Impersonation Becomes Top Phishing Technique

Dark Reading

A new report finds IT, healthcare, and manufacturing are the industries most targeted by phishing emails

Phishing Campaign Targets 200M Microsoft 365 Accounts

Dark Reading

A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Passwords stolen via phishing campaign available through Google search

Security Affairs

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. . SecurityAffairs – hacking, phishing).

Gaming hardware manufacturer Razer suffered a data leak

Security Affairs

Gaming hardware manufacturer Razer suffered a data leak, an unsecured database managed by the company containing gamers’ info was exposed online. Gaming hardware manufacturer Razer has suffered a data leak, this is the discovery made by the security researcher Bob Diachenko.

Aggah APT Group Targets Taiwan, South Korea

Data Breach Today

Spear-Phishing Campaign Exploits PowerPoint Vulnerability The Aggah APT group, believed to be of Pakistani origin, apparently was behind a recent spear-phishing campaign targeting manufacturing firms in Taiwan and South Korea, according to Anomali Threat Research

WordPress Sites Abused in Aggah Spear-Phishing Campaign

Threatpost

The Pakistan-linked threat group's campaign uses compromised WordPress sites to deliver the Warzone RAT to manufacturing companies in Taiwan and South Korea.

5 ways to detect a phishing email – with examples

IT Governance

Phishing is one of the most longstanding and dangerous methods of cyber crime. Despite what people think they know about phishing, they consistently fall victim. According to Verizon’s 2019 Data Breach Investigations Report , 32% of all cyber attacks involved phishing. In this blog, we use real-life examples to demonstrate five clues to help you spot phishing scams. Phia Bennin, the show’s producer, hired an ethical hacker to phish various employees.

Think you’re not susceptible to phishing? Think again

IT Governance

On average, one in ten emails is a phishing scam. Very few respondents said they were likely to be lured by the most common pitfalls of phishing scams: Urgency: 10.7%. To see whether respondents really weren’t tempted by such scams, PhishMe sent them a series of simulated phishing emails. How does phishing work? >> Unsurprisingly, respondents were far more likely to open phishing emails that preyed on fear, urgency and curiosity than they thought.

COVID-19 Vaccine Themes Persist in Fraud Schemes

Data Breach Today

Fraudsters Impersonate Vaccine Manufacturers, WHO, DHL Researchers at the security firm Proofpoint are tracking several fraud schemes leveraging COVID-19 vaccine-themed emails.

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

Social engineering, especially phishing, continues to trigger the vast majority of breach attempts. Lucy’s’s software allows companies to easily set-up customizable mock attacks to test employees’ readiness to avoid phishing, ransomware and other attacks with a social engineering component. This is stunning: phishing attacks soared in 2018, rising 250% between January and December, according to Microsoft’s Security Intelligence Report.

Phishing emails and malicious attachments responsible for 34% of cyber attacks

IT Governance

A recent F-Secure report has found that phishing emails (16%) and malicious attachments (18%) together accounted for 34% of cyber attacks. Financial and manufacturing organisations were equally affected by both. If employees aren’t fully educated on phishing, they are liable to underestimate the threat. You might also benefit from a Simulated Phishing Attack , which will establish how vulnerable your staff are to phishing emails.

Experts devised advanced SMS phishing attacks against modern Android-based phones

Security Affairs

Experts warn of advanced phishing attacks in certain modern Android-based phones that can trick users into accepting new malicious phone settings. Researchers from Check Point have discovered that advanced phishing attacks in certain modern Android-based phones, could allow an attacker to trick users into accepting new device settings that could expose them to various attack s, including traffic hijacking. The attacker can send out targeted phishing CP messages (i.e.

Kraken fileless attack technique abuses Microsoft Windows Error Reporting (WER)

Security Affairs

The threat actor that employed the Kraken technique, likely an APT group, launched a phishing attack that used messages with a.ZIP file attachment. An unidentified group of hackers is using a new fileless attack technique, dubbed Kraken, that abuses the Microsoft Windows Error Reporting (WER).

Hackers target German Task Force for COVID-19 PPE procurement

Security Affairs

Researchers from the IBM X-Force Incident Response and Intelligence Services (IRIS) reported that attackers launched a COVID-19-themed spear-phishing campaign to steal the user credentials of over 100 senior executives. The phishing messages originating from a Russia-based IP address 178[.]159[.]36[.]183,

Types of Malware & Best Malware Protection Practices

eSecurity Planet

Phishing. Most device or software manufacturers place backdoors in their products intentionally and for a good reason. Attackers often use botnets to send out spam or phishing campaigns to carry out distributed denial of service (DDoS) attacks. Phishing and Social Engineering. More targeted efforts at specific users or organizations are known as spear phishing. How to Defend Against Phishing. Examples of Phishing Malware Attacks. Phishing Type.

Spearphishing attacks hit the oil and gas industry sector

Security Affairs

Hackers launched spear-phishing attacks against organizations in the oil and gas industry sector spreading the Agent Tesla info-stealer malware.

LokiBot info stealer involved in a targeted attack on a US Company

Security Affairs

Security researchers at Fortinet uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. FortiGuard SE Team experts uncovered a malspam campaign aimed distributing the LokiBot malware at a US manufacturing company. Now researchers spotted phishing messages targeting the employees of a large U.S. manufacturing company. “It targeted a large US manufacturing company utilizing the well documented infostealer LokiBot.

Gangnam Industrial Style APT campaign targets industrial firms worldwide

Security Affairs

Experts from the CyberX’s threat intelligence team Section 52 uncovered an ongoing cyberespionage campaign, tracked as Gangnam Industrial Style, that targeted industrial, engineering, and manufacturing organizations, most of them in South Korea (60%).

