Data Breach Today

JUNE 1, 2020

Verizon's Data Breach Investigations Report 2020 highlights the leading causes of breaches last year, including credential theft, phishing, ransomware as well as issues linked to cloud implementations and web applications. In an interview, Verizon's Ashish Thapar offers an in-depth analysis.

Data breaches 185

Data breaches Phishing Ransomware Cloud 185

KnowBe4

MARCH 6, 2024

New analysis of DNS queries shows material growth in phishing , malware and botnets and offers insight into how many threats the average person experiences.

Phishing 84

Phishing Security awareness Security 84

KnowBe4

JANUARY 22, 2024

The Russian state-sponsored threat actor “COLDRIVER” is launching phishing campaigns against “high profile individuals in NGOs, former intelligence and military officers, and NATO governments,” according to researchers at Google’s Threat Analysis Group (TAG).

Phishing 102

Phishing Military Government Security 102

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” The U-Admin phishing panel interface. Image: fr3d.hk/blog. ” U-Admin, a.k.a.

Phishing 256

Phishing Authentication Archiving Cybersecurity 256

KnowBe4

FEBRUARY 28, 2024

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services.

Phishing 83

Phishing 83

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing 115

Phishing Education Passwords Information Security 115

KnowBe4

OCTOBER 19, 2023

October 18, 2023, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One.

Phishing 80

Phishing Manufacturing Education Ransomware 80

Data Breach Today

JANUARY 27, 2020

Researchers Suspect Konni APT Group Involved A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42.

Phishing 189

Phishing Government 189

Schneier on Security

AUGUST 13, 2021

The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. Machine learning focused on personality analysis aims to be predict a person’s proclivities and mentality based on behavioral inputs. It’s just a matter of time before this is really effective.

Phishing 130

Phishing Risk IT Artificial Intelligence 130

Security Affairs

MARCH 14, 2023

Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks.

Phishing 81

Phishing Authentication Sales Passwords 81

The Last Watchdog

NOVEMBER 6, 2023

QR code phishing attacks started landing in inboxes around the world about six months ago. Best practices So how do you defend your enterprise against QR code phishing attacks? In June, we started seeing these types of attacks amongst our customer base. Make sure to always check the waters before you swim (or in this case, scan).

Phishing 167

Phishing Education Marketing Cloud 167

Security Affairs

OCTOBER 24, 2021

Microsoft uncovered an extensive series of credential phishing campaigns that employed a custom phishing kit tracked as TodayZoo. Microsoft researchers uncovered a custom phishing kit, dubbed TodayZoo, that was used in an extensive series of credential phishing campaigns. com domain to send the phishing messages.

Phishing 118

Phishing Sales Archiving Passwords 118

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 129

Phishing Authentication Passwords Access 129

Security Affairs

JUNE 11, 2023

Microsoft researchers warn of banking adversary-in-the-middle (AitM) phishing and BEC attacks targeting banking and financial organizations. Microsoft discovered multi-stage adversary-in-the-middle (AiTM) phishing and business email compromise (BEC) attacks against banking and financial services organizations.

Phishing 94

Phishing Financial Services Authentication Passwords 94

Security Affairs

AUGUST 24, 2022

The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users. The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users.

Phishing 98

Phishing Authentication Passwords Access 98

KnowBe4

OCTOBER 12, 2022

Researchers at Mandiant have published an analysis of a phishing -as-a-service kit called “Caffeine,” which further lowers the bar for inexperienced cybercriminals by offering a publicly available, easy-to-use phishing service.

Phishing 87

Phishing 87

eSecurity Planet

AUGUST 23, 2023

Spear phishing is a more targeted and effective phishing technique that attempts to exploit specific individuals or groups within an organization. While phishing uses a broader range of tactics, such as mass emailing to random recipients, spear phishing is often well-researched and tailored to high-value targets.

Phishing 83

Phishing Authentication Security awareness Passwords 83

Security Affairs

AUGUST 2, 2023

Experts spotted a spear-phishing Facebook campaign exploiting a zero-day vulnerability in Salesforce email services. Researchers from Guardio Labs uncovered a sophisticated phishing campaign exploiting a zero-day vulnerability in Salesforce email services and SMTP servers. 8e-sefdea4.um9. ” concludes the experts.

Phishing 90

Phishing Authentication IT Security 90

KnowBe4

AUGUST 11, 2023

The latest data from Comcast Business’ analysis of over 23.5 billion cyber attacks on their business customers shows the importance and role of phishing in attacks.

Phishing 78

Phishing 78

Security Affairs

DECEMBER 12, 2021

Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. “The phish sites are fairly similar.

Phishing 142

Phishing Cybersecurity Security IT 142

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing 125

Phishing Cloud Cybersecurity Security 125

KnowBe4

MARCH 27, 2024

Analysis of a new initial access malware attack shows how simple these attacks can be while also proving that malware can reside on legitimate repositories.

