Malwarebytes

NOVEMBER 1, 2024

The threat, dubbed “Phish ‘n Ships” by the researchers, reportedly infected more than 1,000 websites and built 121 fake web stores to trick consumers. Estimated losses are in the region of tens of millions of dollars over the past five years.

Phishing 128

Phishing Advertising Engineering Risk 128

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 281

Phishing Cybercrime Malware Advertising 281

Schneier on Security

JULY 13, 2021

In subsequent phishing emails, TA453 shifted their tactics and began delivering the registration link earlier in their engagement with the target without requiring extensive conversation. News article. This operation, dubbed SpoofedScholars, represents one of the more sophisticated TA453 campaigns identified by Proofpoint.

Hacking 363

Hacking Phishing Accountability Cybersecurity 363

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Ready-to-use phishing kits with all necessary attack items are available on the web.

Phishing 198

Phishing Artificial Intelligence Cybercrime Social Engineering 198

Security Affairs

OCTOBER 20, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 123

Malware Ransomware Encryption Phishing 123

The Hacker News

AUGUST 29, 2024

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.

Phishing 135

Phishing 135

The State of Security

JULY 14, 2022

Microsoft has shared details of a widespread phishing campaign that not only attempted to steal the passwords of targeted organisations, but was also capable of circumventing multi-factor authentication (MFA) defences. Read more in my article on the Tripwire State of Security blog.

Authentication 141

Authentication Phishing Passwords 141

Adam Levin

NOVEMBER 26, 2019

“Our team was able to access this server because it was completely unsecured and unencrypted,” announced VPN review website vpnMentor in a blog article describing their findings. . The contents of the database could also help hackers and cybercriminals target the same companies in other ways.

B2B 295

B2B Spyware VPN Phishing 295

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. Phishing is typically how they get the most up-to-date credentials.

Phishing 145

Phishing Banking Social Engineering Accountability 145

CSO Magazine

MARCH 20, 2023

The natural language generation capabilities of large language models (LLMs) are a natural fit for one of cybercrime’s most important attack vectors: phishing. Phishing relies on fooling people and the ability to generate effective language and other content at scale is a major tool in the hacker’s kit.

Phishing 136

Phishing 136

Graham Cluley

DECEMBER 14, 2023

Security researchers have discovered the latest evolution in call-back phishing campaigns. Read more in my article on the Tripwire State of Security blog.

Phishing 124

Phishing Malware 124

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government 138

Government Phishing Malware Banking 138

Trend Micro

SEPTEMBER 18, 2024

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Phishing 144

Phishing Malware 144

Trend Micro

SEPTEMBER 28, 2023

We observed and tracked the advanced persistent threat (APT) APT34 group with a new malware variant accompanying a phishing attack comparatively similar to the SideTwist backdoor malware. Following the campaign, the group abused a fake license registration form of an African government agency to target a victim in Saudi Arabia.

Phishing 145

Phishing Malware Government Cyber threats 145

SecureWorld News

FEBRUARY 28, 2025

Getting back to the article, let's first break down the findings, the implications, and why it's time for a revolution in how we think about security. Because no firewall, no AI-powered SOC, no quantum-proof encryption will save you if your employees keep clicking phishing emails, because let's face it. So what do we do? The solution?

Cybersecurity 115

Cybersecurity Risk Social Engineering Phishing 115

eSecurity Planet

NOVEMBER 6, 2024

Don’t forget: You can read the full article on eSecurity Planet. Attackers can steal your cookies through phishing, malware, and MITM attacks, leading to data theft, financial loss, and identity theft. Initial Attack Vector Attackers might send phishing emails or create fake websites. What Are Cookies? How Do You Prevent It?

Identity Theft 110

Identity Theft Passwords Phishing Accountability 110

SecureList

MARCH 10, 2025

Last year, we published an article about SideWinder , a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. Infection vectors The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.

Energy and Utilities 120

Energy and Utilities Malware Government Phishing 120

CSO Magazine

MARCH 13, 2023

Phishing attempts are typically like fishing in a barrel — given enough time, a bad actor is 100% likely to reel in a victim. To read this article in full, please click here Once they recognize organizations as habitually vulnerable, they will continue to target them and the barrel-fishing cycle goes on and on.

