Phishing | SC Media

Phishing

Adobe fixes zero-day Flash bug after attackers target Russian clinic with exploit

By

Adobe Systems today issued an emergency security update for Flash Player following the discovery of a critical vulnerability that attackers were actively exploiting in a Nov. 29 phishing operation targeting a Russian state health care institution. The zero-day arbitrary code execution exploit was specifically employed against Moscow-based “Polyclinic No. 2” of the Administrative Directorate of…

Humble Bundle breach could be first step in wider attack

By

Sometimes a basic data breach is just the first step in a larger campaign. That appears to be the case with the gaming subscription site Humble Bundle, which began informing its customers of a data breach that may have exposed a person’s subscription status, Malwarebytes reported. While on the outside this appears to be a…

London Blue cybergang compiled list of 50,000 execs for BEC phishing attacks

By

A U.K./Nigerian cybergang with U.S.-based co-conspirators has obtained a list of more than 50,000 corporate officials to be targeted in future Business Email Compromise (BEC) phishing campaigns. The list was generated during a five-month period in early 2018 and of the list, 71 percent were CFOs, two percent were executive assistants and the remainder were…

Giving the game away: Five obvious “tells” in malicious emails

By

By Stu Sjouwerman, CEO, KnowBe4 As the online threats to organizations have grown over the past 10-15 years, security awareness training (SAT) has become a critical component of the security infrastructure deployed by IT departments to protect their networks from attacks by malicious actors, whether those attacks are driven by increasingly sophisticated phishing campaigns, voice-driven…

Pied Piper phishing scheme infests victims with FlawedAmmyy, RMS RATs

By

The cybercriminal threat group TA505 is a key suspect in an ongoing phishing campaign that’s been attempting to infect victims with the FlawedAmmyy and Remote Manipulator (RMS) remote access trojans. Dubbed Pied Piper, the campaign was observed targeting a supplier to several well-known food chains, including Godiva Chocolates, Yogurtland and Pinkberry, according to a Nov. 29 blog…

Marriott breach exposes more than just customer info

By

Marriott’s massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cybersecurity needs to play when a firm is in acquisition mode, along with the damage that even one slip up by an employee can have on the entire company. Marriott has not disclosed exactly…

Phishing campaign spreading CARROTBAT dropper focuses on cryptocurrency, Korean interests

By

A phishing campaign targeting the Korean peninsula is using a malicious dropper called CARROTBAT to deliver decoy documents and secondary payloads such as remote access trojans to its victims. Dubbed Fractured Block, the campaign began last March, but has noticeably picked up steam in the last three months, according to a blog post by Josh…

Midterm election hacking incidents lacking, typosquatting tops the list

By

The U.S. midterm election has passed without any disruptive cybersecurity incidents, but researchers at Bitdefender found some evidence of influence campaigns appearing and cybercriminals using election keywords for money-making scams. Bitdefender found four areas of concern. On the political side, it came across typosquatted domains registered by hackers to spread misinformation, particularly in Texas, or…

Brazil (3)

Brazilian-made bank trojan use spreading

By

When it comes to banking trojans Brazil is not only a leading manufacturer, but most often its residents bear the brunt of these attacks, however, Cybereason has found the same malware normally used to attack this South American country has spread worldwide. The malware was found by Cybereason is being used against banks in more…

Drake’s Fortnite account hacked, Travis Scott may also be affected

By

After taking home a Soul Train Award Toronto rapper Drake may be looking to change his Fortnite account password after someone hijacked his account to spew racial slurs during a charity livestream event. Livestreamer Tyler “Ninja” Blevins was streaming for The Ellen Fund, a wildlife conservation fund created by Ellen host Ellen DeGeneres, when he received an invite…

Next post in News