How Microsoft Word “Protected View” Stops Information Leaks

Perficient

Someone engaging in spear phishing could employ Word-based web trackers to learn more about the type of desktop computer and operating system a target is using, helping the spear phisher tune his or her strategy for further attack. The most important action you can take is to maintain awareness and view all inbound emails and file attachments skeptically to avoid being phished. Microsoft Word has long offered support for loading images and templates over the network.

Cyber mercenaries and insiders hired by Chinese intelligence to hack aerospace and tech firms

Security Affairs

The turbofan engine was manufactured by a French aerospace company, which also had offices in the Jiangsu province with a U.S.-based “At the time of the intrusions, a Chinese state-owned aerospace company was working to develop a comparable engine for use in commercial aircraft manufactured in China and elsewhere.” ” The Chinese spies also targeted companies involved in the manufacturing of components for the jet engine, including US-based firms.

Protect Your Home Office and Network With These 5 Tips

Adam Levin

Secure Your Router: If you’re still using your router’s manufacturer default password, it’s past time for a change. Be sure to change the default manufacturer password, and update software with the latest patches. Beware of Phishing Links: Phishing scams are on the rise.

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. The threat actors carried out spear-phishing attacks using spoofed email addresses.

Cuba ransomware gang hacked 49 US critical infrastructure organizations

Security Affairs

“The FBI has identified, as of early November 2021 that Cuba ransomware actors have compromised at least 49 entities in five critical infrastructure sectors, including but not limited to the financial, government, healthcare, manufacturing, and information technology sectors.”

EU to Force IoT, Wireless Device Makers to Improve Security

eSecurity Planet

The European Union is poised to place more demands on manufacturers to design greater security into their wireless and Internet of Things (IoT) devices. Manufacturers will be required to adhere to the new cybersecurity safeguards when designing and producing these products.

IoT 70

FBI and Australia ACSC agencies warn of ongoing Avaddon ransomware attacks

Security Affairs

The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations worldwide in multiple industries, including government, finance, energy, manufacturing, and healthcare.

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Krebs on Security

“The group is also using its web of contacts in internet infrastructure providers to squash garden-variety phishing attacks and another financial crime that is using the fear of COVID-19 or the desire for information on it to trick regular internet users,” wrote Reuters’ Joe Menn.

Ransomware at IT Services Provider Synoptek

Krebs on Security

based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries , including state and local governments, financial services, healthcare, manufacturing, media, retail and software.

Researchers found alleged sensitive documents of NATO and Turkey

Security Affairs

Researchers from the US-based firm Cyble recently came across a post shared by an unknown threat actor that goes online with the moniker Spectre123, where he has allegedly leaked the sensitive documents of NATO and Havelsan (Turkish Military/defence manufacturer).

UNC2529, a new sophisticated cybercrime gang that targets U.S. orgs with 3 malware

Security Affairs

The group targeted the organization with phishing attacks aimed at spreading at least three new sophisticated malware strains. A new cybercrime gang, tracked as UNC2529 , has targeted many organizations in the US and other countries using new sophisticated malware.

Group-IB Hi-Tech Crime Trends 2020/2021 report

Security Affairs

Group-IB’s report Hi-Tech Crime Trends 2020/2021 examines various aspects of cybercrime industry operations and predicts changes to the threat landscape for various sectors, namely the financial industry, telecommunications, retail, manufacturing, and the energy sector. Phishing grows by 118%.

Hackers are targeting COVID-19 vaccine cold chain

Security Affairs

The experts uncovered a large scale spear-phishing campaign that has been ongoing since September 2020. The phishing campaign hit global organizations with headquarters in Germany, Italy, South Korea, Czech Republic, greater Europe, and Taiwan.

Ranzy Locker ransomware hit tens of US companies in 2021

Security Affairs

The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Illumio Unveils CloudSecure for Zero Trust Segmentation in the Cloud

eSecurity Planet

“They find a way in, whether it’s phishing or something else – but then to find all the valuable assets, they have to use lateral movements in those environments,” Kirner said.

Cloud 83

2020 Census Outreach Runs Counter to Cybersecurity Best Practices

Adam Levin

To accomplish this Sisyphean assignment the Census Bureau is sending emails —email that will join the steady stream of phishing scams and spam already at our inboxes and discarded several times a day. Joe Biden’s campaign was targeted by the Chinese with phishing emails earlier this summer.

Israel announced to have foiled an attempted cyber-attack on defence firms

Security Affairs

Israel ‘s defence ministry announced to have foiled an attempted cyber attack by a foreign threat actors group targeting the country’s defence manufacturers.

List of Data Breaches and Cyber Attacks in March 2021 – 21 Million Records Breached

IT Governance

Don’t be fooled by the fact that we only recorded 20,995,371 breached records in March; it was one of the leakiest months we’ve ever seen, with 151 recorded incidents. By comparison, there was a seemingly Lilliputian 82 recorded breaches in January and 118 in February.

Business Continuity Plans Must Evolve for the Post-COVID World

InfoGoTo

The pandemic has revealed a painful downside to just-in-time inventory management as some retailers and manufacturers were caught flat-footed when their suppliers were shut down by illness or government mandate.

Cloud 99

Security Affairs newsletter Round 289

Security Affairs

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

The Growing Presence (and Security Risks) of IoT

Thales Cloud Protection & Licensing

In the absence of IoT security regulations, many smart product manufacturers simply release new devices that lack built-in security measures and have not undergone proper security review and testing. Vulnerable devices could be used to spread malware within the enterprise, used for corporate espionage, surveillance of personnel, or plan whaling phishing campaigns. Take manufacturing, for instance. As most of us know, IoT devices are on the rise in enterprise networks.

US Treasury warns of ransomware attacks on COVID-19 vaccine research

Security Affairs

“FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines,” .