Schneier on Security

JUNE 23, 2023

I get UPS phishing spam on my phone all the time. Turns out that hackers have been harvesting actual UPS delivery data from a Canadian tracking tool for its phishing SMSs. I never click on it, because it’s so obviously spam.

Phishing 197

Phishing Cybercrime 197

The Hacker News

APRIL 8, 2024

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs researcher Karla Agregado said.

Phishing 120

Phishing 120

Bleeping Computer

APRIL 18, 2024

The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer. [.]

Phishing 108

Phishing 108

SecureWorld News

APRIL 1, 2024

A new Phishing-as-a-Service (PhaaS) threat called "darcula" is taking advantage of encrypted mobile messaging services to unleash a wave of sophisticated smishing attacks targeting organizations across more than 100 countries. Mobile devices tend to have weaker security compared to desktop systems, making them an attractive target vector."

Phishing 99

Phishing Mobile Encryption Technology 99

The Hacker News

APRIL 18, 2024

Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service

Phishing 102

Phishing Cybercrime Banking 102

Bleeping Computer

APRIL 17, 2024

car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. [.] The financially motivated threat actor FIN7 targeted a large U.S.

Phishing 107

Phishing 107

Bleeping Computer

APRIL 12, 2024

On Friday, the Federal Bureau of Investigation warned of a massive ongoing wave of SMS phishing attacks targeting Americans with lures regarding unpaid road toll fees. [.]

Phishing 136

Phishing 136

Security Boulevard

MARCH 13, 2024

As messaging apps like Telegram gain popularity, cybercriminals are increasingly finding they are an attractive vector for phishing attacks. The post Phishing Threats Rise as Malicious Actors Target Messaging Platforms appeared first on Security Boulevard.

Phishing 126

Phishing Social Engineering Engineering Mobile 126

Security Boulevard

MARCH 15, 2024

In the ever-evolving landscape of cybersecurity, a fresh menace has emerged, targeting crypto enthusiasts through a sophisticated phishing kit. Learning how to avoid crypto phishing is crucial […] The post Crypto Phishing Kit Impersonating Login Pages: Stay Informed appeared first on TuxCare.

Phishing 104

Phishing Cryptocurrency Mobile Engineering 104

Bleeping Computer

APRIL 1, 2024

Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. [.]

Phishing 142

Phishing Authentication 142

Security Boulevard

APRIL 10, 2024

In light of recent cyber threats, the Dracula phishing platform has prevailed, targeting organizations in over 100 countries. The Dracula phishing attacks are centered on leveraging an immense network of over 20,000 counterfeit domains to scale the implementation of malicious intent.

Phishing 67

Phishing Cyber threats Passwords Security Awareness 67

Penetration Testing

MARCH 12, 2024

A recently uncovered phishing campaign demonstrates a concerning level of sophistication in its efforts to infiltrate systems and deploy an array of powerful Remote Access Trojans (RATs).

Phishing 143

Phishing Penetration Testing Malware 143

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing 216

Phishing Technology Software Artificial Intelligence 216

Duo's Security Blog

OCTOBER 18, 2023

Once delivered, a phish typically wants to invoke emotion and prey on our natural desires to act and help fix a problem, such as “you have to do X, or else X will happen”. Phishing requires you to act with a specific set of instructions Don’t engage and trust nothing. Look beyond the email sender and website URLs used.

Phishing 133

Phishing Security Awareness Software Media 133

Bleeping Computer

MARCH 27, 2024

A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [.]

Phishing 138

Phishing 138

Trend Micro

APRIL 17, 2024

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

Phishing 99

Phishing Cyber threats 99

Bleeping Computer

MARCH 25, 2024

Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [.]

Phishing 145

Phishing Accountability Authentication 145

Schneier on Security

JANUARY 27, 2023

This is a good list of modern phishing techniques.

Phishing 264

Phishing 264

Malwarebytes

DECEMBER 26, 2023

Phishing is the art of sending an email with the aim of getting users to open a malicious file or click on a link to then steal credentials. But most phishers aren’t very good, and the success rate is relatively low: In 2021, the average click rate for a phishing campaign was 17.8%. So how do you recognize AI phishing emails?

