Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Passwords 249

Passwords Phishing Authentication Access 249

Security Affairs

APRIL 30, 2023

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Most of the APT28s’ campaigns leveraged spear-phishing and malware-based attacks. The threat actors sent the messages from e-mail addresses created on the public service “@outlook.com.”

Systems administration 95

Systems administration Military Phishing Government 95

The Last Watchdog

MARCH 4, 2019

That’s Gartner’s estimate of global spending on cybersecurity in 2017 and 2018. Memory hacking is being carried out across paths that have been left comparatively wide open to threat actors who are happy to take full advantage of the rather fragile framework of processes that execute deep inside the kernel of computer operating systems.

Energy and Utilities 212

Energy and Utilities Systems administration Access Cybersecurity 212

Security Affairs

JUNE 27, 2019

The group has been active at least since 2009, in April 2017 experts from PwC UK and BAE Systems uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper , targeting managed service providers (MSPs) in multiple countries worldwide.

Cloud 87

Cloud IT Systems administration Phishing 87

Security Affairs

APRIL 30, 2020

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide. . PerSwaysion is a highly-targeted phishing campaign. New round of phishing attempts leveraging current victim’s account usually takes less than 24 hours.

Phishing 99

Phishing Financial Services Cloud Authentication 99

KnowBe4

MAY 9, 2023

Grimes Teaches You Phishing Mitigation Phishing attacks have come a long way from the spray-and-pray emails of just a few decades ago. Grimes, KnowBe4's Data-Driven Defense Evangelist, where he'll share a comprehensive strategy for phishing mitigation. They are prominent techniques used by phishing scammers everywhere.

Phishing 70

Phishing Passwords Insurance Systems administration 70

eSecurity Planet

SEPTEMBER 11, 2023

Sending phishing emails to engineers can be used as an exploitation technique to get them to import malicious configuration files ( CVE-2023-31171 ), which results in arbitrary code execution. Business email compromise (BEC) assaults were the main aim of this large phishing effort, which resulted in significant financial losses.

Authentication 113

Authentication Phishing Metadata Access 113