No matter how many warnings are issued and how many times employees may be trained to avoid phishing attacks, some will fall for it. But 25 departments of a county government? Was this a failure of training or are the phishing attacks getting harder to detect because of the use of AI to compose the […]
So far, the CryptoChameleon phishing scam has successfully phished over 100 victims, with many still active. Lookout has discovered a multi-pronged phishing campaign, dubbed “CryptoChameleon,” that mimics legitimate login pages for cryptocurrency platforms and the Federal Communications Commission (FCC) via mobile devices. The kit uses carbon copies of SSO pages and phishing via email, SMS, and […]
Panda Security has a blog post on phishing and how it so profitable that criminals don’t always use stolen credentials themselves — they just sell them to other criminals. From the blog post: Phishing attacks have one purpose – to steal your usernames and passwords. Cybercriminals use carefully crafted messages to trick you into visiting a […]
CBS reports: Russia-based hackers conducted a sophisticated cyber campaign against American intelligence officials, including contractors at the State and Defense Departments, as part of an international operation that included NATO members and Ukraine, the Justice Department alleged Thursday. Prosecutors accused an officer in Russia’s Federal Security Service (FSB) and another co-defendant of carrying out a […]
Posted by CISA.gov, this guidance also has tips for small and medium businesses: This guide was created by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) to outline phishing techniques malicious actors commonly use and to provide guidance for […]
Hackers use a massive network of fake and compromised Facebook accounts to send out millions of Messenger phishing messages to target Facebook business accounts with password-stealing malware. The attackers trick the targets into downloading a RAR/ZIP archive containing a downloader for an evasive Python-based stealer that grabs cookies and passwords stored in the victim’s browser. […]
Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks
ITPro reports: Nearly half of workers responsible for email security breaches over the last year have been sacked, according to new search, as cyber leaders begin taking a tougher stance amid a surge in attacks. Research from cyber security firm Egress found that 94% of organizations globally have experienced a serious email security incident in […]