Security Boulevard

OCTOBER 21, 2024

Despite 80% of IT leaders expressing confidence that their organization won’t fall for phishing attacks, nearly two-thirds admitted they’ve clicked on phishing links themselves. The post Phishing Attacks Snare Security, IT Leaders appeared first on Security Boulevard. These were among the chief results of an Arctic.

Phishing 122

Phishing Threat Reports Risk 122

Schneier on Security

AUGUST 25, 2022

Here’s a phishing campaign that uses a man-in-the-middle attack to defeat multi-factor authentication: Microsoft observed a campaign that inserted an attacker-controlled proxy site between the account users and the work server they attempted to log into.

Phishing 332

Phishing Authentication Passwords Accountability 332

The Last Watchdog

AUGUST 21, 2024

I recently learned all about the state-of-the art of phishing attacks – the hard way. We discussed just how targeted and contextualized advanced phishing attacks, like the one I experienced, can be. Foolishly, I did so all too quickly. For a full drill down, please give the accompanying podcast a listen.

Phishing 289

Phishing Internet Internet 289

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 284

Phishing Malware 284

Security Boulevard

NOVEMBER 4, 2024

Unlike typical phishing scams that rely on spoofed emails and malicious links, these attacks use legitimate DocuSign accounts and templates to mimic reputable companies, according to a Wallarm report. The post Hackers Exploit DocuSign APIs for Phishing Campaign appeared first on Security Boulevard.

Phishing 116

Phishing Scams Authentication Accountability 116

Tech Republic Security

OCTOBER 31, 2024

Russian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.

Phishing 156

Phishing 156

Tech Republic Security

SEPTEMBER 27, 2024

Mimecast said a phishing campaign using Atlassian workspaces shows the growing sophistication of cyber threat actors.

Phishing 183

Phishing Cyber threats 183

Thales Cloud Protection & Licensing

OCTOBER 9, 2024

Secure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 - 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme "Secure Our World," exploring innovative technologies is crucial to help us achieve this goal. One such advancement that's revolutionizing online security and user authentication is passkeys.

Phishing 133

Phishing Authentication Passwords Identity Theft 133

SecureList

JULY 11, 2024

Introduction Bulk phishing email campaigns tend to target large audiences. Yet, certain elements of spear phishing recently started to be used in regular mass phishing campaigns. Spear phishing vs. mass phishing Spear phishing is a type of attack that targets a specific individual or small group.

Phishing 94

Phishing Technology DNS Education 94

Penetration Testing

NOVEMBER 19, 2024

In a detailed analysis, TRAC Labs has exposed a phishing campaign named Gabagool that targets corporate and government employees. The campaign leverages the trusted reputation of Cloudflare’s R2 storage service... The post Gabagool: A Sophisticated Phishing Kit Exploiting Cloudflare R2 appeared first on Cybersecurity News.

Phishing 72

Phishing Government Cybersecurity 72

Security Affairs

NOVEMBER 4, 2024

for phishing scams that stole millions by hacking email accounts. for phishing scams that resulted in the compromise of millions of email accounts. for phishing scams that resulted in the compromise of millions of email accounts. Nigerian Kolade Ojelade gets 26 years in U.S. ” reads the press release published by DoJ.

Scams 124

Scams Phishing Identity Theft Accountability 124

Malwarebytes

NOVEMBER 4, 2024

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft’s search engine. One particularly interesting detail is how a phishing website created barely two weeks ago is already indexed and displayed before the official one. We have reported the fraudulent sites to Microsoft already.

Engineering 105

Engineering Phishing Banking Authentication 105

Tech Republic Security

JULY 14, 2024

Phishing attacks are one of the most common types of data breach attempts, with 31,000 phishing attacks launching every single day, according to cybersecurity firm SlashNext. Furthermore, 77% of cybersecurity professionals report being targeted by phishing attacks, proving just how widespread these attacks are.

Phishing 140

Phishing Data breaches Cybersecurity 140

Schneier on Security

JANUARY 27, 2023

This is a good list of modern phishing techniques.

Phishing 306

Phishing 306

Security Affairs

SEPTEMBER 21, 2024

A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. Europol supported European and Latin American law enforcement agencies in dismantling an international criminal network that unlocks stolen or lost mobile phones using a phishing platform.

Mobile 131

Mobile Phishing Computers and Electronics Marketing 131

Security Boulevard

JUNE 19, 2024

IRONSCALES has made generally available a phishing simulation tool that makes use of generative artificial intelligence (AI) to enable cybersecurity teams to create as many as 2,000 simulations of a spear phishing attack in less than an hour.

Phishing 121

Phishing Artificial Intelligence Cybersecurity Security Awareness 121

Tech Republic Security

JUNE 16, 2023

Threat intelligence firm Abnormal Software is seeing cybercriminals using generative AI to go phishing; the same technology is part of the defense. The post AI vs AI: Next front in phishing wars appeared first on TechRepublic.

Phishing 217

Phishing Technology Software Artificial Intelligence 217

Duo's Security Blog

OCTOBER 18, 2023

Once delivered, a phish typically wants to invoke emotion and prey on our natural desires to act and help fix a problem, such as “you have to do X, or else X will happen”. Phishing requires you to act with a specific set of instructions Don’t engage and trust nothing. Look beyond the email sender and website URLs used.

