Thousands of BEC lures use Google Forms in recon campaign
While the threat actor’s motives are not fully apparent, researchers believe it was an effort to conduct reconnaissance for future campaigns.
About SC Media
Phishing
Surge in remotely hosted phish images? Some say it’s business as usual
In Nov. 2020 alone, company blocked 262 million emails containing malicious, remotely hosted images.
Malspam campaign spoofs email chains to install IcedID info-stealer
A phishing campaign has been disguising its spam as an email chain, using messages taken from email clients on previously compromised hosts.
Fourth breach at T-Mobile puts focus on security post mergers
The poor record raises questions about whether the mobile carrier’s massive merger with Sprint left the combined company more vulnerable.
From diversity efforts to pandemic recovery, workforce issues will evolve in 2021
Vaccine distribution could mean a return to offices, but most experts expect a new hybrid model to emerge. Pile that on top of the already challenging situation posed by a supposed skills gap and efforts to improve diversity, and the cybersecurity community may need to redefine workforce priorities.
2021 strategy predictions: Shifts in business models, shifts in security priorities
Enhanced email security? Growth of digital identities? Vulnerability management born from mergers and acquisitions? No more VPNs? Here, cybersecurity experts offer their take on what strategic shifts we should expect within the enterprise.
2021 threat predictions: Bad actors that honed their craft with COVID are ready to go big
Cyber experts expect more sophisticated attacks to come – with ransomware and phishing continuing at a steady, but more advanced clip, and emerging threats tied to deepfakes and 5G beginning to show impact.
Treasury asks financial sector to watch out for COVID vaccine scams, ransomware
The Financial Crime Enforcement Network detailed for banks or other financial services organizations potential issues, asking the sector to be particularly attuned to ransomware attacks on distribution networks and the supply chains for the manufacture of vaccines.
Credential phishing attack impersonating USPS targets consumers over the holidays
The credential phishing attack impersonated the U.S. Postal Service that sought to get victims to give up their credit card credentials and pay a special delivery fee within three days to ensure package delivered.
Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame?
Researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft’s servers were not enforcing protective DMARC authentication protocols when communications were received – and perhaps still are not.
Want to read more?
Next post in Phishing
