New research has revealed the creator of the commercially available 16Shop phishing kit is double dipping and is surreptitiously capturing the information stolen by his customers. Akamai said the alleged developer, an Indonesian they believe goes by handle Riswanda, has no qualms about taking advantage of the criminals who license his phishing kit and has…
A pair of email security firms are taking opposing positions on whether or not the 2020 presidential candidates are using secure email systems within their campaigns even though many of the candidates are using DMARC. Valimail and Agari have each issued report cards to show if the Democratic Party hopefuls learned a learned a lesson…
The FBI’s Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency’s 2018 Internet Crime Report. The three most commonly reported internet crimes last year were non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise),…
Cyberattackers, possibly Russian, recently struck numerous embassies in Europe with a malicious email attachment that uses a weaponized version of the TeamViewer remote desktop tool to gain control of the target computer. Check Point researchers reported that the attack is well structured, yet somewhat sloppy, but in the end potentially quite dangerous. The attack begin…
Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…
Hackers reportedly compromised a Microsoft Corp. support agent’s credentials, allowing them to gain unauthorized access to the company’s various web-based email services, including Outlook, MSN and Hotmail, for at least three months in 2019. This breach exposed not only information pertaining to certain customers’ email accounts, but also in some cases the content of the…
Whether or not a company’s workers are truly its weakest link is an arguable point, but a recent study found that a determination can be made whether or not a particular person may be targeted with a fraudulent email. Factors like whether or not a person’s login credentials for other websites had been compromised due…
Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security. Proofpoint researchers found the availability of these tools has powered a massive increase in the number of cloud attacks taking place which in turn…
The Southeast Asian threat group Bitter that has been active since 2015 has expanded its activities and has now targeted Pakistani and Saudi Arabia with three variants of the AstraDownloader to inject the RAT BitterRAT into various organizations. The attacks on Saudi Arabia and Pakistan began in September and continued into early 2019, according to…
The German firm Heise Security has found 2.2 billion email addresses and associated passwords, which it is labeling Collection 2-5, available for free on the web. These credentials were found in data caches similar to the Collection 1 data dump that was exposed in mid-January and found to contain 773 million unique emails amid 600GB…
