Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 209

Phishing Passwords Risk Sales 209

Data Breach Today

JANUARY 11, 2024

Also: Bitcoin ETP, Gamma and dYdX Attacks, 2023 Hack Stats This week, hackers ran crypto phishing scams on X accounts, the SEC approved bitcoin ETP, hackers stole $3.4

Phishing 284

Phishing IT 284

Data Breach Today

SEPTEMBER 11, 2023

Vectors Includes Teams Phishing and Malvertising Advertising on Russian-language criminal forums is paying off for the author of the DarkGate malware as reflected by a spike in infections, including an unusual phishing campaign on Microsoft Teams to deliver the loader through HR-themed social engineering chat messages.

Phishing 256

Phishing 256

Data Breach Today

APRIL 19, 2024

Also: Omni Hack Exposed Customer Data; More Ivanti Vulnerabilities Come to Light This week, police disrupted the LabHost phishing-as-a-service site, customer data compromised in Omni Hotels hack, more Ivanti vulnerabilities found, Moldovan botnet operator faces U.S.

Phishing 157

Phishing Data breaches Ransomware 157

Data Breach Today

SEPTEMBER 5, 2023

Energy Facility Impeded Attack by Blocking the Launch of the Windows Script Host Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage.

Phishing 292

Phishing Military 292

Data Breach Today

DECEMBER 7, 2023

Incident That Affected 35,000 Urgent Care Clinic Patients Results in $480K Fine Weeks after the Department of Health and Human Services announced its first HIPAA enforcement action in a ransomware breach, federal regulators have reached another milestone: a $480,000 settlement in a HIPAA case centered for the first time ever on a phishing attack.

Phishing 293

Phishing Ransomware IT 293

Data Breach Today

SEPTEMBER 6, 2023

Phishing Platform Automates Big Business Email Compromise Attacks, Researchers Find A sophisticated phishing toolkit called W3LL Panel has been used to exploit at least 8,000 endpoints since the middle of last year to perpetrate costly business email compromise schemes, Group-IB reports.

Phishing 275

Phishing 275

Krebs on Security

MAY 26, 2023

The number of phishing websites tied to domain name registrar Freenom dropped precipitously in the months surrounding a recent lawsuit from social networking giant Meta , which alleged the free domain name provider has a long history of ignoring abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 245

Phishing Mining IT 245

Data Breach Today

AUGUST 9, 2023

Authorities In Multiple Countries Arrest Operators of 16Shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 244

Phishing Security 244

Data Breach Today

AUGUST 10, 2023

Authorities in Multiple Countries Arrest Operators of 16shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 240

Phishing Security 240

Data Breach Today

APRIL 19, 2023

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 268

Phishing Government IT 268

KnowBe4

APRIL 23, 2024

Attackers are launching phishing campaigns using an open-redirect vulnerability affecting a website belonging to coffee machine company Nespresso, according to researchers at Perception Point.

Phishing 86

Phishing 86

Data Breach Today

JULY 14, 2023

State-Linked Spear-Phishing Campaign Targeting Government, Military Personnel Belarus state-linked hackers are targeting government and military entities in both Ukraine and Poland with spear-phishing campaigns that deliver remote access Trojans.

Phishing 225

Phishing Military Government Access 225

Krebs on Security

AUGUST 4, 2023

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days. The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

Phishing 199

Phishing Computer and Electronics Marketing IT 199

Data Breach Today

JUNE 22, 2022

Belgian and Dutch Police Arrest 9 Suspects Over Theft of 'Millions of Euros' Belgian and Dutch police with the support of Europol dismantled an organized crime gang involved in carrying out phishing, money laundering and other scams. Nine suspects are in detention after stealing several million euros, authorities say.

Phishing 301

Phishing 301

Data Breach Today

AUGUST 18, 2023

Targets Include Small and Medium Businesses and Government Agencies Threat actors are on a phishing spree targeting users of Zimbra Collaboration email suite, in particular small and medium businesses and government agencies.

Phishing 234

Phishing Government Security IT 234

Data Breach Today

MARCH 4, 2023

Attackers Exploit Economic Downturn by Deploying Malware in Resumes, ID Attachments Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters.

