Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 282

Phishing Cybercrime Malware Advertising 282

Malwarebytes

NOVEMBER 1, 2024

The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers. Estimated losses are in the region of tens of millions of dollars over the past five years.

Phishing 111

Phishing Advertising Engineering Risk 111

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing 243

Phishing Authentication Mobile Passwords 243

Schneier on Security

JULY 13, 2021

In subsequent phishing emails, TA453 shifted their tactics and began delivering the registration link earlier in their engagement with the target without requiring extensive conversation. News article. This operation, dubbed SpoofedScholars, represents one of the more sophisticated TA453 campaigns identified by Proofpoint.

Hacking 362

Hacking Phishing Accountability Cybersecurity 362

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Ready-to-use phishing kits with all necessary attack items are available on the web.

Phishing 198

Phishing Artificial Intelligence Cybercrime Social Engineering 198

CSO Magazine

JULY 25, 2022

Phishing , in which an attacker sends a deceptive email tricks the recipient into giving up information or downloading a file, is a decades-old practice that still is responsible for innumerable IT headaches. The fight against phishing is a frustrating one, and it falls squarely onto IT's shoulders.

Phishing 136

Phishing Passwords Malware 136

The Hacker News

AUGUST 29, 2024

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.

Phishing 138

Phishing 138

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 123

Malware Ransomware Encryption Phishing 123

The State of Security

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

Authentication 141

Authentication Phishing Passwords 141

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. Phishing is typically how they get the most up-to-date credentials.

Phishing 145

Phishing Banking Social Engineering Accountability 145

Adam Levin

NOVEMBER 26, 2019

“Our team was able to access this server because it was completely unsecured and unencrypted,” announced VPN review website vpnMentor in a blog article describing their findings. . The contents of the database could also help hackers and cybercriminals target the same companies in other ways.

B2B 295

B2B Spyware VPN Phishing 295

CSO Magazine

MARCH 20, 2023

The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing 136

Phishing 136

SecureList

MARCH 27, 2023

In this article, I will dwell on how they use one of the WEB 3.0 technologies — the distributed file system IPFS — for email phishing attacks. URL formats can be quite different, for example: [link] [link] Phishing and IPFS In 2022, scammers began actively using IPFS for email phishing attacks. What is IPFS?

Phishing 136

Phishing Technology Internet Internet 136

Graham Cluley

DECEMBER 14, 2023

Security researchers have discovered the latest evolution in call-back phishing campaigns. Read more in my article on the Tripwire State of Security blog.

Phishing 124

Phishing Malware 124

SecureList

MARCH 10, 2025

Last year, we published an article about SideWinder , a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. Infection vectors The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.

Energy and Utilities 112

Energy and Utilities Malware Government Phishing 112

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government 138

Government Phishing Malware Banking 138

eSecurity Planet

NOVEMBER 6, 2024

Don’t forget: You can read the full article on eSecurity Planet. Attackers can steal your cookies through phishing, malware, and MITM attacks, leading to data theft, financial loss, and identity theft. Initial Attack Vector Attackers might send phishing emails or create fake websites. What Are Cookies? How Do You Prevent It?

Identity Theft 110

Identity Theft Passwords Phishing Accountability 110

SecureList

MAY 1, 2023

Can ChatGPT detect phishing links? We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect threats such as phishing. live/login.php Yes, it is likely a phishing attempt. live/login.php This is not the Office365 login link, is it? Please explain why.

Phishing 134

Phishing DNS Cybersecurity Internet 134

Trend Micro

SEPTEMBER 28, 2023

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Phishing 140

Phishing Malware Government Cyber threats 140

SecureWorld News

FEBRUARY 28, 2025

Getting back to the article, let's first break down the findings, the implications, and why it's time for a revolution in how we think about security. Because no firewall, no AI-powered SOC, no quantum-proof encryption will save you if your employees keep clicking phishing emails, because let's face it. So what do we do? The solution?

Cybersecurity 112

Cybersecurity Risk Social Engineering Phishing 112

CSO Magazine

MARCH 13, 2023

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. To read this article in full, please click here Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on.

Phishing 131

Phishing 131

CSO Magazine

JANUARY 11, 2023

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. To read this article in full, please click here

Scams 127

Scams Phishing Social Engineering Engineering 127

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Trend Micro

SEPTEMBER 18, 2024

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Phishing 134

Phishing Malware 134

Trend Micro

APRIL 17, 2024

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

Phishing 141

Phishing Cyber threats 141

Graham Cluley

AUGUST 28, 2024

A phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff. Read more in my article on the Hot for Security blog.

Phishing 91

Phishing 91

Schneier on Security

APRIL 7, 2020

Here are some examples of what's been observed in the past few days: Doubling of email phishing attempts. Here's another article that makes basically the same points I did: But the rapid shift to remote working will inevitably create or exacerbate gaps in security. That's a big problem because the security issues are not going away.

Cybersecurity 276

Cybersecurity VPN Scams Phishing 276

Schneier on Security

JUNE 19, 2020

We also identify Dark Basin as the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation. News article. We link Dark Basin with high confidence to an Indian company, BellTroX InfoTech Services , and related entities. Boing Boing post.

Hacking 220

Hacking Phishing Accountability Government 220

Trend Micro

AUGUST 31, 2023

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Phishing 110

Phishing Cyber threats Malware 110

Troy Hunt

OCTOBER 28, 2020

But let's also keep some perspective here; look at how many pixels are different between an "i" and an "l": Are we really saying we're going to combat phishing by relying on untrained eyes to spot 6 pixels being off in a screen of more than 2 million of them?! That's a very different kettle of phish (sorry, couldn't help myself!)

Phishing 363

Phishing Password Management Passwords Internet 363

Graham Cluley

MARCH 2, 2023

Read more in my article on the Tripwire State of Security blog. "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft. Cryptocurrency wallets.

Phishing 128

Phishing Banking Cryptocurrency Mobile 128

Security Boulevard

JANUARY 3, 2025

What is consent phishing? Most people are familiar with the two most common types of phishingcredential phishing and phishing payloads, where attackers trick users into revealing credentials and downloading malicious software respectively. However, there is a third type of phishing on the rise: consent phishing.

Phishing 83

Phishing Authentication Accountability Threat Detection 83

Hacker's King

AUGUST 6, 2024

Chromium’s application mode makes it easy to create convincing desktop phishing applications. It allows the use of Chromium’s features to produce realistic-looking phishing pages that mimic genuine desktop applications. Before delving into this article, I want to make it clear that this information is intended for educational purposes.

Phishing 97

Phishing Hacking Education Internet 97

ZoneAlarm

OCTOBER 14, 2024

Phishing scams have evolved dramatically over the years, using increasingly sophisticated tactics to exploit individuals and businesses. One of the more recent examples is the FedEx phishing scam, where cybercriminals impersonate the global courier company to deceive users into revealing sensitive information.

Scams 74

Scams Phishing Data privacy 74

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 59

Malware Scams Phishing Encryption 59

Graham Cluley

FEBRUARY 23, 2023

Malicious hackers are taking advantage of people searching the internet for free access to ChatGPT in order to direct them to malware and phishing sites. Read more in my article on the Hot for Security blog.

Malware 141

Malware Phishing Internet Internet 141

Security Affairs

NOVEMBER 10, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ransomware 116

Ransomware Cybercrime Phishing Banking 116