INDUSTRY INSIGHTS YOUR PEERS ARE READING
A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature. Web Security Credential stuffing Credential Theft Facebook google Google Translate Phishing phishing scam MORE
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site MORE
Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks. MORE
Phishing remains the top attack vector, and an organization's people of course remain the top target. But how can these same people be leveraged as a key component in your anti-phishing defense? Kurt Wescoe of Wombat shares insight MORE
Data breaches Cyber security Hacking Phishing Protected health information HIPAA regulationsData at Valley Professionals Community Health Center was accessed in November through the hack of an employee’s email account. MORE
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email MORE
A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack that gained access to the email account of John Podesta, Hillary Clinton’s 2016 campaign manager. “We MORE
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock). MORE
Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. SecurityAffairs – phishing, Facebook). The post Facebook login phishing campaign can deceive tech-savvy users appeared first on Security Affairs. MORE
Credential compromise emerged the main target for phishing campaigns in 2018 - rather than infecting victims' devices with malware. Most Recent ThreatLists Web Security credential compromise email security malware Phishing Vishing MORE
A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down. MORE
Researchers warn that the phishing campaign looks "deceptively realistic.". Web Security Credentials Facebook Phishing phishing campaign social engineering MORE
Arrests Came After a Two-Year Investigation of 'Highly Organized' Crime Group Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers. MORE
Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. Here's how to play better phishing defense MORE
Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps MORE
A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers. The post Phishing Campaign Hits Credit Unions appeared first on Adam Levin. MORE
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Phone-based phishing attacks are getting way more clever and are even snaring technology experts, as last month’s story shows. MORE
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. There are several interesting takeaways from this phishing campaign. MORE
Web Security email scam Netflix Phishing phishing attack scamThe scam targets Netflix users and asks for payment information. MORE
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable. Malware Web Security Credentials GandCrab macros malware Phishing ransomware Ursnif MORE
Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. MORE
Football world-governing body FIFA has admitted that its systems suffered a sustained phishing hack earlier this year. It is believed that the breach was caused by an employee falling for a phishing scam. MORE
Hacks Web Security Malicious URL microsoft phishing Microsoft SharePoint Office 365 Phishing phishing attack phishing campaign SharepointResearchers say the "PhishPoint" tactic has already impacted 10 percent of Office 365 users globally. MORE
Memorial Hospital at Gulfport in Mississippi is notifying patients that protected health information may have been compromised by a phishing attack. Phishing Cyber attacks Cyber security Malware Protected health information Hospitals and clinics MORE
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING. MORE
Phishing has been used as a way for criminal hackers to gain sensitive information since the mid-1990s. Phishing emails can impersonate well-known brands or even people you know, such as colleagues. Phishing attacks are becoming more sophisticated, making them harder to detect. MORE
Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports. MORE
No Misuse of Exposed Data Has Been Reported - Yet Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn. MORE
Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Amnesty experts monitored several credential phishing campaigns targeting individuals across the Middle East and North Africa. MORE
Experts Offer Tips for How to Avoid Falling Victim Several health data breaches involving phishing attacks - including one that potentially exposed data on more than 100,000 individuals - have been added to the federal health data breach tally this month. MORE
Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. These phishing emails pose as alerts sent by Google that inform users that their accounts were accessed from a new Windows device. MORE
Brent Maher of Johnson Financial Group Offers Real-World Lessons Learned The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group MORE
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. MORE
Phishing attacks are on the rise, evolving in variety and sophistication and threatening email security. An IRONSCALES report has revealed that 90–95% of all successful cyber attacks begin with a phishing email. Widespread availability of low-cost phishing and ransomware tools. MORE
Cybercrime Gang Phoned Victims to Increase Phishing Attack Success Rates The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. MORE
The phishing campaign is using a new technique to hide the source code of its landing page - and stealing credentials from customers of a major U.S.-based Web Security Bank Credential Stealing custom fonts obfuscation Phishing phishing campaign retail substitution cipherbased bank. MORE
certificates machinelearning phishing spoofingReally interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name. MORE
Breach Tally Shows Hacking Attacks Involving Email Continue to Plague the Sector With the year nearly over, hacking attacks - especially those involving phishing and other email attacks - continue to rack up big victim counts for health data breaches reported to federal regulators in 2018 MORE
But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas Bienstock Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it MORE
Phishing Related Topics Krebs on Security
JANUARY 3, 2019
A new phone-based phishing scam that spoofs Apple Inc. As I noted in my October 2018 piece, Voice Phishing Scams are Getting More Clever , phone phishing usually invokes an element of urgency in a bid to get people to let their guard down.
