Security Boulevard

JANUARY 10, 2025

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023.

Phishing 122

Phishing Risk Cybersecurity Security Awareness 122

Krebs on Security

NOVEMBER 14, 2023

The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. Microsoft says it is relatively straightforward for attackers to exploit CVE-2023-36036 as a way to elevate their privileges on a compromised PC.

Social Engineering 309

Social Engineering Internet Internet Phishing 309

Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. Discover whether your data was included in the 2023 breach. 2FA that relies on a FIDO2 device cant be phished. Take your time.

Passwords 114

Passwords Accountability Data breaches Phishing 114

Krebs on Security

JULY 23, 2024

The Chinese company in charge of handing out domain names ending in “ top ” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. ” Image: Shutterstock. Interisle said.top has roughly 2.76

Phishing 318

Phishing DNS Scams Technology 318

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing 104

Phishing Identity Theft Cryptocurrency Cybercrime 104

Security Affairs

MARCH 31, 2025

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Threat actors are exploiting DNS techniques to enhance phishing attacks, using MX records to dynamically serve spoofed login pages. “We discovered cyber campaigns that used the phishing kits as early as January 2020.

DNS 84

DNS Phishing Banking Passwords 84

Krebs on Security

FEBRUARY 14, 2023

Redmond flags CVE-2023-23376 as an “Important” elevation of privilege vulnerability in the Windows Common Log File System Driver , which is present in Windows 10 and 11 systems, as well as many server versions of Windows. Microsoft’s security advisories are somewhat sparse with details about the zero-day bugs.

Internet 60

Internet Internet Cyber threats Malware 60

Krebs on Security

APRIL 11, 2023

On April 7, Apple issued emergency security updates to fix two weaknesses that are being actively exploited, including CVE-2023-28206 , which can be exploited by apps to seize control over a device. CVE-2023-28205 can be used by a malicious or hacked website to install code. Both vulnerabilities are addressed in iOS/iPadOS 16.4.1,

Social Engineering 292

Social Engineering Ransomware Internet Internet 292

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 315

Phishing Malware 315

Krebs on Security

JUNE 13, 2023

” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network. This SharePoint flaw earned a CVSS rating of 9.8 is the most dangerous).

Social Engineering 262

Social Engineering System Administration Authentication Internet 262

Krebs on Security

APRIL 4, 2024

The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. A screenshot of the phishing domain privatemessage dot net.

Phishing 271

Phishing Cryptocurrency DDOS Internet 271

The Last Watchdog

JULY 27, 2023

Tel Aviv, Israel, July 27, 2023 — Perception Point , a leading provider of advanced threat prevention across digital communication channels, today published a new report analyzing global cyberattack trends in H1 2023 amidst the paradigm shift brought about by advances in generative AI (GenAI) capabilities.

Phishing 186

Phishing Social Engineering Engineering Media 186

Krebs on Security

JULY 11, 2023

They include CVE-2023-32049 , which is a hole in Windows SmartScreen that lets malware bypass security warning prompts; and CVE-2023-35311 allows attackers to bypass security features in Microsoft Outlook. CVE-2023-36874 is an elevation of privilege bug in the Windows Error Reporting Service.

Software 244

Software Malware Antivirus Ransomware 244

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 238

Phishing Scams Computers and Electronics Software 238

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

The Last Watchdog

DECEMBER 16, 2024

Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. Legacy IAM systems cant keep up as AI-powered phishing and deepfakes grow more sophisticated. The drivers are intensifying.

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Tech Republic Security

NOVEMBER 14, 2022

The post Top cybersecurity threats for 2023 appeared first on TechRepublic. Next year, cybercriminals will be as busy as ever. Are IT departments ready?

Cybersecurity 218

Cybersecurity Phishing Ransomware Malware 218

Tech Republic Security

JANUARY 23, 2023

A new report from Kaspersky details what their digital forensics and incident response teams predict as the main 2023 threats to corporations and government agencies. The post Kaspersky releases 2023 predictions appeared first on TechRepublic. Learn more about it.

Government 193

Government Phishing Ransomware Malware 193

SecureList

MAY 6, 2024

A significant share of scam, phishing and malware attacks is about money. Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. million in 2022.

Phishing 134

Phishing Banking Mobile Scams 134

SecureWorld News

OCTOBER 31, 2024

From zombie botnets to phishing phantoms, these threats might sound like campfire tales, but they're some of the most sinister forces in cybersecurity today. Phishing phantoms: masters of disguise Phishing scams have become more sophisticated. Like a phantom in disguise, a phishing attack can appear harmless—until it's too late.

