A phishing campaign in multiple enterprise email environments purportedly protected by Proofpoint and Microsoft entices users with false event invitations in the form of .ics calendar invite attachments, Cofense Phishing Defense Center (PDC) reported. The convoluted scheme dupes recipients into thinking their bank accounts have been compromised, even though the ruse’s initial focus is stuffing…
Australian Prime Minister Scott Morrison warned late last week that a sophisticated, state-sponsored cyber actor has been attacking the country’s government and corporate institutions, as well as critical infrastructure operators, with increasing regularity. Morrison did not name-and-shame the specific country that is responsible for the alleged attacks. But inside sources told Reuters that China is…
North Korea’s Lazarus group is likely behind a planned coronavirus-related phishing campaign taking aim at more than 5 million businesses and people in the U.S. and five other countries June 21. “The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support initiatives,” researchers at Cyfirma…
“Two can play at this game…” Cybersecurity is a non-stop arms race between white hats and malicious hackers, and the three “A’s” — automation, analytics and artificial intelligence — are among the more powerful defensive tools that CISOs can implement to defend their organizations. But cybercriminals can also potentially employ them to magnify their attacks…
A cyber espionage operation used fake job offers, sent via LinkedIn messages, to target employees at aerospace and military companies in Europe and the Middle East late last year, researchers from ESET have reported. The highly targeted campaign — dubbed Operation In(ter)ception (an allusion to one malware sample’s file name) — took place from September…
Behind nearly every cybersecurity incident there’s a person who was either unwittingly duped or with malicious intent breached an organization from the inside. But as the rich array of experts in the Awareness, Decisions & Devices: The Human Layer of Security track at InfoSec World 2020 can attest, it’s possible to boost awareness and spark…
Scammers often craft social engineering schemes around major crises and news events, as demonstrated by the wealth of coronavirus-themed phishing campaigns seen this year. Now, as massive U.S. and global protests continue following the May 25 killing of George Floyd at the hands of a Minneapolis police officer, a new phishing operation is attempting to…
One hundred German companies in need of personal protective equipment (PPE) such as facemasks and medical gear were targeted in a COVID-19 phishing scheme designed to steal and exfiltrate user credentials. IBM X-Force IRIS discovered unknown hackers erected a fake Microsoft login page connected to different Yandex email accounts, although it was unknown how many…
Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their voicemail recordings. In a company…
Joe Biden and Donald Trump’s campaigns may be worlds apart on issues and in style, but they share common cyber enemies, according to the Google Threat Analysis Group (TAG), which said both are the targets of phishing campaigns by nation-states like China and Iran. “Recently TAG saw China APT group targeting Biden campaign staff &…