Phishing 142

Phishing Security Awareness Software Media 142

The Hacker News

NOVEMBER 12, 2024

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.

Phishing 106

Phishing Advertising Marketing Cybersecurity 106

The Hacker News

OCTOBER 22, 2024

Two malware families that suffered setbacks in the aftermath of a coordinated law enforcement operation called Endgame have resurfaced as part of new phishing campaigns. Tracked under the names BlackWidow, IceNova, Lotus,

Phishing 117

Phishing Malware 117

Penetration Testing

AUGUST 22, 2024

Researchers at ANY.RUN have identified a new campaign using Tycoon 2FA phish-kit. Tycoon 2FA and Its Latest Activity... The post New Phishing Campaign Targets US Government Organizations appeared first on Cybersecurity News. This time, attackers are targeting US government organizations with fake Microsoft pages.

Phishing 113

Phishing Government Cybersecurity 113

Security Boulevard

SEPTEMBER 25, 2024

Mobile phishing attacks are on the rise, with 82% of phishing sites now targeting mobile devices, marking a 7% increase over the past three years. The post Mobile Phishing Attacks Explode, Enterprise Devices Targeted appeared first on Security Boulevard.

Mobile 84

Mobile Phishing Security Awareness Cybersecurity 84

Trend Micro

SEPTEMBER 18, 2024

We observed Earth Baxia carrying out targeted attacks against APAC countries that involved advanced techniques like spear-phishing and customized malware, with data suggesting that the group operates from China.

Phishing 133

Phishing Malware 133

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique allows the installation of a phishing application from a third-party website without requiring the user to enable third-party app installations. ” reads the report published by ESET.

Phishing 132

Phishing Mobile Banking Social Engineering 132

Tech Republic Security

AUGUST 29, 2024

Threat actors are abusing Microsoft Sway to host QR Code phishing campaigns.

Phishing 178

Phishing 178

Penetration Testing

NOVEMBER 20, 2024

Department of Justice announced charges against five individuals accused of orchestrating a sophisticated phishing scheme that targeted employees across the nation.

Cryptocurrency 61

Cryptocurrency Phishing Cybersecurity 61

Security Boulevard

NOVEMBER 5, 2024

AI-powered phishing threats are a formidable adversary for security operations teams worldwide. Our recent webinar, " Defending Against the AI Phishing Threat ," highlighted the growing sophistication of these threats and shared strategies to protect your organization.

Phishing 59

Phishing 59

Security Affairs

SEPTEMBER 17, 2024

US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA. Air Force, Navy, Army, and the FAA.” “According to U.S.

Phishing 133

Phishing Government Identity Theft Engineering 133

Penetration Testing

NOVEMBER 16, 2024

Perception Point’s latest findings have uncovered an advanced two-step phishing technique exploiting Microsoft Visio files (.vsdx) Traditionally used for professional diagrams... The post Two-Step Phishing Technique Leveraging Microsoft Visio Files Exposed by Researchers appeared first on Cybersecurity News.

Phishing 73

Phishing Cybersecurity 73

The Hacker News

SEPTEMBER 25, 2024

Phishing attacks are becoming more advanced and harder to detect, but there are still telltale signs that can help you spot them before it's too late. See these key indicators that security experts use to identify phishing links:1. Check Suspicious URLs Phishing URLs are often long, confusing, or filled with random characters.

Phishing 110

Phishing 110

The Hacker News

OCTOBER 16, 2024

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.

Banking 113

Banking Phishing Malware Retail 113

Penetration Testing

NOVEMBER 10, 2024

Fortinet’s FortiGuard Labs has identified a sophisticated phishing campaign leveraging a new variant of Remcos RAT (Remote Administration Tool).

Phishing 87

Phishing Cybersecurity Malware 87

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. Phishing is typically how they get the most up-to-date credentials.

Phishing 128

Phishing Banking Social Engineering Accountability 128

Security Boulevard

AUGUST 19, 2024

Attackers are constantly refining their techniques for advanced phishing attacks to exploit the trust inherent in our digital systems. Let’s break down this attack and explain how our […] The post Unmasking the Sophisticated: How AI-Powered Defenses Thwart Advanced Phishing Attacks first appeared on SlashNext.

Phishing 114

Phishing Social Engineering Threat Detection Engineering 114

The Hacker News

OCTOBER 22, 2024

Russian-speaking users have become the target of a new phishing campaign that leverages an open-source phishing toolkit called Gophish to deliver DarkCrystal RAT (aka DCRat) and a previously undocumented remote access trojan dubbed PowerRAT.

Phishing 98

Phishing 98

Tech Republic Security

JUNE 13, 2023

Read the technical details about a new AiTM phishing attack combined with a BEC campaign as revealed by Microsoft, and learn how to mitigate this threat. The post New phishing and business email compromise campaigns increase in complexity, bypass MFA appeared first on TechRepublic.

Phishing 211

Phishing Network Security 211

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users.

Phishing 143

Phishing DNS Social Engineering Engineering 143