Data Breach Today

JULY 14, 2023

State-Linked Spear-Phishing Campaign Targeting Government, Military Personnel Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans.

Phishing 225

Phishing Military Government Access 225

Data Breach Today

OCTOBER 8, 2022

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

Phishing 261

Phishing Access Security IT 261

Data Breach Today

AUGUST 8, 2023

Threat Actor Coaxes Users Into Downloading MerlinAgent Hackers attempting to spy on the Ukrainian government are using an open-source remote access Trojan, said Kyiv cyber defenders. The threat actor spoofed the Computer Emergency Response Team of Ukraine in phishing emails. The RAT, MerlinAgent, is available on GitHub.

Phishing 246

Phishing Government Access 246

Data Breach Today

JULY 29, 2022

Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries.

Phishing 336

Phishing Access 336

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 185

Phishing Passwords Insurance Sales 185

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. Many attackers can do a great deal of damage with 24 hours of access to a user’s account. Source: sco.ca.gov. .

Phishing 270

Phishing Data breaches Access Passwords 270

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Both the email and the invoice state that “there is evidence that your PayPal account has been accessed unlawfully.”

Phishing 312

Phishing Access IT 312

Data Breach Today

AUGUST 29, 2022

Twilio: Attackers Accessed Data for 163 Customers; Signal Also Affected Identity and access management giant Okta says some customer data was exposed by the "relentless phishing campaign" that breached Twilio, which it uses to provide some SMS services. Twilio says attackers accessed data for 163 customer organizations.

Phishing 246

Phishing Access IT 246

Data Breach Today

OCTOBER 29, 2021

Academic Medical Center Says Access to Email Accounts Lasted Months Massachusetts-based UMass Memorial Health is the latest large healthcare network to report an email phishing incident that potentially compromised hundreds of thousands of individuals' protected health information.

Phishing 258

Phishing Access 258

Data Breach Today

JUNE 30, 2022

Hundreds of Phishing Sites Used to Steal Money Under Guise of EU Payments Ukrainian authorities arrested nine individuals for the theft of about $3.4 million from 5,000 Ukrainians via more than 400 phishing links.

Phishing 245

Phishing Access 245

KnowBe4

MARCH 21, 2024

Researchers at Fortinet are tracking a phishing campaign that’s distributing a new version of the VCURMS remote access Trojan (RAT).

Phishing 106

Phishing Access Security 106

Data Breach Today

MAY 19, 2022

Review of 2021 Ransomware Attacks Also Finds Average Ransom Demand Was $247,000 Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote desktop protocol or VPN connections or by using malware-laden phishing emails, reports security firm Group-IB, based on more than 700 attacks it investigated (..)

Phishing 245

Phishing Ransomware Access Security 245

Data Breach Today

MAY 29, 2020

Configure Defenses to Block Attackers, Security Experts Advise Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place. (..)

Phishing 361

Phishing Ransomware Access Security 361

Data Breach Today

MAY 22, 2020

Malicious Messages Attempt to Install NetSupport Manager Tool on Devices Microsoft is warning Windows users about an ongoing "massive" COVID-19-themed phishing campaign that is attempting to install the NetSupport Manager on devices. Attackers can turn NetSupport into a remote access Trojan, or RAT.

Phishing 359

Phishing Access 359

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. OpenSSH is also used for external access. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S.

Phishing 113

Phishing Manufacturing Libraries IT 113

Data Breach Today

MAY 14, 2021

Microsoft: Attackers Are Spreading Remote Access Trojans A spear-phishing campaign is targeting aviation companies, using malicious documents that deliver information-stealing malware, according to alerts from Microsoft Security Intelligence.

Phishing 233

Phishing Access Security 233

KnowBe4

MARCH 17, 2023

New data looking back at the cyber attacks observed in 2022 shows that phishing continues to dominate as initial access brokers seem to be growing their business using backdoors.

Phishing 97

Phishing Access Security awareness Ransomware 97

Data Breach Today

APRIL 22, 2024

Joe Toomey of Cyber Insurer Coalition Details Rise in Attacks Targeting Weak MFA Adversaries seeking easy access to enterprise networks continue to probe for weak multifactor authentication deployments, oftentimes via nontargeted attacks that lead to phishing pages designed to steal one-time codes, said Joe Toomey, head of security engineering at cyber (..)