Phishing 131

Phishing 131

CSO Magazine

JANUARY 11, 2023

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. To read this article in full, please click here

Scams 127

Scams Phishing Social Engineering Engineering 127

Security Affairs

NOVEMBER 3, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Cryptocurrency 109

Cryptocurrency Hacking Phishing Cyber Attacks 109

Trend Micro

AUGUST 31, 2023

In this entry, we summarize the security analyses and investigations done on phishing-as-a-service 16shop through the years. We also outline the partnership between Trend Micro and Interpol in taking down the main administrators and servers of this massive phishing campaign.

Phishing 123

Phishing Cyber threats Malware 123

Trend Micro

APRIL 17, 2024

On April 18, 2024, the UK’s Metropolitan Police Service and others conducted an operation that succeeded in taking down the Phishing-as-a-Service provider LabHost.

Phishing 145

Phishing Cyber threats 145

Graham Cluley

AUGUST 28, 2024

A phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff. Read more in my article on the Hot for Security blog.

Phishing 91

Phishing 91

Schneier on Security

APRIL 7, 2020

Here are some examples of what's been observed in the past few days: Doubling of email phishing attempts. Here's another article that makes basically the same points I did: But the rapid shift to remote working will inevitably create or exacerbate gaps in security. That's a big problem because the security issues are not going away.

Cybersecurity 276

Cybersecurity VPN Scams Phishing 276

Schneier on Security

JUNE 19, 2020

We also identify Dark Basin as the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation. News article. We link Dark Basin with high confidence to an Indian company, BellTroX InfoTech Services , and related entities. Boing Boing post.

Hacking 219

Hacking Phishing Accountability Government 219

Troy Hunt

OCTOBER 28, 2020

But let's also keep some perspective here; look at how many pixels are different between an "i" and an "l": Are we really saying we're going to combat phishing by relying on untrained eyes to spot 6 pixels being off in a screen of more than 2 million of them?! That's a very different kettle of phish (sorry, couldn't help myself!)

Phishing 363

Phishing Password Management Passwords Internet 363

Graham Cluley

MARCH 2, 2023

Read more in my article on the Tripwire State of Security blog. "Because that's where the money is." However, today there's a better target for robbers today than banks, which are typically well-defended against theft. Cryptocurrency wallets.

Phishing 128

Phishing Banking Cryptocurrency Mobile 128

Trend Micro

NOVEMBER 25, 2024

Trend Micro has identified a spear-phishing campaign active in Japan since June 2024. Evidence about the malware used by this campaign suggests this was part of a new operation by Earth Kasha.

Phishing 133

Phishing Malware 133

Security Boulevard

JANUARY 3, 2025

What is consent phishing? Most people are familiar with the two most common types of phishingcredential phishing and phishing payloads, where attackers trick users into revealing credentials and downloading malicious software respectively. However, there is a third type of phishing on the rise: consent phishing.

Phishing 83

Phishing Authentication Accountability Threat Detection 83

Hacker's King

AUGUST 6, 2024

Chromium’s application mode makes it easy to create convincing desktop phishing applications. It allows the use of Chromium’s features to produce realistic-looking phishing pages that mimic genuine desktop applications. Before delving into this article, I want to make it clear that this information is intended for educational purposes.

Phishing 97

Phishing Hacking Education Internet 97

Security Affairs

APRIL 20, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?

Malware 78

Malware Cryptocurrency Engineering Encryption 78

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 59

Malware Scams Phishing Encryption 59

Graham Cluley

FEBRUARY 23, 2023

Malicious hackers are taking advantage of people searching the internet for free access to ChatGPT in order to direct them to malware and phishing sites. Read more in my article on the Hot for Security blog.

Malware 141

Malware Phishing Internet Internet 141

Adam Levin

JULY 10, 2020

A recent article released by cybersecurity and antivirus firm Bitdefender shows that 8.4 Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions.”. billion records have already been exposed, and that’s only accounting for the first quarter of 2020.

Data breaches 252

Data breaches Social Engineering Antivirus Scams 252

Security Affairs

NOVEMBER 10, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ransomware 116

Ransomware Cybercrime Phishing Banking 116

Security Affairs

DECEMBER 8, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Artificial Intelligence 102

Artificial Intelligence Spyware Hacking Ransomware 102

Identity IQ

FEBRUARY 14, 2024

What Is Spear Phishing and How to Avoid It IdentityIQ Have you ever clicked a suspicious link or opened an unexpected attachment, only to realize it was a scam? That’s where spear phishing comes in – a particularly cunning form of online deception. What Is Spear Phishing?

Phishing 103

Phishing Identity Theft Social Engineering Scams 103