Security News

New phishing attack SpoofedScholars targets professors and writers specializing in the Middle East
2021-07-13 04:00

Proofpoint security analysis details the latest attack that uses the lure of speaking at a conference to steal credentials. SpoofedScholars is a new credential phishing attack that uses a University of London website to steal information from researchers who specialize in the Middle East, according to new analysis from Proofpoint.

Warning: 1 in 3 employees are likely to fall for a phishing scam
2021-07-09 15:04

Cybersecurity training company KnowBe4 reports that the number of employees likely to fall for phishing emails drops dramatically with proper instruction on how to recognize an attack. A new study from cybersecurity training and phishing simulation company KnowBe4 found that one in three untrained users were likely to fall for phishing or social engineering scams.

Kaseya warns of phishing campaign pushing fake security updates
2021-07-09 09:57

Kaseya has warned customers that an ongoing phishing campaign attempts to breach their networks by spamming emails bundling malicious attachments and embedded links posing as legitimate VSA security updates. "Spammers are using the news about the Kaseya Incident to send out fake email notifications that appear to be Kaseya updates. These are phishing emails that may contain malicious links and/or attachments," the company said in an alert issued on Thursday evening.

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing
2021-07-07 16:23

A Moroccan man suspected of being "Dr HeX" - the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding - has been arrested. Interpol announced the bust - which took place in Morocco in May - on Tuesday, describing it as the result of a joint two-year probe dubbed Operation Lyrebird that saw Interpol working closely with the Moroccan police and security firm Group-IB. The unnamed suspect allegedly helped to develop carding and phishing kits to sell on criminal online forums.

Report shines light on REvil's depressingly simple tactics: Phishing, credential-stuffing RDP servers... the usual
2021-07-07 15:00

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

DeltaNet International Phishing Simulator strengthens phishing attacks awareness training
2021-06-30 02:15

DeltaNet International announced the availability of its Phishing Simulator, to help organizations strengthen their cybersecurity awareness training against phishing attacks. The phishing simulation tool can be used simply to test the susceptibility of an organization from falling victim to a phishing attack, but when combined with follow-up training to close knowledge and risk gaps, users can experience true added value.

US brokerage firms warned of 'FINRA Support' phishing attacks
2021-06-24 14:12

US securities industry regulator FINRA is warning brokerage firms of an ongoing phishing attack pretending to be from 'FINRA Support. FINRA is a government-authorized non-profit organization that regulates all exchange markets and securities firms publicly active in the United States.

Phishing attack's unusual file attachment is a double-edged sword
2021-06-24 12:00

As secure email gateways and security software become more advanced and adapt to ever-changing phishing campaigns, threat actors resort to more unusual file formats to bypass detection. In the past, phishing scams switched to unusual attachments such as ISO files or TAR files which are not commonly found as email attachments.

Scammer arrested for phishing operation, sent 25,000 texts in a day
2021-06-23 17:04

The police has arrested an individual last week for sending fraudulent text messages to thousands of people to obtain banking details and defraud them. The arrest took place on June 17 at a hotel in Manchester, UK, where the 21-years old fraudster had taken a room and used it as the headquarters of the phishing operation.

Threat Actors Use Google Docs to Host Phishing Attacks
2021-06-17 13:00

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims' credentials. The attack begins with an email that includes a message that could be relevant to business users who commonly use Google Docs within their corporate environment.