That anti-phishing training email your employees just received may, ironically, actually be a phishing email, according to cyber threat analysts who recently uncovered a security awareness-themed online social engineering campaign. In a blog post on Wednesday, experts at Cofense reported on a phishing campaign that sends emails purporting to be a notification urging employees to…
Attackers using a novel credential phishing attack that leverages Active Directory to verify a victim’s password and gain access to an Office 365 account targeted a top financial person in a division of a large American corporation. Once inside a victim’s account, bad actors could access sensitive financial documents, emails, calendar items and contact lists,…
Since late June, the platform’s file storage domain – slack-files.com – appeared to pop up with far more regularity on the Phish Alert Button, leading KnowBe4 researchers to surmise that Slack users using the referral URL domain, slack-redir.net, are being duped with malicious payloads, raising concerns. And if an attacker can penetrate an organization and take…
Multiple hacking gangs are preying on remote workforces and corporate VPNs through vishing attacks that are more efficient, dangerous and ubiquitous than ever, prompting the U.S. government to issue both a warning and advice on how to thwart them. “The news has spread throughout the hacker community and multiple groups are now doing this,” said…
The hacker collective known as DeathStalker has recently widened its footprint to include small to medium-sized business (SMB) targets in the financial sector throughout Europe, Middle East, Asia and Latin America. Deathstalker’s tactics, techniques and procedures aren’t different from when it first emerged as a hacker-for-hire, according to Kaspersky, which tracked Deathstalker’s activities for the…
Security teams should brace for a potential onslaught of ransomware attacks – more troubling as workforces operate remotely during the pandemic – after the public-facing profiles of 235 million TikTok, Instagram and YouTube users were exposed through a misconfigured database. “Since everybody is working remotely, those phishing attacks can compromise a personal device, which then…
Australian design platform Canva unwittingly provided phishing campaigns with graphics, making threat actors’ schemes appear more legitimate as they pilfer credentials through social engineering trickery.
Orchestrated by the Russian-speaking RedCurl group, the attack stole information on a variety of businesses – mostly in construction, finance, consulting, retail, insurance, law and travel.
It may be unsophisticated but the Agent Tesla RAT is “street-wise,” adapting and evolving just enough to wreak havoc on organizations’ security efforts. Recent improvements to the malware include more robust spreading and injection methods, as well as discovery and theft of wireless network details and credentials, according to an analysis by SentinelOne. Expanding its…
The hack of a U.K. trade minister’s email account – the result of a spear phishing campaign likely engineered by Russian operatives – led to the leak of U.S.-U.K. trade documents and perpetuated a disinformation campaign credited with influencing the 2019 U.K. election. Hackers were able to successfully access the email of Trade Minister Liam…
