Security News
Security company GreatHorn shared some of the latest ways cybercriminals are trying to take your money. Here's how to avoid them.
These phishing emails promise compensation, test results, and other lures about the coronavirus to trick unsuspecting users, says Armorblox. With 2020 almost over, such email attacks continue merrily on.
A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape. Terranova Security's new "2020 Gone Phishing Tournament," part of its Phishing Benchmark Global Report, looks at the impact of phishing attacks on the remote workforce, citing an increase in phishing simulation clicks, as well as compromised data.
Over the past week, users of the MetaMask cryptocurrency wallet have been losing funds to a phishing scam that lured potential victims through Google search ads. Although it is unclear how many MetaMask users fell for the scam, some say they ended up with empty wallets after clicking on a fraudulent search ad being promoted as the MetaMask site.
The emails impersonate a member company of the COVID-19 vaccine supply chain to harvest account credentials, says IBM Security X-Force. A calculated cybercriminal operation is targeting companies in the coronavirus vaccine supply chain with phishing emails that appear to be designed to steal sensitive user credentials, IBM Security X-Force said in a report released Thursday.
Cybercriminals are using a recently registered lookalike domain in a phishing campaign targeting United States organizations, FINRA warns. A government-authorized not-for-profit organization, FINRA regulates over 624,000 brokerage firms in the United States.
With the proliferation of malicious websites, domain name system filtering has been adopted as an effective method for blacklisting content and blocking out suspicious webpages. Peter Lowe, security researcher with DNSFilter, talks to Cody Hackett on this week's Threatpost Podcast about how DNS filtering works, how DNS blocking tactics are evolving to keep up with new cybercriminal tricks - and how companies can implement DNS filtering in order to protect themselves.
US securities industry regulator FINRA warned brokerage firms earlier this week of ongoing phishing attacks using a recently registered web domain spoofing a legitimate FINRA website. WHOIS domain data does not provide any information on who registered the phishing domain since all personal information is redacted using the registrar's privacy service.
A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.