Data Breach Today

JUNE 22, 2022

Cofense's Tonia Dudley on What's Not Working, Threat Predictions "Credential phishing is off the charts," says Tonia Dudley of Cofense. She discusses the challenge for organizations to strike a balance between having the right controls in place to block malicious emails and stopping the business from receiving legitimate emails.

Phishing 256

Phishing Security 256

Krebs on Security

APRIL 3, 2024

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “ The Manipulaters ,” a sprawling web hosting network of phishing and spam delivery platforms. Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold on the domain heartsender,com.

Phishing 218

Phishing Passwords Risk Sales 218

Krebs on Security

AUGUST 17, 2023

You’ve probably never heard of “ 16Shop ,” but there’s a good chance someone using it has tried to phish you. A 16Shop phishing page spoofing Apple and targeting Japanese users. Image: Akamai.com. The INTERPOL statement says the platform sold hacking tools to compromise more than 70,000 users in 43 countries.

Phishing 193

Phishing Passwords Insurance Data breaches 193

Data Breach Today

AUGUST 9, 2023

Authorities In Multiple Countries Arrest Operators of 16Shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 244

Phishing Security 244

Data Breach Today

MARCH 24, 2021

Incident Raises Cybersecurity Questions, Experts Say A phishing attack that targeted a unit of the California State Controller’s Office, exposing Social Security numbers and other sensitive information, should raise questions about the type of security deployed by the agency and prompt a fresh examination of its cybersecurity plans, some security experts (..)

Phishing 267

Phishing Cybersecurity Security IT 267

Data Breach Today

AUGUST 10, 2023

Authorities in Multiple Countries Arrest Operators of 16shop An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. The site, 16shop, sold phishing kits that targeted more than 70,000 people in 43 countries.

Phishing 240

Phishing Security 240

Data Breach Today

MARCH 7, 2021

Zscaler Says it Prevented Over 2,500 Phishing Attacks A Microsoft-themed phishing campaign is using phony Google reCAPTCHA in an attempt to steal credentials from senior employees of various organizations, a new report by security firm Zcaler says.

Phishing 332

Phishing Security IT 332

Data Breach Today

OCTOBER 8, 2022

Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers.

Phishing 261

Phishing Access Security IT 261

Krebs on Security

MARCH 23, 2021

A phishing attack last week gave attackers access to email and files at the California State Controller’s Office (SCO), an agency responsible for handling more than $100 billion in public funds each year. In a “ Notice of Data Breach ” message posted on Saturday, Mar.

Phishing 281

Phishing Data breaches Access Passwords 281

Data Breach Today

AUGUST 18, 2023

Targets Include Small and Medium Businesses and Government Agencies Threat actors are on a phishing spree targeting users of Zimbra Collaboration email suite, in particular small and medium businesses and government agencies.

Phishing 234

Phishing Government Security IT 234

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US This is noteworthy because.US is overseen by the U.S.

Phishing 229

Phishing Government Compliance Communications 229

Data Breach Today

NOVEMBER 23, 2022

But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta. Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems.

Authentication 259

Authentication Phishing Security 259

Krebs on Security

FEBRUARY 1, 2021

Authorities in the United Kingdom have arrested a 20-year-old man for allegedly operating an online service for sending high-volume phishing campaigns via mobile text messages. ” SMS Bandits offered an SMS phishing (a.k.a. Image: osint.fans. “But on the telecom front they were using fairly sophisticated tactics.”

Phishing 323

Phishing Passwords Marketing IT 323

KnowBe4

JUNE 26, 2024

If you had to choose between regular cybersecurity training and simulated phishing testing, the data shows you should choose simulated phishing tests.

Phishing 94

Phishing Cybersecurity Security awareness Security 94

Krebs on Security

AUGUST 9, 2021

com ,” wrote “ Mitch ,” confusing me with the proprietor of perhaps the underground’s largest bazaar for stolen credit and identity data. In late 2019, BriansClub changed its homepage to include doctored images of my Social Security and passport cards, credit report and mobile phone bill information.

Phishing 353

Phishing Blockchain IT Marketing 353

KnowBe4

JUNE 25, 2024

Over 11 million phishing attacks have been reported to the UK’s Suspicious Email Reporting Service (SERS) over the past year, according to new data from Action Fraud. The UK’s National Cyber Security Centre has also taken down more than 329,000 phishing sites since the SERS program started in 2020.

Phishing 94

Phishing Security 94

Data Breach Today

AUGUST 19, 2022

AWS Domains Used to Send Phishing Emails and Steal Credentials Threat actors are using Amazon Web Services solutions to create phishing pages that bypass security scanners and scam victims into handing over credentials.

Phishing 245

Phishing Security 245

Data Breach Today

JANUARY 29, 2021

Researchers: 'LogoKit' Found on 700 Domains Researchers at the security firm RiskIQ have discovered a phishing kit they call "LogoKit" that fraudsters can use to easily change lures, logos and text in real time to help trick victims into opening up messages and clicking on malicious links.

Phishing 359

Phishing Security 359

Data Breach Today

JUNE 10, 2022

How a Threat Actor Stole Credentials, Evaded Security Teams and Made Money Via Ads A phishing campaign used stolen credentials to log into Facebook user accounts and send links leading to phishing pages to the victims' friends to harvest their credentials.

