Security News

Passwordstate hackers phish for more victims with updated malware
2021-04-28 14:38

Click Studios, the software company behind the Passwordstate enterprise password manager, is warning customers of ongoing phishing attacks targeting them with updated Moserpass malware. Click Studios published a second advisory on Sunday, saying that "Only customers that performed In-Place Upgrades between the times stated above are believed to be affected and may have had their Passwordstate password records harvested."

Chase Bank Phish Swims Past Exchange Email Protections
2021-04-28 14:02

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. "These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.

Tax Phish Swims Past Google Workspace Email Security
2021-04-13 18:29

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. According to Armorblox, the campaign also bypasses native Google Workspace email security filters in the victims it examined.

Phish Leads to Breach at Calif. State Controller
2021-03-23 18:01

The phishers had access for more than 24 hours, and sources tell KrebsOnSecurity the intruders used that time to steal Social Security numbers and sensitive files on thousands of state workers, and to send targeted phishing messages to at least 9,000 other workers and their contacts. "SCO has notified the employee's contacts who may have received a potentially malicious email from the unauthorized user. SCO team members have identified all personal information included in the compromised email account and begun the process of notifying affected parties. The Controller is going over and beyond the notification requirements in law by providing both actual mailed notification and substitute notification in an effort to ensure the broadest possible notification."

No phish for the likes of you, thank you very much! Google finds email villains are picky about demographics, country
2021-02-10 09:30

Kind old Google has published data on targeted email attacks and dispensed advice to help users separate friend from foe. The pandemic has presented malware-laden email flingers with a world of opportunity and a whole new set of attack vectors.

Google Forms Abused to Phish AT&T Credentials
2020-11-04 21:48

More than 200 Google Forms impersonate top brands - including Microsoft OneDrive, Office 365, and Wells Fargo - to steal victims' credentials. Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims' credentials.

IRS COVID-19 Relief Payment Deadlines Anchor Convincing Phish
2020-10-07 13:14

A credential-phishing email campaign is making the rounds, using the lure of coronavirus tax relief to scam people into giving up their personal information. The emails purport to contain an important document about COVID-19 relief funds from the IRS. Clicking the link in the email leads readers to a SharePoint form that they were told to complete before accessing the document, according to Chetan Anand, co-founder and architect at Armorblox.

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy
2020-10-02 20:39

The emails purport to come from the U.S. Election Assistance Commission, an independent agency of the United States government that serves as a national resource of information regarding election administration. The emails subject says "voter registration application details couldnt be confirmed," and the body of the email tells users: "Your Arizona voter's registration application submitted has been reviewed by your County Clerk and some few details couldnt be comfirmed".

Phish Scale: New method helps organizations better train their employees to avoid phishing
2020-09-21 04:30

Researchers at the National Institute of Standards and Technology have developed a new method called the Phish Scale that could help organizations better train their employees to avoid phishing. Many organizations have phishing training programs in which employees receive fake phishing emails generated by the employees' own organization to teach them to be vigilant and to recognize the characteristics of actual phishing emails.

SAFE Phish: Phish testing and training redefined
2020-08-06 02:00

Known as SAFE Phish, it's designed to let security teams create training exercises using real-life, de-weaponized campaigns that target their organizations and employees. "With SAFE Phish technology, end-users can safely be exposed to real-life, de-weaponized phishing attacks to make training more effective and provide a data-driven picture of which employees are most at risk. Our research has shown that end-users who have taken Mimecast Awareness Training are 5.2 times less likely to click on dangerous links. We're very excited about how SAFE Phish simulations can further help increase the impact of our security awareness solution."