Phishing news & analysis | SC Media

Phishing

Tech workforce in defense and aerospace targeted in latest phishing attack

A phishing lure disguised as a legitimate inquiry by a recruiter for a new job opportunity inserts a malicious template into an attached Word document, which then gathers intelligence on the target, usually a highly-skilled technology worker in the aerospace and defense industries. The attack, dubbed Operation North Star, was discovered by researchers in McAfee’s…

Twitter hackers duped employees with phone spear phishing scam

Hackers who briefly commandeered high-profile Twitter accounts to perpetuate a cryptocurrency scam used a phone spear phishing attack to get into to the social media platform’s internal network as well as to “specific employee credentials” to access internal support tools. Not all of the small group of “employees that were initially targeted had permissions to…

DNA companies vulnerable to phishing, privacy violations after attacks

A malicious server compromise recently confirmed by DNA investigation services provider GEDmatch serves as a reminder of the incident response challenges and privacy ramifications that companies face when they trade in sensitive data – in this case, DNA, the most personal of data – especially when such incidents create unique opportunities for targeted phishing campaigns. Owned by…

Twitter hackers accessed direct messages for 36 accounts

The hackers who ran a cryptocurrency scam using high-profile, verified Twitter accounts, including those belonging to Joe Biden, Apple, Bill Gates, Uber and Barack Obama, accessed the direct messages (DMs) of 36 accounts and downloaded account data from eight accounts via “Your Twitter Data.” There is no indication that the DMs of any former or…

cloud server

Phishing attack hid in Google Cloud Services

Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers. In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with a PDF document containing…

Leaked videos offer rare behind-the-scenes look at Iranian APT operation

Threat analysts hit the cyber intel mother lode after uncovering a 40GB data leak that included training videos shedding light on the activities of an Iranian advanced persistent threat group. In a company blog post this week, IBM X-Force Incident Response Intelligence Services (IRIS) said that the leaked assets were the result of an OPSEC error on…

U.S. universities at risk of back-to-school and Covid-19 email fraud

The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn. In particular, students and…

hacker in a hoodie

Unsealed indictment alleges Kazakh man is behind Fxmsp hacking group

Federal prosecutors have indicted Andrey Turchin, a 37-year-old citizen of Kazakhstan, on five criminal counts related to his alleged involvement in a financially motivated cybercriminal hacking collective known as Fxmsp that the Department of Justice says cost victims tens of millions of dollars. Turchin — who also individually goes by the alias Fxmsp — and…

Microsoft phishing domains takedown aimed at familiar criminals refocused on Covid-19

Microsoft has seized a number of phishing domains in an attempt to disrupt cybercriminals who recently switched targets to take advantage of the COVID-19 pandemic. In response to a civil suit brought by the tech giant, the U.S. District Court for the Eastern District of Virginia issued an order that let Microsoft take control of…

Next post in Coronavirus