Security News

Pepco Group has confirmed that its Hungarian business has been hit by a "Sophisticated fraudulent phishing attack." The European company, which operates shops under the Pepco, Poundland and Dealz brands, said that the company lost approximately €15.5 million in cash as a consequence of the attack.

Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos,...

In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. "As we unveil the statistics from the 2024 Annual State of Email Security Report, it's evident that the email-based attack vector is evolving at an unprecedented pace going into 2024," said David Van Allen, CEO of Cofense.

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. A few days later, the Bitwarden team announced they would add another layer of safety, allowing iframe auto-fills only on trusted sites and subdomains from the origin domain.

The future of cybersecurity: Anticipating changes with data analytics and automationIn this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. Rise in cyberwarfare tactics fueled by geopolitical tensionsIn this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in 2024.

The number of senior business executives stymied by an ongoing phishing campaign continues to rise with cybercriminals registering hundreds of cloud account takeovers since spinning it up in November. In addition to the hundreds of ATOs, "Dozens" of Azure environments were also compromised, Proofpoint said.

Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. While phishing is generalized in that one phishing email may be sent to millions of people, spear phishing is highly targeted.

Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an epicenter for cybercrime, enabling threat actors to...

New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems. The attackers used what looks like a compromised Teams user to send over 1,000 malicious Teams group chat invites, according to AT&T Cybersecurity research.

A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials. The phishing campaign started around a year ago, with Facebook having trouble blocking the posts as they continue to this day.