Security News

As American crude oil crashed on Monday, leading to the bizarre situation of a negative futures contract price, our attention was drawn to a spear-phishing campaign against organizations involved in global oil production. A second, much smaller spear-phishing operation, impersonated a Philippines-based shipping company, targeted oil and gas companies in that country.

Since January, more than 4,000 domains related to coronavirus stimulus packages have been registered, many of them malicious or suspicious, according to Check Point Research. These attacks typically take the form of malicious apps, phishing emails, and phony websites.

Google is striving to block Gmail messages and other content that exploit COVID-19, but there are steps users can take to fight such malware. The popularity of Google Cloud services such as G Suite, Gmail, and Chrome have made their users tempting targets for malware.

GitHub has warned users that they may be targeted in a fairly sophisticated phishing campaign that the company has dubbed "Sawfish." GitHub has pointed out that this phishing campaign has several noteworthy aspects.

Financial phishing has increased in frequency and accounted for more than half of all phishing detections last year, Kaspersky says. Last year, financial phishing accounted for 51.4% of all phishing detections, an increase from the 44.7% share it saw during the previous year.

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google. Google said its malware scanner uses deep-learning tech to detect malware on 300 billion attachments each week, and 63 per cent of dodgy docs blocked by Gmail are different from day to day.

GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts. They could create a GitHub personal access token, which allows the user to access their GitHub account using the Security Assertion Markup Language.

Phishing kits are the new bestsellers of the underground market, with the number of phishing kit ads on underground forums and their sellers having doubled in 2019 compared to the previous year, Group-IB reveals. Phishing kits represent archive files with a set of scripts that ensure the work of a phishing website.

Corporations and public sector organizations can now assess their workforce's exposure to dangerous phishing attacks, which are escalating as social distancing requires most employees to work from home. Managers can now characterize the weaknesses in their staff's ability to defend against phishing and online social engineering scams, thanks to "Can We Be Phished?", a new, freely available online assessment from Click Armor, the Continuous Cybersecurity Awareness Platform.

Cyberattackers are disguising themselves as big name brands to execute phishing attacks, a Check Point Research report found. Phishing is known as a social engineering method criminals use to fraudulently steal information, which is then used to gain access to devices or networks, according to TechRepublic's phishing cheat sheet.