Phishing 110

Phishing Access Security 110

Security Affairs

SEPTEMBER 5, 2022

Cybersecurity firm Armorblox discovered a new phishing campaign aimed at American Express customers. Armorblox researchers uncovered a new phishing campaign that is targeting American Express customers. The phishing email, marked by Google as safe, was delivered to more than 16,000 users’ addresses. Pierluigi Paganini.

Phishing 99

Phishing Authentication Passwords Encryption 99

IT Governance

APRIL 11, 2023

Welcome to our April 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. YouTube warns of monetisation scam Content creators on YouTube are being warned about a phishing campaign regarding an apparent “new monetisation policy”.

Phishing 114

Phishing Passwords Ransomware Insurance 114

Security Affairs

FEBRUARY 13, 2022

Cybersecurity researchers Zoziel Pinto Freire analyzed the use of weaponized PDFs in phishing attacks. Every day everybody receives many phishing attacks with malicious docs or PDFs. I did a static analysis and I went straight to the point to make this reading simple and fast. SecurityAffairs – hacking, phishing).

Phishing 88

Phishing Cybersecurity IT Security 88

Security Affairs

SEPTEMBER 20, 2021

Security researchers uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . Researchers from cybersecurity firm Cyjax uncovered a large phishing campaign targeting multiple government departments in APAC and EMEA countries. . ” reads the analysis published by the experts.

Phishing 94

Phishing Government Cybersecurity Access 94

Data Breach Today

JULY 21, 2022

Cyberecurity Firm Mandiant Analyzes Phishing Campaigns with ties to Belarus and Russia U.S. military, published a detailed analysis of phishing campaigns with links to Belarus and Russia. Cybersecurity firm Mandiant, which has ties to the U.S.

Military 242

Military Phishing Cybersecurity Security 242

Security Affairs

MAY 30, 2023

“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a.ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a.ZIP domain.

Archiving 98

Archiving Phishing Security IT 98

Security Affairs

AUGUST 9, 2020

Researchers detailed a new evasive phishing technique that leverages modified favicons to inject e-skimmers and steal payment card data covertly. Researchers from cybersecurity firm Malwarebytes have analyzed a new evasive phishing technique used by attackers in the wild in Magecart attacks. ” continues the analysis.

Phishing 145

Phishing Authentication Cybersecurity IT 145

Security Affairs

SEPTEMBER 25, 2023

A phishing campaign targets Ukrainian military entities using drone manuals as lures to deliver the post-exploitation toolkit Merlin. Securonix researchers recently uncovered a phishing campaign using a Pilot-in-Command (PIC) Drone manual document as a lure to deliver a toolkit dubbed Merlin.

Military 96

Military Phishing Communications IT 96

Security Affairs

AUGUST 25, 2022

The threat actors behind Twilio and Cloudflare attacks have been linked to a phishing campaign that targeted other 136 organizations. The threat actors behind the attacks on Twilio and Cloudflare have been linked to a large-scale phishing campaign that targeted 136 organizations, security firm Group-IB reported. Pierluigi Paganini.

Phishing 94

Phishing Authentication Passwords Access 94

eSecurity Planet

FEBRUARY 8, 2023

ChatGPT has raised alarm among cybersecurity researchers for its unnerving ability in composing everything from sophisticated malware to phishing lures – but it’s important to keep in mind that the tool can help support cybersecurity defenses as well. “It will be fun, engaging, and memorable.”

Cybersecurity 115

Cybersecurity Security awareness Phishing Ransomware 115

Security Affairs

JANUARY 6, 2022

Experts warn of a new phishing technique that abuses the commenting feature of Google Docs to send out emails that appear from a legitimate source. ” reads the analysis published by Avanan. SecurityAffairs – hacking, Phishing). The technique also with Google Slide and other components of the Google Workspace service.

Phishing 112

Phishing Security IT Information Security 112

Security Affairs

AUGUST 8, 2022

LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Using highly trusted service domains like Snapchat and other online-services, they create special URLs which lead to malicious resources with phishing kits. Resecurity, Inc.

Phishing 97

Phishing Passwords Access Cybersecurity 97

Security Affairs

AUGUST 28, 2022

The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The Python Package Index, PyPI, this week warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository.

Phishing 88

Phishing IT Security Information Security 88

KnowBe4

AUGUST 8, 2023

As a security awareness practitioner, keeping your pulse on industry - and geographical - benchmarking data and best practices is always a good way to measure your organization’s security awareness success.

Security awareness 81

Security awareness Phishing Security 81

Security Affairs

JULY 22, 2021

Researchers from threat intelligence firm Group-IB helps Dutch police identify members of phishing developer gang known as Fraud Family. These fake notifications contained malicious links to adversary-controlled phishing websites that steal payment info. Using well-known brands, fraudsters gained users’ immediate trust.

Phishing 107

Phishing Sales Access IT 107