Security News

In the past week, an average of 18 million COVID-19 phishing emails were sent per day via Gmail to unsuspecting marks, according to Google. Google said its malware scanner uses deep-learning tech to detect malware on 300 billion attachments each week, and 63 per cent of dodgy docs blocked by Gmail are different from day to day.

GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts. They could create a GitHub personal access token, which allows the user to access their GitHub account using the Security Assertion Markup Language.

Phishing kits are the new bestsellers of the underground market, with the number of phishing kit ads on underground forums and their sellers having doubled in 2019 compared to the previous year, Group-IB reveals. Phishing kits represent archive files with a set of scripts that ensure the work of a phishing website.

Corporations and public sector organizations can now assess their workforce's exposure to dangerous phishing attacks, which are escalating as social distancing requires most employees to work from home. Managers can now characterize the weaknesses in their staff's ability to defend against phishing and online social engineering scams, thanks to "Can We Be Phished?", a new, freely available online assessment from Click Armor, the Continuous Cybersecurity Awareness Platform.

Cyberattackers are disguising themselves as big name brands to execute phishing attacks, a Check Point Research report found. Phishing is known as a social engineering method criminals use to fraudulently steal information, which is then used to gain access to devices or networks, according to TechRepublic's phishing cheat sheet.

The number of COVID-19-themed attacks has increased significantly over the past couple of months, but they represent only a fraction of daily threats, security firms say. At the moment, the tech giant is seeing roughly 60,000 phishing emails that carry COVID-19 related malicious attachments or malicious URLs each day.

The phishing emails led to malicious websites that used the same HTML and CSS found in actual White House sites, says email security provider INKY. Phishing emails and their associated websites often impersonate well-known organizations, brands, businesses, and other familiar subjects to try to trap potential victims. A series of recent phishing emails examined by INKY targeted people curious or anxious about COVID-19 by impersonating the White House and some in the administration.

An ongoing phishing campaign is reeling in victims with a recycled Cisco security advisory that warns of a critical vulnerability. The campaign urges victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. The campaign is looking to leverage the wave of remote workers who, in the midst of the coronavirus pandemic have come to rely on online conferencing tools like Webex.

Enterprise SaaS-based attacks are becoming more prevalent, according to Menlo, which said that 97% of these attacks use just five popular SaaS services. With the coronavirus spreading, such phishing attacks are likely to increase, while attackers are expected to continue to evolve their techniques.

Akamai researchers have seen recycled phishing kits from as far back as July being used in coronavirus-based phishing attacks now. While most of these URLs are new, the phishing kits that operate in the background are not.