The Last Watchdog

JULY 14, 2022

Phishing itself is not a new or a particularly complicated threat. But the emergence of advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises. The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8

Phishing 277

Phishing Education Cybersecurity Threat Detection 277

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing 140

Phishing Malware Accountability Hacking 140

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. ”

Cybercrime 263

Cybercrime Phishing Accountability Internet 263

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing 140

Phishing Malware 140

The Last Watchdog

DECEMBER 20, 2021

Killware is a type of malware deployed to cause physical harm: contaminate community water supplies, exploit and obstruct networks used by hospitals and healthcare facilities, jam air traffic control networks, contaminate gasoline supplies, and, in some instances, deliberately cause death where and when it is least expected.

Malware 256

Malware Phishing Technology Ransomware 256

Security Affairs

SEPTEMBER 24, 2024

HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. While investigating a malicious email, HP researchers discovered a malware generated by generative artificial intelligence services and used to deliver the AsyncRAT malware.

Artificial Intelligence 139

Artificial Intelligence Phishing Malware Encryption 139

The Hacker News

MAY 19, 2024

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware.

Phishing 140

Phishing Malware Cybersecurity 140

The Hacker News

OCTOBER 16, 2024

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.

Banking 138

Banking Phishing Malware Retail 138

The Hacker News

JUNE 10, 2024

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago.

Phishing 140

Phishing Malware Cybersecurity 140

The Hacker News

APRIL 9, 2024

Cybersecurity researchers have discovered an intricate multi-stage attack that leverages invoice-themed phishing decoys to deliver a wide range of malware such as Venom RAT, Remcos RAT, XWorm, NanoCore RAT, and a stealer that targets crypto wallets.

Phishing 143

Phishing Malware Cybersecurity 143

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 200

Phishing Passwords Internet Internet 200

The Hacker News

SEPTEMBER 19, 2024

A previously undocumented malware called SambaSpy is exclusively targeting users in Italy via a phishing campaign orchestrated by a suspected Brazilian Portuguese-speaking threat actor. It's likely that the attackers are testing the

Phishing 131

Phishing Malware 131

Krebs on Security

FEBRUARY 3, 2022

This search via Urlscan reveals dozens of recent phishing attacks that have leveraged the Slinks feature. A recent phishing site that abused LinkedIn’s marketing redirect. A recent phishing site that abused LinkedIn’s marketing redirect. Urlscan also found this phishing scam from Jan. Image: Urlscan.io.

Phishing 347

Phishing Marketing Scams Accountability 347

Krebs on Security

NOVEMBER 1, 2024

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California.

Phishing 239

Phishing Accountability Artificial Intelligence Cybercrime 239

Tech Republic Security

MAY 31, 2024

‘Operation Endgame’ is an ongoing, law enforcement effort to disrupt botnets, malware droppers and malware-as-a-service.

Malware 192

Malware Phishing 192

Daniel Miessler

MARCH 10, 2022

The answer is remarkably simple, actually— phishing. A growing percentage of malware packages now include prompts for not only a username and password, but also an MFA code. This means traditional MFA is becoming increasingly useless against phishing in the real world. The answer is yes.

Authentication 364

Authentication Phishing Passwords Accountability 364

We Live Security

JULY 30, 2024

ESET researchers detected multiple, widespread phishing campaigns targeting SMBs in Poland during May 2024, distributing various malware families

Phishing 139

Phishing Malware 139

Krebs on Security

FEBRUARY 26, 2023

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking 309

Hacking Social Engineering Phishing Scams 309

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government 142

Government Phishing Malware Banking 142

Trend Micro

SEPTEMBER 18, 2024

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Phishing 140

Phishing Malware 140

Security Affairs

AUGUST 3, 2024

A Russia-linked APT used a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. The campaign began around March 2024, the attackers leveraged phishing tactics that have been effective against diplomats for years, exploiting themes that prompt targets to engage with malicious content.

Phishing 140

Phishing Malware Advertising Authentication 140

The Hacker News

MARCH 27, 2024

A new phishing campaign has been observed leveraging a novel loader malware to deliver an information stealer and keylogger called Agent Tesla. Trustwave SpiderLabs said it identified a phishing email bearing this attack chain on March 8, 2024.

Banking 143

Banking Phishing Malware 143

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. What Are ClickFix Campaigns?

Scams 122

Scams Malware Social Engineering Phishing 122

Malwarebytes

OCTOBER 31, 2024

Last time FakeCall reared its head, BleepingComputer reported that the malware was being distributed as fake banking apps that impersonate large financial institutions, as well as being distributed in phishing emails. The FakeCall malware abuses this trust by hijacking the user’s call to a financial institution.

Banking 145

Banking Malware Phishing Risk 145

Krebs on Security

AUGUST 14, 2020

Sources close to the investigation tell KrebsOnSecurity the malware is known as Defray. “The phishing emails the authors use are well-crafted,” Trend Micro wrote. Defray was first spotted in 2017, and its purveyors have a history of specifically targeting companies in the healthcare space.

Ransomware 363

Ransomware Healthcare Insurance Phishing 363

The Hacker News

AUGUST 2, 2024

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace.

Phishing 133

Phishing Malware 133

Krebs on Security

MAY 5, 2021

After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others. Image: Proofpoint.

Accountability 354

Accountability Advertising Passwords Phishing 354

The Last Watchdog

JULY 27, 2023

In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Phishing 186

Phishing Social Engineering Engineering Media 186

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing 309

Phishing Telecommunications Malware Scams 309

The Hacker News

JULY 11, 2024

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The majority of the custom code in the malware appears to be focused on anti-analysis,

Phishing 141

Phishing Manufacturing Malware Cybersecurity 141

The Hacker News

AUGUST 12, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access. The agency is tracking the activity under the name UAC-0198.

Government 139

Government Phishing Malware 139

The Last Watchdog

OCTOBER 10, 2024

SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by navigating the world’s largest repository of recaptured breach, malware, and phishing data.

Risk 286

Risk Cybercrime Identity Theft Phishing 286

Tech Republic Security

FEBRUARY 16, 2023

Learn how to protect your business and staff from the MortalKombat ransomware and Laplas Clipper malware. The post Cryptocurrency users in the US hit by ransomware and Clipper malware appeared first on TechRepublic.

Cryptocurrency 215

Cryptocurrency Malware Ransomware Phishing 215

The Hacker News

JULY 26, 2024

A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level.

Cybercrime 136

Cybercrime Phishing Malware Cybersecurity 136

The Last Watchdog

NOVEMBER 6, 2023

QR code phishing attacks started landing in inboxes around the world about six months ago. Related: ‘BEC’ bilking on the rise These attacks prompt the target to scan a QR code and trick them into downloading malware or sharing sensitive information.

Phishing 202

Phishing Scams Education Malware 202

Security Affairs

NOVEMBER 7, 2024

SentinelLabs observed North Korea-linked threat actor BlueNoroff targeting businesses in the crypto industry with a new multi-stage malware. SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.”

Malware 131

Malware Risk Architecture Cryptocurrency 131

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique allows the installation of a phishing application from a third-party website without requiring the user to enable third-party app installations. ” reads the report published by ESET.

Phishing 138

Phishing Mobile Banking Social Engineering 138