Krebs on Security
NOVEMBER 26, 2018
Maybe you were once advised to “look for the padlock” as a means of telling legitimate e-commerce sites from phishing or malware traps. A live Paypal phishing site that uses [link] (has the green padlock). A live Facebook phish that uses SSL (has the green padlock).
Krebs on Security
OCTOBER 1, 2018
Most of us have been trained to be wary of clicking on links and attachments that arrive in emails unexpected, but it’s easy to forget scam artists are constantly dreaming up innovations that put a new shine on old-fashioned telephone-based phishing scams. FULLY AUTOMATED PHONE PHISHING.
Data Breach Today
DECEMBER 4, 2018
Richard Conti of Children's Hospital of Philadelphia on Risk Mitigation Steps Because phishing attacks are so pervasive, aggressive staff educational efforts are essential, says Richard Conti of The Children's Hospital of Philadelphia, who also discusses other risk mitigation steps
Krebs on Security
NOVEMBER 2, 2018
Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Phone-based phishing attacks are getting way more clever and are even snaring technology experts, as last month’s story shows.
Threatpost
FEBRUARY 15, 2019
Researchers warn that the phishing campaign looks "deceptively realistic.". Web Security Credentials Facebook Phishing phishing campaign social engineering
|
Data Breach Today
DECEMBER 5, 2018
Arizona Cancer Center a Recent Victim of Major Phishing Attack As the year winds down, phishing and ransomware attacks continue to plague the healthcare sector, as illustrated by recent breach reports.
Adam Levin
FEBRUARY 11, 2019
A phishing campaign targeting credit unions and other financial institutions recently found its way into the email inboxes of anti-money laundering officers. The post Phishing Campaign Hits Credit Unions appeared first on Adam Levin.
Security Affairs
FEBRUARY 8, 2019
Crooks leverage Google Translate service as camouflage on mobile browsers in a phishing campaign aimed at stealing Google account and Facebook credentials. These phishing emails pose as alerts sent by Google that inform users that their accounts were accessed from a new Windows device.
Security Affairs
FEBRUARY 17, 2019
Security experts at Myki have recently discovered a new phishing campaign that could deceive even most tech-savvy users. SecurityAffairs – phishing, Facebook). The post Facebook login phishing campaign can deceive tech-savvy users appeared first on Security Affairs.
Krebs on Security
AUGUST 2, 2018
A story published here on July 12 about a new sextortion-based phishing scheme that invokes a real password used by each recipient has become the most-read piece on KrebsOnSecurity since this site launched in 2009. There are several interesting takeaways from this phishing campaign.
|
|
Data Breach Today
NOVEMBER 27, 2018
Breach Tally Shows Hacking Attacks Involving Email Continue to Plague the Sector With the year nearly over, hacking attacks - especially those involving phishing and other email attacks - continue to rack up big victim counts for health data breaches reported to federal regulators in 2018
Data Breach Today
JANUARY 17, 2019
Experts Offer Tips for How to Avoid Falling Victim Several health data breaches involving phishing attacks - including one that potentially exposed data on more than 100,000 individuals - have been added to the federal health data breach tally this month.
Krebs on Security
JULY 23, 2018
Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.
Threatpost
FEBRUARY 6, 2019
A tricky two-stage phishing scam is targeting Facebook and Google credentials using a landing page that hides behind Google's translate feature. Web Security Credential stuffing Credential Theft Facebook google Google Translate Phishing phishing scam
Data Breach Today
AUGUST 7, 2018
Cybercrime Gang Phoned Victims to Increase Phishing Attack Success Rates The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege.
Security Affairs
NOVEMBER 25, 2018
Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify.
Security Affairs
DECEMBER 25, 2018
Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale. Amnesty experts monitored several credential phishing campaigns targeting individuals across the Middle East and North Africa.
Data Breach Today
DECEMBER 18, 2017
Bitcoin Exchange Job Lure Traces to Hackers Tied to North Korea Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks.
Threatpost
DECEMBER 27, 2018
Web Security email scam Netflix Phishing phishing attack scamThe scam targets Netflix users and asks for payment information.