Phishing 124

Phishing Software Risk Cybersecurity 124

Security Boulevard

FEBRUARY 9, 2024

C-level executives and others in managerial positions are by far the top targets of increasingly popular phishing attacks that involve malicious QR codes. According to researchers with Abnormal Security, members of the C-suite in the fourth quarter of 2023 were 42 times more likely to receive a QR code phishing – or “quishing” – attack.

Phishing 124

Phishing Mobile Malware Cybersecurity 124

Penetration Testing

APRIL 2, 2024

A new report from Intel 471 highlights a disturbing increase in targeted phishing attacks launched by a loosely affiliated group of cybercriminals known as “The Com” which is short for “The Community.”

Phishing 110

Phishing Penetration Testing Ransomware 110

Tech Republic Security

JANUARY 25, 2024

Learn how to protect yourself and your sensitive information from phishing attacks by implementing multi-factor authentication.

Authentication 180

Authentication Phishing 180

The Hacker News

APRIL 11, 2024

A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said.

Phishing 113

Phishing 113

Tech Republic Security

OCTOBER 24, 2023

Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT.

Phishing 204

Phishing Artificial Intelligence 204

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 63

Phishing Cybercrime Passwords Banking 63

Bleeping Computer

MARCH 4, 2024

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. [.]

Authentication 145

Authentication Phishing Accountability Hacking 145

Tech Republic Security

JUNE 13, 2023

Read the technical details about a new AiTM phishing attack combined with a BEC campaign as revealed by Microsoft, and learn how to mitigate this threat. The post New phishing and business email compromise campaigns increase in complexity, bypass MFA appeared first on TechRepublic.

Phishing 211

Phishing Network Security 211

Tech Republic Security

OCTOBER 6, 2023

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat.

Phishing 194

Phishing Cybersecurity 194

Penetration Testing

FEBRUARY 29, 2024

Security experts from Hunt are currently tracking a sophisticated phishing scheme aimed squarely at entrepreneurs operating within Telegram communities... The post Lazarus Group Suspected in Telegram Phishing Attacks on Investors appeared first on Penetration Testing.

Phishing 118

Phishing Penetration Testing Risk Malware 118

The Hacker News

MARCH 27, 2024

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024.

Banking 119

Banking Phishing Malware 119

Tech Republic Security

MARCH 23, 2023

Microsoft has already seen millions of phishing emails sent every day by attackers using this phishing kit. The post Massive adversary-in-the-middle phishing campaign bypasses MFA and mimics Microsoft Office appeared first on TechRepublic. Learn how to protect your business from this AitM campaign.

Phishing 210

Phishing Authentication Cybersecurity 210

Penetration Testing

APRIL 15, 2024

A sophisticated and coordinated cyber phishing campaign has been targeting major financial institutions across Southeast Asia, according to a recent report by Cyberint.

Phishing 81

Phishing Penetration Testing 81

Bleeping Computer

MARCH 14, 2024

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [.]

Phishing 135

Phishing Malware 135

The Hacker News

MARCH 19, 2024

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends.

Phishing 106

Phishing 106

Penetration Testing

APRIL 11, 2024

Cryptocurrency enthusiasts are being urged to exercise extreme caution after a new phishing campaign was uncovered by cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL).

Cryptocurrency 83

Cryptocurrency Phishing Penetration Testing Cybersecurity 83

Tech Republic Security

MARCH 15, 2023

AI-generated phishing emails, including ones created by ChatGPT, present a potential new threat for security professionals, says Hoxhunt. The post Humans are still better at creating phishing emails than AI — for now appeared first on TechRepublic.

Phishing 204

Phishing Artificial Intelligence Cybersecurity 204

Malwarebytes

APRIL 18, 2024

A major international law enforcement effort involving agencies from 19 countries has disrupted the notorious LabHost phishing-as-a-service platform. This data will be used to support ongoing international operational activities focused on targeting the malicious users of this phishing platform.

Phishing 54

Phishing Passwords Authentication Cybercrime 54