Security News

The U.S. Agency for Global Media has disclosed a data breach that exposed the personal information of current and former employees and their beneficiaries. USAGM is a US government agency whose mission is to "Inform, engage, and connect people around the world in support of freedom and democracy." USAGM operates broadcast networks, such as Voice of America, Radio Free Europe, Office of Cuba Broadcasting, Radio Free Asia, and Middle East Broadcasting Networks, to deliver news and information to people worldwide.

Two waves of global financial phishing attacks that swamped at least 50 organizations in December have delivered three new malware families, according to a report from FireEye's Mandiant cybersecurity team. On Tuesday, the team said that they've dubbed the hitherto-unseen malware strains Doubledrag, Doubledrop, and Doubleback.

A global-scale phishing campaign targeted worldwide organizations across an extensive array of industries with never-before-seen malware strains delivered via specially-tailored lures. UNC2529, as Mandiant threat researchers track the "Uncategorized" threat group behind this campaign, has deployed three new malware strains onto the targets' computers using custom phishing lures.

These popular banks are being spoofed in attacks targeting people filing taxes, getting stimulus checks and ordering deliveries, says Check Point.

Click Studios, the Australian software firm which confirmed a supply chain attack affecting its Passwordstate password management application, has warned customers of an ongoing phishing attack by an unknown threat actor. "We have been advised a bad actor has commenced a phishing attack with a small number of customers having received emails requesting urgent action," the company said in an updated advisory released on Wednesday.

Cybercriminals target Rogers customers with a new SMS phishing campaign pretending to be refunds for last week's Canada-wide wireless outage. Last week, Rogers suffered a massive outage throughout Canada, preventing users from accessing wireless voice and data services.

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky. In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.

Smishing is much like email phishing scams, but instead sends deceptive or malicious links through text messages. While these types of scams have been exploiting email accounts for decades, cybersecurity professionals should be especially worried about the dramatic rise in smishing attacks over the past couple of years.

Two email campaigns discovered by Armorblox impersonated Chase in an attempt to steal login credentials. In a new report released Tuesday, email security provider Armorblox looked at two recent phishing campaigns aimed at Chase Bank customers and offered advice on how to protect yourself from such scams.

Using the kill chain to assess how an attacker would approach your organization makes it easier to understand which steps, at a minimum, would need to be taken by an arbitrary attacker to succeed in a phishing attack against your company. Phishing is usually thought of as only occurring during the "Delivery" phase of an attack.