Phishing 260

Phishing Security 260

KnowBe4

MAY 7, 2024

Innovative analysis of data breaches shows which attack vectors are being used and how they’re enabled, highlighting the roles phishing and credentials play.

Data breaches 105

Data breaches Phishing Security 105

Data Breach Today

JANUARY 6, 2021

Messages Contain Malware, Attempt to Steal Banking Credentials The Australian Cyber Security Center is warning that fraudsters have recently started sending phishing emails that spoof the agency and contain malware designed to steal banking credentials.

Phishing 176

Phishing Security 176

Data Breach Today

SEPTEMBER 25, 2020

Campaign Designed to Steal Credentials A recently uncovered phishing campaign used the European Union's General Data Protection Regulation as a lure to steal login credentials. The campaign enticed victims with subject lines indicating their email security system was not in compliance with the law, according to Area 1 Security.

Compliance 264

Compliance Phishing GDPR Security 264

Data Breach Today

AUGUST 30, 2021

Researchers Find Fraudsters Pose as HR Execs to Harvest Credentials A recently uncovered phishing campaign used fake COVID-19 vaccination forms - and took advantage of confusion over whether employees will return to their offices this fall - to harvest workers' email credentials, according to analysts with security firm INKY.

Phishing 336

Phishing Security 336

Security Affairs

JULY 31, 2024

Phishing campaigns target small and medium-sized businesses (SMBs) in Poland to deliver malware families such as Agent Tesla, Formbook, and Remcos RAT. ESET researchers observed multiple phishing campaigns targeting SMBs in Poland in May 2024, distributing various malware families like Agent Tesla , Formbook , and Remcos RAT.

Phishing 110

Phishing Archiving Information Security IT 110

Data Breach Today

NOVEMBER 18, 2020

Fraudsters Using Evasive Techniques to Bypass Secure Email Gateways Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials. The emails use several techniques to bypass and evade secure email gateways.

Phishing 322

Phishing Security 322

Jamf

MAY 16, 2023

Following the release of the Jamf Security 360: Annual Threat Trends Report 2023 where we highlight security threat trends, we utilize threat intelligence gathered by Jamf to inform security professionals which threats from the previous year most critically affected the enterprise.

Phishing 98

Phishing Security Information Security IT 98

Data Breach Today

NOVEMBER 30, 2020

Researchers: Employees Lured With Messages About Shift to Workplace Researchers at Abnormal Security have uncovered a credential-stealing phishing campaign that spoofs internal company memos concerning returning to the office.

Phishing 360

Phishing Security 360

Data Breach Today

JANUARY 4, 2021

Ransomware, Phishing Incidents, Vendor Hacks Prevail Hacking incidents, including ransomware and phishing attacks, as well as security incidents involving vendors dominated the federal tally of major health data breaches in 2020.

Data breaches 333

Data breaches Phishing Ransomware Security 333

Data Breach Today

AUGUST 16, 2021

Researchers Found Hackers Deploying Morse Code to Help Evade Detection A yearlong phishing campaign used various techniques to help evade security tools while attempting to harvest the credentials of Office 365 users, according to Microsoft researchers. In some cases, the attackers even used Morse code to help avoid detection.

Phishing 293

Phishing Security 293

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing 112

Phishing Education Cybersecurity Data breaches 112

Security Affairs

OCTOBER 12, 2023

This post analyzed the numerous phishing campaigns targeting users and organizations in Italy. Phishing is a ploy to trick users into revealing personal or financial information through an e-mail, Web site, and even through instant messaging. Phishing can also be used as a precursor attack to drop malware. Just to name a few.

Phishing 120

Phishing Education Passwords Information Security 120

Data Breach Today

MAY 19, 2022

Review of 2021 Ransomware Attacks Also Finds Average Ransom Demand Was $247,000 Attackers who successfully infect targets with ransomware primarily first gain access by exploiting poorly secured remote desktop protocol or VPN connections or by using malware-laden phishing emails, reports security firm Group-IB, based on more than 700 attacks it investigated (..)

Phishing 245

Phishing Ransomware Access Security 245

Data Breach Today

FEBRUARY 4, 2021

Researchers: Fraudsters Used Combination of Techniques Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers.

Phishing 301

Phishing Security 301

Data Breach Today

MAY 20, 2020

Researchers: Campaign Designed to Steal Users' Credentials, Launch Other Attacks A recent phishing campaign bypassed multifactor authentication protections within Microsoft Office 365 to steal users' credentials stored in the cloud or launch other attacks, according to the security firm Cofense.

Phishing 345

Phishing Authentication Cloud Security 345

KnowBe4

MAY 31, 2024

Security awareness training (SAT) and simulated phishing works to significantly reduce cybersecurity risk. We have the data, customer testimonials and government recommendations to prove it.

Phishing 102

Phishing Security awareness Cybersecurity Risk 102

Data Breach Today

MAY 29, 2020

Configure Defenses to Block Attackers, Security Experts Advise Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place. (..)

Phishing 361

Phishing Ransomware Access Security 361

Data Breach Today

MARCH 23, 2020

Latest Schemes Target At-Home Employees; Some Spoof Health Agencies As the global COVID-19 pandemic worsens, security firms and law enforcement, including the FBI, are warning of increasing phishing and other the cybercriminal scams targeting a largely at-home workforce.

Phishing 362

Phishing Security 362