Security News

Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials. GitHub let Dropbox know the next day, and the cloud storage outfit investigated.

Cloud communications company Twilio disclosed a new data breach stemming from a June 2022 security incident where the same attackers behind the August hack accessed some customers' information. The attacker used social engineering to trick an employee into handing over their credentials in a voice phishing attack.

Check Point Research has published its Brand Phishing Report for Q3 2022, which highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’...

Britain's data watchdog has slapped construction business Interserve Group with a potential £4.4 million fine after a successful phishing attack by criminals exposed the personal data of up to 113,000 employees. The Information Commissioner's Office said the Berkshire-based company failed to exercise good security hygiene, missing alerts and more, and so was deemed to have broken data protection laws.

DHL is the most spoofed brand when it comes to phishing emails, according to Check Point. Crooks most frequently used the brand name in their attempts to steal personal and payment information from marks between July and September 2022, with the shipping giant accounting for 22 percent of all worldwide phishing attempts intercepted by the cybersecurity outfit.

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google's ad service to carry out phishing campaigns on financial institutions. In this Help Net Security video, Kevin Cryan, Director of Operational Intelligence at PhishLabs, talks about how this type of attack is different from the one identified by Microsoft - threat actors use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legitimate landing URL on hover.

Panic over the risk of deepfake scams is completely overblown, according to a senior security adviser for UK-based infosec company Sophos. "The thing with deepfakes is that we aren't seeing a lot of it," Sophos researcher John Shier told El Reg last week.

Election workers in US battleground states have been hit by a surge in phishing and malware-laced emails in the run up to their primaries and the upcoming 2022 midterm elections. That's according to Trellix security researchers, who said malicious emails sent to Arizona county election workers rose 78 percent, from 617 to 1,101, between the first and second quarter of the year, ahead of the state's August 2 primary.

Credential phishing attacks continue to exploit COVID-19 to target businesses. Since early 2020, the coronavirus pandemic has given cyber criminals another area that's ripe for exploitation as they try to trick individuals and businesses into divulging sensitive information.

In the latest attacks, phishing emails impersonate the U.S. Small Business Administration and abuse Google Forms to host phishing pages that steal the personal details of business owners. The lures used in the phishing emails are for pandemic financial support programs like the "Paycheck Protection Program", "Revitalization Fund", and "COVID Economic Injury Disaster Loan.".