Security News
The Computer Emergency Response Team of Ukraine has warned of new phishing attacks that aim to infect devices with malware. The ZIP file contains a Microsoft Compiled HTML Help file that embeds JavaScript code responsible for launching an obfuscated PowerShell script.
ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. The phishing websites targeting iOS instruct victims to add a Progressive Web Application to their home screens, while on Android, the PWA is installed after confirming custom pop-ups in the browser.
Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin...
A file-sharing phishing attack is a unique type of phishing threat in which a cybercriminal poses as a known colleague or familiar file-hosting or e-signature solution and sends a target a malicious email containing a link to what appears to be a shared file or document. File-sharing phishing attacks would be a pressing issue regardless of volume, as one single successful attack can have costly consequences.
Malicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services. "Attackers can use Xeon to send...
Google has joined Microsoft in publishing intel on Iranian cyber influence activity following a recent uptick in attacks that led to data being leaked from the Trump re-election campaign. APT42 is largely relying on what Google's TAG calls "Cluster C" phishing activity - distinguished methods that have been in use since 2022, characterized by attempts to impersonate NGOs and "Mailer Daemon."
The Computer Emergency Response Team of Ukraine has warned of a new phishing campaign that masquerades as the Security Service of Ukraine to distribute malware capable of remote desktop access. The agency is tracking the activity under the name UAC-0198.
KnowBe4's quarterly phishing test report found that threat actors in Q2 often found success with emails spoofing HR departments. TechRepublic spoke with KnowBe4 Security Awareness Advocate Erich Kron about the results of the phishing tests and how to keep businesses safe from ever-evolving, generative AI-powered phishing attacks.
In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What's behind the surge...
Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear". The alert can be made invisible by changing its background and text colors to white, through CSS style tags.