Information Management Resources
FEBRUARY 19, 2019
Memorial Hospital at Gulfport in Mississippi is notifying patients that protected health information may have been compromised by a phishing attack. Phishing Cyber attacks Cyber security Malware Protected health information Hospitals and clinics
Threatpost
JANUARY 4, 2019
The phishing campaign is using a new technique to hide the source code of its landing page - and stealing credentials from customers of a major U.S.-based Web Security Bank Credential Stealing custom fonts obfuscation Phishing phishing campaign retail substitution cipherbased bank.
Data Breach Today
JULY 11, 2018
Brent Maher of Johnson Financial Group Offers Real-World Lessons Learned The key to lowering the risk of employees becoming victims of phishing is to adopt an "adult learning" approach to training, says Brent Maher, CISO at Johnson Financial Group
Dark Reading
FEBRUARY 20, 2019
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site
Data Breach Today
JANUARY 8, 2018
No Misuse of Exposed Data Has Been Reported - Yet Personal details for 30,000 Medicaid recipients in Florida may have been exposed after a government employee fell victim to a phishing attack, state officials warn.
Dark Reading
JANUARY 23, 2019
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email
IT Governance
MARCH 16, 2018
Phishing has been used as a way for criminal hackers to gain sensitive information since the mid-1990s. Phishing emails can impersonate well-known brands or even people you know, such as colleagues. Phishing attacks are becoming more sophisticated, making them harder to detect.
IT Governance
NOVEMBER 9, 2018
Football world-governing body FIFA has admitted that its systems suffered a sustained phishing hack earlier this year. It is believed that the breach was caused by an employee falling for a phishing scam.
Data Breach Today
JULY 23, 2018
Russians Tied to Hack Attacks, But 'Two-Factor' No Silver Bullet, Google Warns Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. Here's how to play better phishing defense
Data Breach Today
JUNE 21, 2018
Phishing remains the top attack vector, and an organization's people of course remain the top target. But how can these same people be leveraged as a key component in your anti-phishing defense? Kurt Wescoe of Wombat shares insight
Adam Levin
JANUARY 23, 2019
A Google offshoot is trying to teach people to be more circumspect about phishing attempts. Jigsaw, an incubator owned by Google parent company Alphabet, has released an online quiz that displays examples of phishing emails side by side with legitimate ones and asks users to guess which is which. The quiz uses real-world phishing campaigns, including the Russian hack that gained access to the email account of John Podesta, Hillary Clinton’s 2016 campaign manager. “We
Data Breach Today
JUNE 21, 2018
But OAuth Attack Defense Remains Tricky, Warns FireEye's Douglas Bienstock Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it
Threatpost
JANUARY 25, 2019
A spate of phishing emails with Word attachments deliver both the Gandcrab ransomware and Ursnif executable. Malware Web Security Credentials GandCrab macros malware Phishing ransomware Ursnif
Data Breach Today
AUGUST 17, 2018
A phishing attack on Wednesday fueled by the Necurs botnet targeted at least 2,700 banking institutions of various sizes in the U.S. and around the world, explains Aaron Higbee of Cofense, which detected the attack
Information Management Resources
FEBRUARY 5, 2019
Data breaches Cyber security Hacking Phishing Protected health information HIPAA regulationsData at Valley Professionals Community Health Center was accessed in November through the hack of an employee’s email account.
IT Governance
MARCH 21, 2018
Phishing attacks are on the rise, evolving in variety and sophistication and threatening email security. An IRONSCALES report has revealed that 90–95% of all successful cyber attacks begin with a phishing email. Widespread availability of low-cost phishing and ransomware tools.
Schneier on Security
AUGUST 9, 2018
certificates machinelearning phishing spoofingReally interesting article : A trained eye (or even a not-so-trained one) can discern when something phishy is going on with a domain or subdomain name.
Threatpost
JANUARY 24, 2019
Credential compromise emerged the main target for phishing campaigns in 2018 - rather than infecting victims' devices with malware. Most Recent ThreatLists Web Security credential compromise email security malware Phishing Vishing
Threatpost
AUGUST 15, 2018
Hacks Web Security Malicious URL microsoft phishing Microsoft SharePoint Office 365 Phishing phishing attack phishing campaign SharepointResearchers say the "PhishPoint" tactic has already impacted 10 percent of Office 365 users globally.
Data Breach Today
MARCH 30, 2018
Arrests Came After a Two-Year Investigation of 'Highly Organized' Crime Group Police have charged 20 Romanian and Italian nationals with running spear-phishing attacks that stole more than $1 million from online bank customers.
77 
Let's personalize your content