Phishing | SC Media


Phishing emails imitate North American banks to infect recipients with TrickBot


An spam-based phishing campaign recently targeted North American banking customers with malicious Excel documents designed to infect victims with a new variant of the information-stealing TrickBot banking trojan, researchers reported earlier this week. The scam dates back to at least Jan. 27 and peaked in volume on Jan. 30, according a new blog post from…

Unauthorized intruder preys on Bayside Covenant Church


The Bayside Covenant Church of Roseville, Calif. reported that for three months last year unauthorized personnel accessed some employee information. In a statement, the church said access was gained to certain email accounts through a still unknown means, from Aug. 3, 2018 to Oct. 20, 2018. The information exposed included names, addresses, Social Security Numbers,…

Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list


Subscribers to a Tibetan Government-in-Exile mailing list were targeted in a recent email-based phishing campaign designed to infect them with a remote access trojan. Dubbed ExileRAT, the trojan is capable of gathering system information, retrieving and pushing files, and executing and ending various processes, according to a blog post from Cisco Systems’ Talos division, whose…

Hundreds of Delaware residents among the victims of BenefitMall breach


Delaware’s Department of Insurance announced yesterday that 650 residents and five companies located within the state were impacted by a 2018 data breach of BenefitMall, a third-party HR services administrator for health insurance companies. It was originally back on Jan. 4, 2019, that BenefitMall, aka Centerstone Insurance and Financial Services, publicly disclosed a “data security…

Phishing campaign throws Shade ransomware at Russians


Attackers this month have revived an email phishing operation that targets Russian speakers with Shade ransomware served via malicious JavaScript attachments. The scam first emerged in a campaign that began in mid-October of last year, before dying down over the holiday period. But January ushered in a more intense second phase that doubled the previous…

12th annual Data Privacy Day advice: complicated passwords, VPNs and fines


Considering the hundreds of millions of records exposed in data breaches just last year, the 12th annual Data Privacy Day could not arrive quickly enough. On the plus side for privacy, at least for EU residents, GDPR went into effect last May and will soon be joined by the California Consumer Privacy Act and other…

Russians targeted in Redaman banking malware operation


An ongoing email phishing campaign designed to spread Redaman banking malware aggressively targeted Russian-speakers, especially those with .ru addresses, over the last four months of 2018. Researchers at Palo Alto Networks’ Unit 42 division reported this week in a company blog post that from September through December, its threat intelligence service detected 3,845 email sessions…

Phishing attacks posing as missed voicemails nab credentials


Threat actors are sending out a wave of phishing emails disguised as missed voicemail notifications in an attempt to bypass both email scanners and user suspicions. The attack is sent in the form of an email purporting to be a notification about a voice message using subject lines such as “PBX Message,” “Voice:Message” or “Voice…

FDA presents guidelines for medical device security

Patient data of 70,000 compromised in Kansas-based Valley Hope Association breach


Kansas-based Valley Hope Association addiction treatment centers are notifying patients their personal information may have been compromised in a phishing attack which granted unauthorized access to an employee’s email account. An investigation revealed on Nov. 23, 2018, that the threat actors logged into the account between Oct. 9-10, 2018, resulting in a risk of unauthorized…

Next post in Security News