Security News

Google Workspace adds new phishing protection, client-side encryption
2021-06-15 12:00

Google Workspace has been updated with client-side encryption and new Google Drive phishing and malware content protection. Enabling Client-side encryption for a document will only allow you and your partner who holds the key to access the contents of the encrypted Google Workspace files.

Phishing maintained near-record levels in the first quarter of 2021
2021-06-14 03:00

The APWG's new Phishing Activity Trends Report reveals that phishing maintained near-record levels in the first quarter of 2021, after landmark increases of 2020 in which reported phishing websites doubled. The number of reported phishing websites peaked in January 2021 with an all-time high of 245,771 before declining later in the quarter.

Lewd Phishing Lures Aimed at Business Explode
2021-06-08 20:45

Attackers have amped up their use of X-rated phishing lures in business email compromise attacks. Besides being personally embarrassing, these phishing attacks are becoming increasingly dangerous to organizations.

US brokerage firms warned of ongoing phishing with penalty threats
2021-06-08 15:28

FINRA, the U.S. securities industry regulator, has warned brokerage firms of an ongoing phishing campaign threatening recipients with penalties unless they provide the information requested by the attackers. Org domain used in these ongoing phishing attacks was registered on June 7 using the Hosting Concepts B.V. domain registrar.

Phishing uses Colonial Pipeline ransomware lures to infect victims
2021-06-04 18:51

The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files. Threat actors did not lose much time after the Colonial Pipeline incident and used it as a theme in a new phishing campaign deployed a couple of weeks later.

How X-rated phishing attacks try to blackmail their victims
2021-06-02 15:12

Phishing emails try to entrap people by pushing subjects designed to exploit their fears, interests, anxieties and curiosity. For its latest research, GreatHorn discovered that phishing attacks are increasingly using X-rated material in emails aimed at corporate employees.

DoJ Charges Rhode Island Woman in Phishing Scheme Against Politicians
2021-06-02 12:54

The Department of Justice has charged a woman in Rhode Island in a phishing campaign against candidates for political office and related associates that impersonated various individuals-including campaign workers and the Microsoft security team-in an attempt to trick victims into providing account credentials. The U.S. Attorney's Office for the District of Massachusetts has charged Diana Lebeau, 21, of Cranston, R.I., with "Attempted unauthorized access to a protected computer," according to a press release from the DoJ. The charge relates to a phishing campaign Lebeau allegedly mounted beginning in January 2020 against about 22 campaign staffers for an unnamed candidate for political office, as well as another political candidate-also not identified-and related associates, according to the DoJ. Assistant U.S. Attorney Seth Kosto is prosecuting the case.

Feds seize two domains used by SolarWinds intruders for malware spear-phishing op
2021-06-02 00:23

Uncle Sam on Tuesday said it had seized two web domains used to foist malware on victims using spoofed emails from the US Agency for International Development. The malicious messages, masquerading as legitimate emails from USAID, went out to thousands of email accounts at over a hundred different organizations.

US seizes domains used by APT29 in recent USAID phishing attacks
2021-06-01 20:56

The US Department of Justice has seized two Internet domains used in recent phishing attacks impersonating the U.S. Agency for International Development to distribute malware and gain access to internal networks. Com and were used to receive data exfiltrated from victims of the targeted phishing attacks and send further commands malware to execute on infected machines.

Kenyan Arrested in Qatar First Targeted by Phishing Attack
2021-05-31 13:18

A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there found himself targeted by a phishing attack that could have revealed his location just before his arrest, analysts say. While analysts from Amnesty International and Citizen Lab said they were unable to say who targeted Malcolm Bidali, the phishing attack mirrored others previously carried out by Gulf Arab sheikhdoms targeting dissidents and political opposition.