Authentication 288

Authentication Insurance Phishing Access 288

Data Breach Today

JUNE 1, 2021

Unauthorized Access and Malware Also Among Top Causes, UK Privacy Watchdog Reports Phishing, ransomware and unauthorized access continue to be the leading cyber causes of violations of data protection rules and personal data breaches, Britain's privacy watchdog reports.

Data breaches 208

Data breaches Phishing Ransomware Personal data 208

Data Breach Today

AUGUST 31, 2020

Fake Messages Offer Surgical Masks and Other PPE A global phishing campaign that purports to offer information about surgical masks and other personal protective equipment for use during the COVID-19 pandemic is infecting victims' devices with the AgentTesla remote access Trojan, according to researchers at Area 1 Security.

Phishing 246

Phishing Access Security 246

Data Breach Today

FEBRUARY 8, 2023

Scottish National Party MP Stewart McDonald Warns Disinformation May Follow Russian intelligence likely gained access to a Scottish nationalist politician's private email inbox via a phishing attack. Stewart McDonald, a well-known supporter of Ukraine, said his messages may become part of a disinformation campaign.

Access 130

Access Phishing 130

Data Breach Today

DECEMBER 14, 2023

NY State AG Says Compromised Account Contained 12 Years of Email New York State regulators have smacked one of the largest dental administrators in the state with a $400,000 fine for a 2021 incident in which an attacker gained access to an employee email account containing 12 years' worth of messages, including many holding sensitive member information. (..)

Phishing 265

Phishing Access 265

Security Affairs

NOVEMBER 11, 2023

The Royal Malaysian Police announced the seizure of the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The Royal Malaysian Police announced to have dismantled the notorious BulletProftLink phishing-as-a-service (PhaaS) platform. The operation was first documented on OSINT Fans by Gabor Szathmari in October 2020.

Phishing 126

Phishing Ransomware IT Access 126

Data Breach Today

AUGUST 27, 2021

Meanwhile, Breaches Involving Military Secrets and CCTV Footage Beset UK Government Phishing, ransomware and unauthorized access remain the leading causes of personal data breaches as well as violations of data protection rules, Britain's privacy watchdog reports.

Data breaches 190

Data breaches Phishing Ransomware Military 190

Data Breach Today

JUNE 19, 2020

What You Need to Know for Modern, Distributed Security Best Practices View this webinar to learn ways to use identity-driven security to mitigate both immediate and long-term risk of common cyberattacks, such as phishing.

Phishing 162

Phishing Access Risk Security 162

Data Breach Today

OCTOBER 21, 2020

Messages Use an OAuth-Based Consent App to Gain Office 365 Access Fraudsters are sending phishing emails with messages about the Coinbase cryptocurrency exchange to Microsoft Office 365 users in an attempt to take over their inboxes and gain access to data, according to the security firm KnowBe4.

Phishing 175

Phishing Access Security 175

Krebs on Security

JANUARY 7, 2020

Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or file storage service.

Passwords 229

Passwords Phishing Authentication Access 229

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 279

Phishing Encryption Passwords Sales 279

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 134

Phishing Authentication Passwords Access 134

Data Breach Today

JULY 19, 2019

Researchers Say Campaign Uses Email Hyperlink Splits to Evade URL Filters Researchers have uncovered a new type of phishing campaign that is targeting American Express card users.

Phishing 221

Phishing Access Security 221

Security Affairs

NOVEMBER 2, 2022

Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. ” reads the advisory published by the company. Pierluigi Paganini.

Access 122

Access Phishing Authentication Passwords 122

IT Governance

SEPTEMBER 15, 2023

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. Storm-0324’s phishing lures “typically reference invoices and payments, mimicking services such as DocuSign, Quickbooks, and others”.

Phishing 110

Phishing Mining Education Passwords 110

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 87

Phishing Authentication Sales Passwords 87

eSecurity Planet

AUGUST 23, 2023

Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets.

Phishing 83

Phishing Authentication Security awareness Passwords 83

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” Wham: the attackers gain unauthorized access — and a foothold to probe deeper into the breached network. Nag attacks add to the litany of phishing techniques. Over the years, endless phishing variants have emerged, including: •Bulk phishing. Spear phishing.

Phishing 194

Phishing Authentication Ransomware Marketing 194

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Ready-to-use phishing kits with all necessary attack items are available on the web.

Phishing 153

Phishing Artificial Intelligence Cybersecurity Compliance 153

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing 96

Phishing Financial Services Authentication Passwords 96