Security News

Phishing gangs mounting high-ticket BEC attacks, average loss now $80,000
2020-09-01 03:30

Agari reported average wire transfer loss from BEC attacks smashed all previous frontiers, spiking from $54,000 in the first quarter to $80,183 in Q2 2020 as spearphishing gangs reached for bigger returns. During the second quarter of 2020, the average amount of gift cards requested by BEC attackers was $1,213, down from $1,453 in the first quarter of 2020.

Before you head off for the weekend, you have patched your Pulse Secure VPNs, right? Wouldn't want you to be pwned via a phishing link
2020-08-28 23:49

Stop us if you've heard this one before: a remote-code execution vulnerability needs patching in Pulse Secure VPNs. Professional code-probers at GoSecure uncovered a host of security flaws, including CVE-2020-8218, which it publicly disclosed this week after a patch was issued. What we do know is that CVE-2020-8218 can be exploited to execute code on the VPN system by tricking an administrator into, say, opening a URL. "Many vulnerabilities had been found in previous versions of the VPN, so we were eager to see if we could find shortcomings of our own in the latest one," GoSecure's Jean-Frédéric Gauron explained.

Instagram ‘Help Center’ Phishing Scam Pilfers Credentials
2020-08-28 19:38

Turkish-speaking cybercriminals are sending Instagram users seemingly legitimate messages from the social media company, with the aim of stealing their Instagram and email credentials. While previous phishing messages leveraging Instagram as a lure have been sent via email, the attackers in this campaign send the phishing messages on Instagram's platform itself.

Qbot trojan hijacking email threads to carry out phishing campaigns
2020-08-27 14:12

The latest variant of this trojan extracts email threads from Outlook, which it uses for phishing attacks, says Check Point Research. A new phishing campaign analyzed by threat intelligence provider Check Point reveals how the old Qbot trojan has been repurposed to phish people by capturing their email threads.

How phishing attacks have exploited Amazon Web Services accounts
2020-08-25 18:45

A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services. In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.

Outlook “mail issues” phishing – don’t fall for this scam!
2020-08-21 16:57

Even though the blue text of the link itself looks like a URL, it isn't actually the URL that you will visit if you click it. Your email address is embedded in the link in the email that you click on, so the phishing page can fill in the email field as you would probably expect.

Brand impersonation is a go-to tactic for attackers, especially for credential phishing and BEC attacks
2020-08-21 05:00

Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud, according to an Abnormal Security report. There have been surges in COVID-19-themed email security attacks, which continued in Q2, with weekly campaign volume increasing 389% between Q1 and Q2. There has also been a continued increase in BEC attacks targeting finance department employees over C-level executives, which grew by 50% quarter-over-quarter.

University CISOs say zero trust is the best defense against the existential threat of phishing
2020-08-20 18:40

CISOs at Stanford University, the University of Chicago Medicine, and The Ohio State University list phishing as the top security threat to students, professors, and researchers. The group also agreed zero trust is the best security approach but a hard sell in an academic setting.

CISA Warns of Phishing Emails Delivering KONNI Malware
2020-08-17 13:13

The Cybersecurity and Infrastructure Security Agency has published an alert to provide information on attacks delivering the KONNI remote access Trojan. Active since at least 2014 but remaining unnoticed for over three years, KONNI has been used in highly targeted attacks only, including ones aimed at the United Nations, UNICEF, and entities linked to North Korea.

Maryland Officials Warn Gun Dealers About Phishing Scams
2020-08-14 18:18

Authorities in Maryland have issued an advisory about an apparent email phishing scam targeting firearms dealers in the state. Maryland State Police said it was issued after the Maryland State Police Licensing Division was notified Tuesday about emails received by at least two firearms dealers.