Security News

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in...

Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. "Safe Browsing already protects more than 5 billion devices worldwide, defending against phishing, malware, unwanted software and more. In fact, Safe Browsing assesses more than 10 billion URLs and files every day, showing more than 3 million user warnings for potential threats," said Google's Jasika Bawa and Jonathan Li. "If we suspect a site poses a risk to you or your device, you'll see a warning with more information. By checking sites in real time, we expect to block 25% more phishing attempts. The new capability - also rolling out to Android later this month - uses encryption and other privacy-enhancing techniques to ensure that no one, including Google, knows what website you're visiting."

While 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months, according to IRONSCALES and Osterman Research. 76% of organizations were still compromised by image-based and QR code phishing attacks over the past 12 months.

Users in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP...

What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity. Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.

Researchers demonstrated how they could conduct a Man-in-the-Middle phishing attack to compromise Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.

An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.

We know what went on at security awareness training vendor KnowBe4's seventh annual KB4-CON user conference in Florida. In this feature, written by Drew Robb for TechRepublic Premium, you can get to know about KnowBe4's ambitions to weave AI into its product portfolio, and how AI, voice cloning and ChatGPT have changed the way nefarious individuals hack.

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager authentication hashes to perform account hijacks. NTLM hashes are used in Windows for authentication and session security and can be captured for offline password cracking to obtain the plaintext password.

More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Phishing and other social engineering attacks manipulate people into sharing information they shouldn't or making other mistakes that compromise their personal or organizational security.