Security News
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7.
We know what went on at security awareness training vendor KnowBe4's seventh annual KB4-CON user conference in Florida. In this feature, written by Drew Robb for TechRepublic Premium, you can get to know about KnowBe4's ambitions to weave AI into its product portfolio, and how AI, voice cloning and ChatGPT have changed the way nefarious individuals hack.
The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager authentication hashes to perform account hijacks. NTLM hashes are used in Windows for authentication and session security and can be captured for offline password cracking to obtain the plaintext password.
More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Phishing and other social engineering attacks manipulate people into sharing information they shouldn't or making other mistakes that compromise their personal or organizational security.
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission employees, using specially crafted single sign-on pages for Okta that appear remarkably similar to the originals. The same campaign also targets users and employees of cryptocurrency platforms, such as Binance, Coinbase, Kraken, and Gemini, using phishing pages that impersonate Okta, Gmail, iCloud, Outlook, Twitter, Yahoo, and AOL. The attackers orchestrate a complex phishing and social engineering attack consisting of email, SMS, and voice phishing to deceive victims into entering sensitive information on the phishing pages, such as their usernames, passwords, and, in some cases, even photo IDs.
A novel phishing kit has been observed impersonating the login pages of well-known cryptocurrency services as part of an attack cluster designed to primarily target mobile devices. “This kit...
76% of enterprises lack sufficient voice and messaging fraud protection as AI-powered vishing and smishing skyrocket following the launch of ChatGPT, according to Enea. 61% of enterprises still suffer significant losses to mobile fraud, with smishing and vishing being the most prevalent and costly.
This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. In the face of rampant phishing attacks that can cause large-scale data breaches, here are some ways you can limit phishing risks.
Pepco Group has confirmed that its Hungarian business has been hit by a "Sophisticated fraudulent phishing attack." The European company, which operates shops under the Pepco, Poundland and Dealz brands, said that the company lost approximately €15.5 million in cash as a consequence of the attack.
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos,...