Security News

Common Business-Related Phishing Scams Include Fake HR and IT Subject Lines
2024-08-12 12:55

KnowBe4's quarterly phishing test report found that threat actors in Q2 often found success with emails spoofing HR departments. TechRepublic spoke with KnowBe4 Security Awareness Advocate Erich Kron about the results of the phishing tests and how to keep businesses safe from ever-evolving, generative AI-powered phishing attacks.

How Phishing Attacks Adapt Quickly to Capitalize on Current Events
2024-08-12 11:20

In 2023, no fewer than 94 percent of businesses were impacted by phishing attacks, a 40 percent increase compared to the previous year, according to research from Egress. What's behind the surge...

Microsoft 365 anti-phishing alert “erased” with one simple trick
2024-08-08 12:47

Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited emails "Disappear". The alert can be made invisible by changing its background and text colors to white, through CSS style tags.

New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
2024-08-08 09:41

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements, and an Amazon look-alike to harvest the victim's information," Menlo Security researcher Ashwin Vamshi said.

Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net
2024-08-07 13:23

Researchers say cybercriminals can have fun bypassing one of Microsoft's anti-phishing measures in Outlook with some simple CSS tweaks. William Moody, IT security consultant at Certitude, blogged today about how First Contact Safety Tip - a banner displayed in Outlook when a user receives a message from an address that typically doesn't contact them - can be hidden using CSS style tags.

Microsoft 365 anti-phishing feature can be bypassed with CSS
2024-08-07 05:00

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [...]

AI-fueled phishing scams raise alarm ahead of U.S. presidential election
2024-08-06 03:00

Highlighting growth of phishing and digital scams targeting United States citizens, Bolster released a research that identified 24 separate nation-state threat actor groups attempting to exploit rising political tensions across the US to interfere with the 2024 presidential election. "We know the frequency of phishing attacks is increasing, as hackers utilize AI to execute more scams than ever before. In fact, phishing scams are being hosted in the US at a rate of nearly double, compared to 2023. The trend is only accelerating. In May alone, we logged a daily average of more than 45K malicious phishing sites," said Abhilash Garimella, VP of Research at Bolster.

APT28 Targets Diplomats with HeadLace Malware via Car Sale Phishing Lure
2024-08-02 16:16

A Russia-linked threat actor has been linked to a new campaign that employed a car for sale as a phishing lure to deliver a modular Windows backdoor called HeadLace. "The campaign likely targeted diplomats and began as early as March 2024," Palo Alto Networks Unit 42 said in a report published today, attributing it with medium to high level of confidence to APT28, which is also referred to as BlueDelta, Fancy Bear, Fighting Ursa, Forest Blizzard, FROZENLAKE, Iron Twilight, ITG05, Pawn Storm, Sednit, Sofacy, and TA422.

'LockBit of phishing' EvilProxy used in more than a million attacks every month
2024-07-30 14:33

Insight The developers of EvilProxy - a phishing kit dubbed the "LockBit of phishing" - have produced guides on using legitimate Cloudflare services to disguise malicious traffic. "In recent months, Proofpoint has observed a significant increase in EvilProxy campaigns that use Cloudflare services to disguise their traffic, which prevents automated sandbox detection and ensures only targeted human users interact with the phishing links to receive the credential phishing landing pages," Blackford explained.

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
2024-07-30 06:45

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. The cybersecurity company is tracking the "Crafty" phishing and downloader campaign under the name OneDrive Pastejacking.