The Department of Justice has indicted two Americans and a Nigerian on multiple charges for their alleged roles in a phishing scheme that targeted college employees, banks and other businesses from May 2013 through June 2014. Filed on Tuesday in U.S. District Court in New Mexico, the indictment identifies the defendants as Nigerian citizen Otuokere…
Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators. The scams are respectively detailed in a pair of…
Political campaigns can accept low-cost help from private cybersecurity firms to protect campaigns in the 2020 election cycle, the Federal Election Commission (FEC) ruled Thursday. The commission, which viewed the discounted services as an in kind donation under current rules, had indicated it would reject the initiative but changed course. Because Area 1 Security, the…
An analysis of workers’ cyber knowledge gaps found that ends users last year struggled most with identifying phishing threats and protecting data throughout its lifecycle, according to a new report from Proofpoint. Titled “Beyond the Phish 2019, the report incorporated data gathered from roughly 130 million answers to questions that were posed to endpoint users…
Microsoft’s Defender ATP Research Team yesterday revealed its discovery of a late-spring, fileless malware campaign that used “living-off-the-land” techniques to infected victims with information-stealing Astaroth backdoor. The attackers behind this particular campaign abused a multiple of legitimate services in order to deliver the final payload, including the Windows Management Instrumentation Command-line tool (WMIC), the BITSAdmin command-line…
A Department of Homeland Security (DHS) official warned a Santa Fe, N.M., gathering of secretaries of state to beware of phishing attempts that might target their state and local election systems and workers. “We know that phishing is how a significant number of state and local government networks become exploited,” an ABC News report cited…
A mysterious hacker has for years been tricking Libyan citizens into infecting themselves with mobile and desktop malware by luring them to weaponized Facebook pages that impersonate key local figures and purport to deliver news of interest to the civil war-torn nation’s people. Researchers from Check Point Software Technologies have traced the campaign – dubbed…
The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states. What’s more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a…
Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit. Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging…
A new study on a worker’s susceptibility to being successfully phished found those working in the construction industry the most likely to fall for an attack, however, with the proper training this weakness can be almost entirely weeded out. KnowBe4’s Phishing by Industry 2019 report looked at 19 industries breaking them down into three categories,…
