Security News

Phishing actors are actively abusing Calendly to kick off a clever sequence to trick targets into entering their email account credentials on the phishing page. The phishing attack begins with phishing emails generated on the Calendly platform that inform the recipient they received new Fax documents.

"As of October 2021, US election officials in at least nine states received invoice-themed phishing emails containing links to websites intended to steal login credentials." On 5 October 2021, unidentified cyber actors targeted US election officials in at least nine states, and representatives of the National Association of Secretaries of State, with phishing emails.

More advanced phishing kits contain a control center to tune the functionalities of the phishing pages, such as by specifying how they will receive data, or performing filtering. Phishing kits make it easier for cybercriminals without technical knowledge to launch phishing campaigns.

According to Expert Insights' recent study, "Almost 20% of all employees are likely to click on phishing email links and, of those, a staggering 67.5% go on to enter their credentials on a phishing website." Since organizations cannot depend on mail filtering to block all attempted phishing attacks, organizations must place a heavy emphasis on end user education.

With attackers increasingly deploying automated attack methods, default credentials are the most common passwords used by these bad actors, acting in effect as a 'skeleton key' for criminal access. Default credentials providing an entry point for attackers.

Large-scale phishing activity using hundreds of domains to steal credentials for Naver, a Google-like online platform in South Korea, shows infrastructure overlaps linked to the TrickBot botnet. Security researchers at cyber intelligence company Prevailion earlier this year identified a massive phishing operation focused on collecting credentials of Naver users.

More than 71,000 employee credentials were stolen and leaked online following a data breach suffered by US chipmaker giant Nvidia last month. The Have I Been Pwned data breach notification service has added data belonging to 71,335 compromised accounts to its database on Wednesday.

Phishing emails to Microsoft users warning of Moscow-led account hacking have started to make the rounds, looking to lift credentials and other personal details. That's according to Malwarebytes, which uncovered a spate of spam email that name-checks Russian hacking efforts.

The widespread malware known as Qbot has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. As shown in the following diagram, Qbot moves quickly to perform privilege escalation immediately following an infection, while a full-fledged reconnaissance scan takes place within ten minutes.

Constella Intelligence released a report which includes new and additional findings pertaining to exposures, breaches, and leakages within the pharma sector, specifically focusing on employees and executives from the top twenty pharma companies on the Fortune Global 500 list. This report uncovers the widespread prevalence of breaches and exposures related to the corporate credentials of employees and executives in the pharma sector, detailing the serious risks emerging from exposed sensitive data that negatively impact customers, employees, executives, brands, public health, and the healthcare system.