Security News

SANS cybersecurity training firm suffers data breach due to phishing attack
2020-08-12 16:34

The breach compromised 28,000 records, exposing such data as names, phone numbers, physical addresses, and email addresses. On Aug. 6, security training firm SANS Institute discovered a data breach of approximately 28,000 records as the result of one successful phishing attack against a single employee.

Phishing emails tempting people with fake coronavirus vaccines
2020-08-11 12:58

We've seen phishing emails and malicious content centered around the initial spread of the virus, the resulting lockdown, the transition to remote working, the stimulus payments, and the return-to-work effort. One especially sensitive area found in many phishing emails has been the promise of a coronavirus vaccine.

How phishing attacks have exploited the US Small Business Administration
2020-08-10 16:44

The US Small Business Administration has been offering loans to businesses and other groups affected by the pandemic and lockdown, turning it into a target ripe for impersonation in phishing attacks. A report published Monday by security firm Malwarebytes tracks some of the different phishing campaigns that have sought to exploit the SBA. SEE: Coronavirus: Critical IT policies and tools every business needs.

Google and Amazon most impersonated brands in phishing attacks
2020-08-04 16:30

Phishing attacks typically try to lure in victims by impersonating well-known companies, brands, and products. Released on Tuesday, Check Point's "Brand Phishing Report for Q2 2020" found that Google and Amazon were the most impersonated brands last quarter, each accounting for 13% of the brand phishing campaigns analyzed.

Apple Knocked Off Perch as Most Imitated Brand for Phishing Attacks
2020-08-04 12:20

Google and Amazon overtook Apple in the second quarter of 2020 as the brand most spoofed by attackers to lure people into falling for phishing attacks. While the number of so-called brand-phishing attacks remained stable from the first quarter of 2020 to the second, there was a major shift in position for the companies that threat actors think people are most likely to trust - or whose pages they will most likely click on, according to Check Point Research's Brand Phishing Report for Q2. Brand phishing is a type of attack in which a threat actor imitates an official website of a known brand by using a similar domain or URL in an attack, as well as in some cases a copycat web page similar or identical to the actual company's original website in look and feel.

Breach of high-profile Twitter accounts caused by phone spear phishing attack
2020-07-31 15:14

Twitter has confirmed that the breach of several high-profile accounts that occurred on July 15 was caused by a phone spear phishing attack that targeted a small number of employees. Using the credentials of the affected employees, the attackers managed to compromise 130 different Twitter accounts, including those of Bill Gates, Jeff Bezos, Elon Musk, Joe Biden, and Barack Obama, according to Twitter.

Twitter Employees Targeted With Phone Spear-Phishing in Recent Attack
2020-07-31 13:04

Twitter on Thursday revealed that several employees were targeted with phone spear-phishing in a social engineering attack leading to the recent security incident. A total of 130 accounts were targeted in the incident, with hackers abusing internal Twitter systems and tools to reset the passwords for 45 of them.

Twitter says spear-phishing attack hooked its staff and led to celebrity account hijack
2020-07-31 05:27

Twitter has offered further explanation of the celebrity account hijack hack that saw 130 users' timelines polluted with a Bitcoin scam. "The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack," says a July 30 update to Twitter's incident report.

BitDam releases scanner that detects phishing at first encounter
2020-07-28 23:00

BitDam announced the availability of its new phishing scanner. Phishing attacks are also becoming increasingly sophisticated, making it harder for traditional phishing detection solutions based on reputation and threat intelligence to identify them.

U.S. Election Administrators Failed to Implement Phishing Protections: Study
2020-07-28 16:00

A majority of election administrators in the United States have yet to implement cybersecurity controls designed to provide protection against phishing attacks, a new Area 1 Security report reveals. The U.S. elections have been targeted by phishing as well, with examples including attacks against election-sensitive organizations in 2016 and 2018, and phishing attempts targeting the current 2020 election cycle.