies. The post Growing Interest in Flipper Zero Capitalized by Cybercriminals in Phishing Campaign appeared first on Heimdal Security Blog.

Phishing

Phishing Cryptocurrency Hacking Risk

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

Thales Cloud Protection & Licensing

OCTOBER 2, 2023

Cybersecurity Awareness Month 2023 – What it is and why we should be aware madhav Tue, 10/03/2023 - 05:33 The inception of Cybersecurity Awareness Month in 2004 came at a critical juncture in our technological history. As we are well and truly in the digital-first age, the need for robust cybersecurity measures is glaringly evident.

Cybersecurity

Cybersecurity Cyber threats Authentication Phishing

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

The Last Watchdog

NOVEMBER 29, 2021

The vulnerabilities and challenges associated with declining worker mental health is causing cybersecurity risks to increase, especially from insider threats. Declining workplace mental health is affecting cybersecurity in various ways. Almost all of us have seen phishing emails in our inbox at some point.

Cybersecurity

Cybersecurity Social Engineering Risk Cyber Risk

Digital life protection: How Webroot keeps you safe in a constantly changing world

Webroot

FEBRUARY 21, 2025

Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality. For over 25 years, Webroot has been on the front lines of cybersecurity, protecting millions of people and businesses from evolving threats. But as technology advances, so do the threats.

Antivirus

Antivirus Identity Theft Cyber threats Phishing

'Caffeine' Phishing Toolkit Could Keep Microsoft 365 Users up at Night

SecureWorld News

OCTOBER 17, 2022

A low-cost Phishing-as-a-Service (PhaaS) platform that has an open registration process could allow just about anyone with email to become a cybercriminal. While phishing campaigns are nothing new, this "as-a-service" approach is a bit concerning, as it makes it easier for people with nefarious intentions to access and use the type of attack.

Phishing

Phishing Cybercrime Accountability Advertising

Booking.com Users Targeted in Elaborate Phishing Scams

ZoneAlarm

DECEMBER 7, 2023

This complex operation, which cleverly manipulates hotel access credentials and employs deceptive phishing methods, has cast a spotlight on the pressing issues of cybersecurity vulnerabilities in online environments.

Scams

Scams Phishing Social Engineering Engineering

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

The Last Watchdog

OCTOBER 24, 2022

Employees are the first line of defense against cybercrime and should understand how to recognize phishing emails and what to do if they suspect them. In addition, educating employees about cybersecurity issues can help to reinforce the security-minded culture of the organization and change employee behaviour.

Security Awareness

Security Awareness Passwords Data breaches Cybersecurity

A Day in the Life of a Prolific Voice Phishing Crew

Crooks bank on Microsoft’s search engine to phish customers

Trending Sources

Arrest, Raids Tied to ‘U-Admin’ Phishing Kit

Microsoft Warns: Midnight Blizzard’s Ongoing Spear-Phishing Campaign with RDP Files

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

Cybersecurity Awareness Month 2023 Blog Series | Recognizing and Reporting Phishing

Vulnerability Recap 10/28/24 – Phishing, DoS, RCE & a Zero-Day

Top Cybersecurity Trends to Watch Out For in 2025

Google Cybersecurity Action Team Threat Horizons Report #4 Is Out!

Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

When Prevention Fails: How Hackers and AI Are Forcing a Cybersecurity Rethink

Fraud Network Operates 4,700 Fake Shopping Sites to Steal Credit Card Data

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

The Urgent Call: How a Phishing Email Pushed Buckeye Elementary to Strengthen Cyber Defenses

Cybercriminals Use Azure Front Door in Phishing Attacks

To empower, not intimidate: a new model for cybersecurity awareness

Report Shows Ransomware Has Grown 41% for Construction Industry

GUEST ESSAY: Marshaling automated cybersecurity tools to defend automated attacks

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Phishing Campaign Uses Reverse Tunnels and URL Shorteners

Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!

Can Cybersecurity Make You a Millionaire?

GUESST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web

Cyber criminals impersonate payroll, HR and benefits platforms to steal information and funds

Employee monitoring app exposes users, leaks 21+ million screenshots

GUEST ESSAY: A new year, a familiar predicament — consumers face intensifying cybersecurity risks

Cybersecurity Snapshot: SANS Recommends Six Controls To Secure AI Systems, While NCSC Warns About Outdated API Security Methods

Over 21,000 Zoom Users Targeted in a Phishing Attack

Microsoft Teams Phishing Attacks: Ransomware Group Shifts Tactics

LockBit Affiliate Uses Amadey Bot in Phishing Campaign

What Is Quishing: QR Code Phishing Explained

SLED Cybersecurity Threats in 2025: What You Need to Know to Stay Ahead

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

Growing Interest in Flipper Zero Capitalized by Cybercriminals in Phishing Campaign

Cybersecurity Awareness Month 2023 – What it is and why we should be aware

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

Digital life protection: How Webroot keeps you safe in a constantly changing world

'Caffeine' Phishing Toolkit Could Keep Microsoft 365 Users up at Night

Booking.com Users Targeted in Elaborate Phishing Scams

GUEST ESSAY: Sure steps to achieve a robust employee cybersecurity awareness training regimen

Stay Connected