Cyberattack | SC Media


Top 12 phishing email subject lines


Cybercriminals often try to create a sense of urgency in their phony attempts to swindle unsuspecting users out of crucial information with subject lines that would compel the unsuspecting user into opening the phony email and potentially downloading malicious attachments. Unfortunately, they rarely announce themselves in phishing attacks and some even have the ability to…

Data breaches up 400 percent, 15 billion records compromised: report


The number of data breaches increased more than 400 percent in 2018 exposing almost 15 billion records, according to the identity intelligence company 4iQ. The company’s annual report confirmed 12,440 new breaches, a 424 percent increase compared to 2017, and of the 14.9 billion records compromised, 3.6 billion were confirmed real and exposed for the…

CMS hackers focus on WordPress


WordPress continued to be the most attacked content management system (CMS) attracting an even higher percentage of CMS centered cyberattacks in 2018, according to a new Sucuri report. Full Sucuri report.Download WordPress, which holds a 60 percent market share in the CMS space, was the focus of 90 percent of the attacks, up from 83…

Palisades Park receives $200,000 advance after cyberattack


As proof that not all cyberattacks leave victims broke and out of luck, the New Jersey borough of Palisades Park received a $200,000 advancement on its insurance claim this week after a breach at Mariner’s Bank, based in the nearby town of Edgewater, drained nearly half a million dollars from its accounts. Last month, a…

Russian cyberattackers are in and gone in less than 20 minutes


Russian threat actors are almost eight-times faster at taking advantage of a compromised system compared to other nation-state actors, a tribute to their operational tradecraft, according to Crowdstrike’s 2019 Global Threat report. An analysis of what Crowdstrike calls “breakout time” shows the Russians are quicker, by a factor of eight, at moving laterally through a…

VFEmail hit with ‘Catastrophic’ attack that deleted primary and backup files


Milwaukee-based email provider VFEmail has suffered what it has described as a “catastrophic” attack which has resulted in the destruction of all data in the U.S. on both primary and backup systems. The attackers didn’t demand a ransom but simply went on an attack and destroy mission. Signs of the attack surfaced the morning of…

Banking threat Emotet expands target list, evades two-factor auth

SS7 exploited to intercept 2FA bank confirmation codes to raid accounts


Cybercriminals are exploiting flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world, to empty bank accounts by intercepting messages sent for two-factor-authentication(2FA). The exploit can allow threat actors to track phones across the planet and intercept text messages and phone calls without hacking the…

Phishing attacks posing as missed voicemails nab credentials


Threat actors are sending out a wave of phishing emails disguised as missed voicemail notifications in an attempt to bypass both email scanners and user suspicions. The attack is sent in the form of an email purporting to be a notification about a voice message using subject lines such as “PBX Message,” “Voice:Message” or “Voice…

FDA presents guidelines for medical device security

Patient data of 70,000 compromised in Kansas-based Valley Hope Association breach


Kansas-based Valley Hope Association addiction treatment centers are notifying patients their personal information may have been compromised in a phishing attack which granted unauthorized access to an employee’s email account. An investigation revealed on Nov. 23, 2018, that the threat actors logged into the account between Oct. 9-10, 2018, resulting in a risk of unauthorized…

Next post in Mobile Security