Security News
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the...
"The last six months have been unprecedented - a state of polycrisis remains and everything from elections to warfare to law enforcement activity have accelerated cyber threat actor activity globally. We're seeing radical shifts in behavior," said John Fokker, Head of Threat Intelligence, Trellix. China-linked threat groups, like Volt Typhoon, remain the most prolific originator of advanced persistent threat activities, generating 68.3% of all detections.
A new phishing campaign uses HTML attachments that abuse the Windows search protocol to push batch files hosted on remote servers that deliver malware. The Windows Search protocol is a Uniform Resource Identifier that enables applications to open Windows Explorer to perform searches using specific parameters.
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
The U.S. Department of Justice (DoJ) has sentenced a 31-year-old to 10 years in prison for laundering more than $4.5 million through business email compromise (BEC) schemes and romance scams....
With Alert, you can easily monitor your most important credentials, such as your email, credit card, and ID. Alert will instantly notify you if it appears in breached online databases. Real-time monitoring and email notifications: your details are scanned in real-time, and if there's a new breach, Alert promptly informs you via email.
Conduct regular security training, especially with staff members who work with sensitive data and with executives who are often the targets of BEC. This should include live instruction, security awareness training videos and testing, and phishing simulation testing that use current, real-world attacks as examples. Finally, gamifying the cyber-aware culture by rewarding the employee with "Most reported emails" or the "Fastest reporter" promotes contributing to the overall security posture of the organization while keeping reporting engaging and fun.
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. Affected customers will receive error messages stating, "Microsoft Outlook was not able to create a message with restricted permission" when trying to reply to messages using Microsoft encryption.
Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for...
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. The LockBit Black encryptor deployed in these attacks is likely built using the LockBit 3.0 builder leaked by a disgruntled developer on Twitter in September 2022.