Security News

Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials. SpoofedScholars is a new credential phishing attack that uses a University of London website to steal information from researchers who specialize in the Middle East, according to new analysis from Proofpoint.

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack. A new study from cybersecurity training and phishing simulation company KnowBe4 found that one in three untrained users were likely to fall for phishing or social engineering scams.

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates. "Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments," the company said in an alert issued on Thursday evening.

A Moroccan man suspected of being "Dr HeX" - the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding - has been arrested. Interpol announced the bust - which took place in Morocco in May - on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

DeltaNet International announced the availability of its Phishing Simulator, to help organizations strengthen their cybersecurity awareness training against phishing attacks. The phishing simulation tool can be used simply to test the susceptibility of an organization from falling victim to a phishing attack, but when combined with follow-up training to close knowledge and risk gaps, users can experience true added value.

US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support. FINRA is a government-authorized non-profit organization that regulates all exchange markets and securities firms publicly active in the United States.

As secure email gateways and security software become more advanced and adapt to ever-changing phishing campaigns, threat actors resort to more unusual file formats to bypass detection. In the past, phishing scams switched to unusual attachments such as ISO files or TAR files which are not commonly found as email attachments.

The police has arrested an individual last week for sending fraudulent text messages to thousands of people to obtain banking details and defraud them. The arrest took place on June 17 at a hotel in Manchester, UK, where the 21-years old fraudster had taken a room and used it as the headquarters of the phishing operation.

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims' credentials. The attack begins with an email that includes a message that could be relevant to business users who commonly use Google Docs within their corporate environment.