Researchers on Thursday reported that hackers are using standard tools within Google Docs/Drive to lead unsuspecting victims to fraudulent websites, stealing credentials in the process.
Using a hijacked Constant Contact email marketing account of USAID, the adversaries sent phishing emails to roughly 3,000 accounts at more than 150 different organizations. About 25 percent of these targets were international development, humanitarian and human rights organizations.
a campaign of remote access trojans is targeting the aerospace and travel industries with spear-phishing emails that distribute an actively developed loader, which then delivers RevengeRAT or AysncRAT.
SEGs and sandbox rules are designed to spot them, and employees are trained to distrust them, so attackers are taking an alternate approach.
Cloud malware can be used to conduct reconnaissance, launch employee-to-employee attacks, and steal files and emails from cloud platforms.
Email security solutions featuring machine learning or computer vision should be able to identify the fake logo and sniff out the attack.
Companies are often pilloried in the wake of data breaches for lacking transparency or leaving their users in the dark about potential impact. This incident demonstrates the flip side of that coin, how information or communications from a company following a breach can be weaponized by bad actors.
On the day that KnowBe4 shares began trading on Wall Street, SC Media caught up with CEO and founder Stu Sjouwerman on the company’s plans to expand international sales and leverage automation and machine learning to further explore the human layer of cybersecurity.
LinkedIn has become one of the most impersonated brands when it comes to phishing, and having access to such a treasure trove of information can help facilitate convincing social engineering attacks.
The Golden Chickens gang is using a backdoor trojan to gain access to target’s cloud infrastructure, while MoleRats actors use audio tool to sound like women in vishing messages, and hackers target universities in latest IRS-themed phish.