Phishing 261

Phishing 261

Security Affairs

APRIL 18, 2024

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost. An international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms.

Phishing 107

Phishing Passwords Authentication IT 107

Krebs on Security

AUGUST 18, 2022

” A copy of the phishing message included in the PayPal.com invoice. While the phishing message attached to the invoice is somewhat awkwardly worded, there are many convincing aspects of this hybrid scam. Details of this scam were shared Wednesday with PayPal’s anti-abuse (phish@paypal.com) and media relations teams.

Phishing 312

Phishing Access IT 312

Data Breach Today

MARCH 7, 2021

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says. The company adds it prevented more than 2,500 phishing emails tied to the campaign.

Phishing 332

Phishing Security IT 332

Data Breach Today

OCTOBER 8, 2022

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

Phishing 261

Phishing Access Security IT 261

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing 219

Phishing Government Compliance Communications 219

KnowBe4

APRIL 22, 2024

The other day I was participating in a company’s employee meeting when the CEO revealed he had been “caught” that morning by a real phishing attack email.

Phishing 89

Phishing 89

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 185

Phishing Passwords Insurance Sales 185

Data Breach Today

NOVEMBER 23, 2022

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta. Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

Authentication 259

Authentication Phishing Security 259

Krebs on Security

AUGUST 9, 2021

The payment message displayed by the carding site phishing domain BriansClub[.]com. However, upon registering at the phishing site and clicking to fund my account, I was presented with the exact same Bitcoin address that Mitch said he paid. Shortly after it came online as a phishing site last year, BriansClub[.]com com, vclub[.]cards,

Phishing 349

Phishing Blockchain IT Marketing 349

Data Breach Today

AUGUST 27, 2022

Unusual Activity' By Third-Party Service Provider to Blame Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider.

Phishing 257

Phishing IT 257

Data Breach Today

JULY 14, 2022

Attackers Targeted More Than 10,000 Organizations Since Last September Attackers used a phishing campaign to direct unwitting Microsoft business email customers into supplying logon credentials to a proxy server. Attackers stole online session cookies, allowing them to defeat MFA and access inboxes.

Phishing 361

Phishing Access 361

KnowBe4

APRIL 23, 2024

New data shows phishing attacks are deviating from the traditional focus on technology and retail sectors and are opting for alternate brands with widespread appeal.

Phishing 110

Phishing Retail Security awareness Security 110

KnowBe4

MARCH 26, 2024

A Phishing-as-a-Service (PhaaS) platform called “Tycoon 2FA” has surged in popularity over the past several months, according to researchers at Sekoia. The phishing kit is notable for its focus on bypassing victims’ multi-factor authentication measures.

Phishing 116

Phishing Authentication IT Security 116

KnowBe4

DECEMBER 7, 2023

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.

Phishing 110

Phishing Authentication 110

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing 117

Phishing Education Cybersecurity Data breaches 117

KnowBe4

APRIL 16, 2024

Microsoft and Google were the most frequently impersonated brands in phishing attacks during the first quarter of 2024, according to a report from Check Point.

Phishing 108

Phishing Security 108

KnowBe4

APRIL 1, 2024

A journalist in Pennsylvania was targeted by phishing attacks that involved thread hijacking, according to Brian Krebs at KrebsOnSecurity.

Phishing 103

Phishing Security 103

KnowBe4

APRIL 19, 2024

The cybercriminal threat actor FIN7 is launching spear phishing attacks against the automotive industry in the United States, according to researchers at BlackBerry.

Phishing 101

Phishing Ransomware Security 101

KnowBe4

FEBRUARY 15, 2024

A phishing campaign is attempting to trick users into downloading remote monitoring and management (RMM) software like AnyDesk, Atera, and Splashtop, according to researchers at Malwarebytes.

Phishing 109

Phishing Security 109

Security Affairs

APRIL 18, 2024

carmaker with spear-phishing attacks. In late 2023, BlackBerry researchers spotted the threat actor FIN7 targeting a large US automotive manufacturer with a spear-phishing campaign. BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large U.S.

Phishing 113

Phishing Manufacturing Libraries IT 113