Security News

Google Workspace has been updated with client-side encryption and new Google Drive phishing and malware content protection. Enabling Client-side encryption for a document will only allow you and your partner who holds the key to access the contents of the encrypted Google Workspace files.

The APWG's new Phishing Activity Trends Report reveals that phishing maintained near-record levels in the first quarter of 2021, after landmark increases of 2020 in which reported phishing websites doubled. The number of reported phishing websites peaked in January 2021 with an all-time high of 245,771 before declining later in the quarter.

Attackers have amped up their use of X-rated phishing lures in business email compromise attacks. Besides being personally embarrassing, these phishing attacks are becoming increasingly dangerous to organizations.

FINRA, the U.S. securities industry regulator, has warned brokerage firms of an ongoing phishing campaign threatening recipients with penalties unless they provide the information requested by the attackers. Org domain used in these ongoing phishing attacks was registered on June 7 using the Hosting Concepts B.V. domain registrar.

The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files. Threat actors did not lose much time after the Colonial Pipeline incident and used it as a theme in a new phishing campaign deployed a couple of weeks later.

Phishing emails try to entrap people by pushing subjects designed to exploit their fears, interests, anxieties and curiosity. For its latest research, GreatHorn discovered that phishing attacks are increasingly using X-rated material in emails aimed at corporate employees.

The Department of Justice has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals-including campaign workers and the Microsoft security team-in an attempt to trick victims into providing account credentials. The U.S. Attorney's Office for the District of Massachusetts has charged Diana Lebeau, 21, of Cranston, R.I., with "Attempted unauthorized access to a protected computer," according to a press release from the DoJ. The charge relates to a phishing campaign Lebeau allegedly mounted beginning in January 2020 against about 22 campaign staffers for an unnamed candidate for political office, as well as another political candidate-also not identified-and related associates, according to the DoJ. Assistant U.S. Attorney Seth Kosto is prosecuting the case.

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development. The malicious messages, masquerading as legitimate emails from USAID, went out to thousands of email accounts at over a hundred different organizations.

The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development to distribute malware and gain access to internal networks. Com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines.

A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say. While analysts from Amnesty International and Citizen Lab said they were unable to say who targeted Malcolm Bidali, the phishing attack mirrored others previously carried out by Gulf Arab sheikhdoms targeting dissidents and political opposition.