IoT 117

IoT Phishing DDOS Backups 117

Digital Shadows

JANUARY 22, 2025

Phishing Remains Top Tactic, Fueled by Teams Abuse Figure 1: Top attack techniques in true-positive customer incidents for finance & insurance sector, H2 2024 vs H2 2023 Phishing dominated cyber attacks in H2 2024, accounting for over 90% of incidents across industries due to its simplicity and effectiveness.

Insurance 64

Insurance Phishing Social Engineering Engineering 64

Krebs on Security

NOVEMBER 9, 2024

For example, in its most recent transparency report (PDF) Verizon said it received more than 127,000 law enforcement demands for customer data in the second half of 2023 — including more than 36,000 EDRs — and that the company provided records in response to approximately 90 percent of requests. dot-gov emails get hacked.

Hacking 278

Hacking Accountability Government Social Engineering 278

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing 327

Phishing Telecommunications Malware Scams 327

SecureList

MARCH 25, 2025

Note that for mobile banking malware, we retrospectively revised the 2023 numbers to provide more accurate statistics. We also changed the methodology for PC banking malware by removing obsolete families that no longer use Trojan banker functionality, hence the sharp drop in numbers against 2023. million in 2023.

Phishing 71

Phishing Banking Scams Mobile 71

Krebs on Security

JUNE 15, 2024

— and charged him with stealing at least $800,000 from five victims between August 2022 and March 2023. 0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations.

Hacking 333

Hacking Cybercrime Phishing Passwords 333

The Hacker News

AUGUST 12, 2024

In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What's behind the surge in phishing?

Phishing 137

Phishing 137

SecureList

JULY 11, 2024

Introduction Bulk phishing email campaigns tend to target large audiences. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. Spear phishing vs. mass phishing Spear phishing is a type of attack that targets a specific individual or small group.

Phishing 124

Phishing Technology DNS Education 124

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). Bloomberg first reported Moucka’s alleged ties to the Snowflake hacks on Monday.

Cybercrime 274

Cybercrime Mobile Media Hacking 274

Trend Micro

JUNE 19, 2024

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in 2023.

Phishing 109

Phishing Threat Detection Risk 109

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? This earned Google a whopping $175 billion in search-based ad revenues in 2023. First sponsorized google answer for “Google ads” is a phishing attempt !

Advertising 133

Advertising Accountability Phishing Scams 133

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023 (+38%).

Cybercrime 139

Cybercrime Internet Internet Scams 139

Security Affairs

NOVEMBER 21, 2024

Between September 2021 and April 2023, the hackers carried out phishing attacks to steal login credentials from employees of 12 companies and individuals. Hackers in their teens and 20s allegedly carried out phishing attacks via fake text messages to steal login credentials from employees of 12 companies and individuals.

Cybercrime 109

Cybercrime Identity Theft Cryptocurrency Phishing 109

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 134

Cybercrime Phishing Malware Cybersecurity 134

SecureList

SEPTEMBER 27, 2023

Unlike phishing links that are easy to check and block, QR code is a headache for security solutions. Malevolent uses of QR codes in email Fraudsters use QR codes to encode links to phishing and scam pages. We observed new email campaigns featuring QR codes in the spring of 2023.

Phishing 137

Phishing Passwords Accountability Scams 137

The Hacker News

OCTOBER 9, 2023

based organizations are being targeted by a new phishing campaign that leverages a popular adversary-in-the-middle (AiTM) phishing toolkit named EvilProxy to conduct credential harvesting and account takeover attacks. Senior executives working in U.S.-based

Phishing 144

Phishing Financial Services Insurance Banking 144

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique was first disclosed in Poland in July 2023 and later observed in Czechia and other countries like Hungary and Georgia. SMS campaigns sent phishing links indiscriminately to Czech phone numbers.

Phishing 131

Phishing Mobile Banking Social Engineering 131

Security Boulevard

FEBRUARY 9, 2024

C-level executives and others in managerial positions are by far the top targets of increasingly popular phishing attacks that involve malicious QR codes. According to researchers with Abnormal Security, members of the C-suite in the fourth quarter of 2023 were 42 times more likely to receive a QR code phishing – or “quishing” – attack.

Phishing 125

Phishing Mobile Malware Cybersecurity 125