Phishing News, Articles and Updates

Roaming Mantis malicious redirection campaign preys on Android, iOS and PC users

A recently discovered a DNS hijacking campaign that was found spreading banking trojan malware to Android smartphone users largely in Asia has expanded it reach to iOS and PC users as well, while targeting speakers of 27 different languages.

Two alleged Syrian Electronic Army members indicted for spear phishing and defacement campaign

U.S. prosecutors filed an indictment yesterday for two alleged Syrian Electronic Army hacktivists who are accused of compromising news media websites and social media accounts in order to spread propaganda supporting the regime of Sryian president Bashar al-Assad.

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.

Vega Stealer malware targeting marketing, public relations and advertising sectors

Researchers have come across a new ransomware variant named Vega Stealer that is taking special aim at those in the marketing, advertising, public relations and retail/manufacturing industries.

USB drive sniffing K-9 helps capture student hacker

A San Francisco Bay-area student accused of hacking his school's computer system to change grades was captured with the aid of a K-9 unit when its dog was able to sniff out a thumb drive holding incriminating evidence.

Cybercrime losses exceed $1.4B in 2017

Two of the top three crimes, non-payment/non-delivery, and personal data breaches were also in the top spot in 2016 while phishing beat out 419/overpayment scams which dropped to fourth place in 2017, affecting only 23,135 victims compared to the 25,716 victims in 2016.

Phishing campaign aimed at Airbnb guests uses GDPR hook

Phishing emails supposedly from Airbnb hosts seem to be directed to business addresses and ask potential victims to accept a new privacy policy in the lead up to GDPR.

Cyberattack map shows impacted U.S. school districts

A group called the K-12 Cybersecurity Resource Center has created an interactive incident map that shows all of the school districts in the U.S. that have been affected by a cyberattack since 2016.

Michigan man gets 7 years for hacking jail computer to spring inmate

A Michigan man was sentenced to 87 months behind bars for illegally accessing a county government computer in an attempt to spring a county jail inmate early.

New Necurs variant uses internet shortcuts, Quant Loader to deliver payloads

An evolved variant of Necurs botnet malware is using .URL files -- known as internet shortcuts -- as part of its infection chain in order to bypass conventional detection methods.

Simple, but not cheap, phishing kit found for sale on Dark Web

Cybercriminals are nothing if not attuned to finding new customers for their wares, as Check Point and CyberInt have come across a next-generation phishing kit for sale on the Dark Web geared toward the neophyte, but discerning, hacker.

Newcomer cybergang Orangeworm targeting healthcare sector

The healthcare industry is under attack by a new cybergang named Orangeworm, which is striking with the Kwampirs backdoor.

New Desert Scorpion spyware found in malicious chat app aimed at Palestinians

A malicious chat app that was advertised on Facebook and sold in the Google Play store was discovered to execute a previously undiscovered spyware program linked to APT-C-23, an advanced persistent threat group allegedly with ties to Hamas.

Email hoaxes and phishing scams prey off of school violence fears

A Swiss hacking group has reportedly claimed credit for using a hijacked email domain to bombard schools around the U.S. with fake threats of violence. Meanwhile, a credentials phishing campaign is also stoking school shooting fears by impersonating a campus security alert.

Operation Parliament targeting Middle East nations with cyberespionage malware

Kaspersky Labs has detailed a large scale nation-state backed malware campaign called Operation Parliament that is targeting governments and high-level officials in the Middle East and North Africa (MENA) regions.

URL file attacks spread Quant Loader

A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers

Verizon report: Ransomware runs rampant, responsible for 39% of malware-caused breaches

Ransomware was the most commonly detected malware in data breaches and related security incidents last year, climbing from fourth overall in 2016 and all the way from the 22nd spot five years ago, according to Verizon's just released 2018 Data Breach Investigations Report.

Hit them where it hurts...critical infrastructure

Critical infrastructure is being targeted by cybercriminals looking to wreak havoc whether working alone or in concert with nation-states.

Microsoft adds ransomware protection, recovery tools to Office 365

Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyberthreats, including ransomware.

Information on 6,800 CareFirst members exposed in phishing attack

CareFirst BlueCross BlueShield said one of its employees fell victim to a phishing attack that led to thousands of its members' personal information being exposed.

10 Ways to tell if that email is legitimate...or not

More sophisticated spear-phishing and whaling attacks — attacks that focus on specific individuals — take more time to prepare and research, but they too can be very inexpensive to perform.

Justice was overdue: Indicted Iranian hackers phished targets using library account lures

The nine Iranian hackers who were indicted last Friday for allegedly exfiltrating 31 terabytes of research documents and credentials from academics, companies and government agencies phished many of their targets using lures intended to trick them into thinking their library accounts were cancelled.

New Sanny info-stealer campaign targets government agencies with evolved malware

Researchers this month discovered a new spear phishing campaign targeting government agencies with an evolved version of Sanny malware, a five-year-old information-stealer that now features a multi-stage infection process, whereby each stage is downloaded from the attacker's server.

A brief history of crime: Email scammers push fake Stephen Hawking contest

You don't have to be a rocket scientist to figure out that a recently observed spam campaign offering an $8 million prize to whoever can answer three questions about the late astrophysicist Stephen Hawking is a big-time scam.

Phishing or Ransomware? Experts dispute which is biggest cyber-threat

Cyber-security executives and business decision makers question whether phishing emails or ransomware attacks are the most potent threats faced, but are businesses equipped to implement all-round risk mitigation strategies?

Phishing Madness? Ohio State University phishes students to teach security

Although it couldn't manage to outscore Gonzaga in the NCAA March Madness Tournament, Ohio State looked to gain brownie points teaching cybersecurity.