A Department of Homeland Security (DHS) official warned a Santa Fe, N.M., gathering of secretaries of state to beware of phishing attempts that might target their state and local election systems and workers. “We know that phishing is how a significant number of state and local government networks become exploited,” an ABC News report cited…
A mysterious hacker has for years been tricking Libyan citizens into infecting themselves with mobile and desktop malware by luring them to weaponized Facebook pages that impersonate key local figures and purport to deliver news of interest to the civil war-torn nation’s people. Researchers from Check Point Software Technologies have traced the campaign – dubbed…
The group responsible for conducting a phishing attack against Indian IT consulting firm Wipro and its clients has since mid-2016 been conducting a far-reaching gift card fraud operation targeting an array of businesses, a new report states. What’s more, the malicious activity bear certain hallmarks of a state-sponsored actor with financial motives, according to a…
Since its discovery of Sodinokibi ransomware last April, cybercriminals have reportedly been attempting to infect networks with the malicious encryption program through a growing number of vectors, including supply chain attacks, spam, and malvertisements that redirect victims to an exploit kit. Sodinokibi encrypts data found in the user directory and prevents data recovery by leveraging…
A new study on a worker’s susceptibility to being successfully phished found those working in the construction industry the most likely to fall for an attack, however, with the proper training this weakness can be almost entirely weeded out. KnowBe4’s Phishing by Industry 2019 report looked at 19 industries breaking them down into three categories,…
User data from Social Engineered, which bills itself as a forum for the “Art of Human Hacking,” was leaked in mid-June and posted on a rival site. “Mybb had a vulnerability yet again and the site got breached along other websites using Mybb,” Social Engineered founder, Snow101, confirmed in a blog post. “We moved over…
An ongoing email-based phishing scam is attempting to fool recipients into opening malicious attachments disguised as notifications from the U.S. Department of Homeland Security (DHS), according to the Cybersecurity and Infrastructure Security Agency, in a warning posted on the official US-CERT web site this past Tuesday. “The email campaign uses a spoofed email address to…
A technique of using Google Calendar invites and events as spam is gathering volume, according to researchers. The mechanics are relatively simple: an attacker crafts an unsolicited calendar invitation carrying a link to a phishing URL, which is sent to the user’s Gmail or G Suite address. By default, smartphone Gmail will automatically add events…
The IRS once again is warning taxpayers to be on the lookout for phishing scams even after tax season has ended. The agency has identified two new variations of tax related scams with one threatening to cancels a victim’s social security while the other claims to threaten victims with an IRS lien or levy, according…
A newly discovered malicious backdoor by the name of Hawkball was recently observed in a campaign apparently targeting one or more Russian-speaking government entities in Central Asia, according to a blog post this week from FireEye Labs. Upon successful infection, Hawkball offers the unidentified attackers a range of malicious capabilities, writes FireEye blog post author…
