Phishing news & analysis | SC Media

Phishing

U.S. indicts three over alleged phishing campaign targeting universities, businesses

The Department of Justice has indicted two Americans and a Nigerian on multiple charges for their alleged roles in a phishing scheme that targeted college employees, banks and other businesses from May 2013 through June 2014. Filed on Tuesday in U.S. District Court in New Mexico, the indictment identifies the defendants as Nigerian citizen Otuokere…

Microsoft Office 365

Scams use false alerts to target Office 365 users, admins

Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators. The scams are respectively detailed in a pair of…

election hacking

FEC ruling allows political campaign to accept discounted services from security firms

Political campaigns can accept low-cost help from private cybersecurity firms to protect campaigns in the 2020 election cycle, the Federal Election Commission (FEC) ruled Thursday. The commission, which viewed the discounted services as an in kind donation under current rules, had indicated it would reject the initiative but changed course. Because Area 1 Security, the…

What is workforce’s biggest cyber knowledge gap? ID’ing phishing threats, says study

An analysis of workers’ cyber knowledge gaps found that ends users last year struggled most with identifying phishing threats and protecting data throughout its lifecycle, according to a new report from Proofpoint. Titled “Beyond the Phish 2019, the report incorporated data gathered from roughly 130 million answers to questions that were posed to endpoint users…

What fresh hell is this? Fileless malware campaign spread Astaroth backdoor last spring

Microsoft’s Defender ATP Research Team yesterday revealed its discovery of a late-spring, fileless malware campaign that used “living-off-the-land” techniques to infected victims with information-stealing Astaroth backdoor. The attackers behind this particular campaign abused a multiple of legitimate services in order to deliver the final payload, including the Windows Management Instrumentation Command-line tool (WMIC), the BITSAdmin command-line…

DHS election lead warns state secretaries of phishing threat leading up to 2020

A Department of Homeland Security (DHS) official warned a Santa Fe, N.M., gathering of secretaries of state to beware of phishing attempts that might target their state and local election systems and workers. “We know that phishing is how a significant number of state and local government networks become exploited,” an ABC News report cited…

Fake Facebook political pages tricked Libyans into downloading RATs

A mysterious hacker has for years been tricking Libyan citizens into infecting themselves with mobile and desktop malware by luring them to weaponized Facebook pages that impersonate key local figures and purport to deliver news of interest to the civil war-torn nation’s people. Researchers from Check Point Software Technologies have traced the campaign – dubbed…

Researches: Wipro breach part of much larger gift card fraud operation

The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states. What’s more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a…

Sodinokibi ransomware campaigns span growing array of attack vectors

Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit. Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging…

Next post in Phishing