Security News

The Ukrainian government attributed the activities to a threat actor tracked as UNC1151, a Minsk-based group whose "Members are officers of the Ministry of Defence of the Republic of Belarus." In a follow-up update, the agency said the nation-state group also targets its own citizens, while simultaneously setting its sights on Russian entities -. The development follows a barrage of data wiper and distributed-denial-of-service attacks against Ukrainian government agencies, even as various hacking groups and ransomware syndicates are capitalizing on the chaos to take sides and further their activities.

A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees. According to American cybersecurity firm Proofpoint, the attackers use "Possibly compromised" email accounts of Ukrainian armed service members to deliver the phishing message.

Eighty-four percent of organizations reported falling victim to a phishing attack last year, Egress said, and of those 59% were infected with ransomware as a result. If you add in the 14% of businesses that said they weren't hit with a phishing attack, and you still end up at around 50% of all organizations having been hit with ransomware in 2021.

A large-scale campaign involving over 200 phishing and scam sites has tricked users into giving their personal data to fake investments schemes impersonating genuine brands. The fraudulent operation relies upon the abuse of Google Ads and SEO to draw victims to hundreds of fake websites targeting the Indian audience.

Remember when phishing was a funny new term for tricking people into giving up information? Now there are so many variants, spear phishing, clone phishing, and even whaling! Here are five things to know about Consent Phishing.

The Computer Emergency Response Team of Ukraine warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The phishing emails are being sent from two domains, the former trying to impersonate the i.ua free Internet portal providing email services to Ukrainians since 2008.

The Computer Emergency Response Team of Ukraine warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. The phishing emails are being sent from two domains, the former trying to impersonate the i.ua free Internet portal providing email services to Ukrainians since 2008.

Krazy Glue of the internet Cloudflare has buffed up its email security with the purchase of anti-phishing firm Area 1. Area 1 Security is all about pre-emptively tracking phishing campaigns and preventing customer mailboxes being troubled thanks to its INBOX.CLEAN product.

An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds. The campaign uses emails that feature CitiBank logos, sender addresses that look genuine at first glance, and content that is free of typos.

One of the biggest obstacles to successful phishing attacks is bypassing multi-factor authentication configured on the targeted victim's email accounts. D0x set up a phishing attack using the Evilginx2 attack framework that acts as a reverse proxy to steal credentials and MFA codes.