LinkedIn has become one of the most impersonated brands when it comes to phishing, and having access to such a treasure trove of information can help facilitate convincing social engineering attacks.
The Golden Chickens gang is using a backdoor trojan to gain access to target’s cloud infrastructure, while MoleRats actors use audio tool to sound like women in vishing messages, and hackers target universities in latest IRS-themed phish.
Today’s columnist, Amos Stern of Siemplify, says while the heyday of SOCs may have passed because of the pandemic, security pros have adjusted and need to focus on the threats at hand: insecure home networks, cloud adoption and phishing.
Employees who are successfully phished with a job offer likely won’t report the incident to their employer, expert says.
A California state agency was victimized by a phishing incident last week in which an employee clicked on a link that provided access to the employee’s account for some 24 hours.
Use of dynamic algorithms could make these phishing schemes look like they are personalized for the recipient.
HP supports many causes to attract women into the cyber field, including work with Black Girls Code. Today’s columnist, Joanna Burkey of HP, says with millions of cyber jobs unfilled, the industry has to do a better job recruiting women and minorities.
Malwarebytes’ exposé of LazyScripter revealed that the group has operated since at least 2018, targeting International Air Transport Association (IATA) members, airlines and immigrants seeking employment in Canada. How significant are such findings? SC media spoke to researchers, who said Identifying a new actor is the first step in creating a defense.
The two email attacks employed a broad range of techniques to get past traditional email security filters and pass the “eye tests” of unsuspecting end users.
The threat actors are “quite clever” in using Google Alerts as an attack vector to prompt users to “update” Adobe Flash Player.
