Security News
SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns. "The idea to develop SniperPhish came to me in a period during which the company I previously worked with did many social engineering assessments. Most of the assessment included phishing campaigns, which means creating and hosting phishing websites and crafting email campaigns. The available tools had certain limitations and were not very effective at simultaneously tracking data from the phishing emails and websites," security consultant Gem George, the tool's creator, told Help Net Security.
Anticipation surrounding the upcoming 93rd Academy Awards broadcast on Sunday is being used by scammers to trick people into giving up their credentials - they think they're about to stream Oscar-nominated films, but the reality turns out to be much different. Prior to the winners being announced during the ceremony, many film fans like to watch as many of the nominated movies as possible.
An ongoing phishing campaign is impersonating Michael Page consultants to push Ursnif data-stealing malware capable of harvesting credentials and sensitive data from infected computers. Attackers spoofing Michael Page UK. "We are continuing to experience a global phishing campaign where our employees are being impersonated," Michael Page UK said.
A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop - iOS and macOS's ad-hoc over-the-air file-sharing service - and found that senders and receivers may leak their contact details in the process. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn't issued a fix.
Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.
In a new report, X-Force said it recently discovered a series of phishing emails targeting 44 companies across 14 countries, all involved in the coronavirus vaccine cold chain, an aspect of the overall supply chain that ensures the safety of vaccines transported and stored in cold environments. Seen last September, the phishing campaign deploys emails spoofing a business executive from Haier Biomedical, a legitimate member company of the COVID-19 vaccine supply chain and reportedly the world's only complete cold chain provider.
Phishing campaigns typically try to arouse interest among potential victims through two strategies. Wells Fargo made the No. 6 spot, used in 4% of all phishing attacks analyzed in the first quarter of 2021.
Most educational organizations experienced phishing attempts, while 33% were victims of an account compromise attack, and 27% were hit by ransomware in 2020, according to a new report from cybersecurity vendor Netwrix. Fewer than half of non-education sector organizations experienced the same level of attack.
With the United State tax season in high gear, threat actors have sprung into action with a recent tax document phishing scam that abuses TypeForm forms to steal your login credentials. In a new report by email security firm ArmorBlox, researchers outline one such phishing scam that aims to take advantage of the 2021 tax season by pretending to be a W-2 tax document shared via Microsoft OneDrive.
A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code. The subject of the phishing email says "Price revision" and it contains no body - just an attachment that, at first glance, looks like an Excel document, but is actually an HTML document that contains encoded text pointing to two URLs located yourjavascript.com, a free service for hosting JavaScript, and a separate chunk of HTML code.