#phishing
#phishing

'Got that boomer!': How cyber-criminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch

Cybercriminals trick victims into giving access codes, allowing hijacking of online accounts and digital wallets. [ more ]

Gadgets 360

1 month ago

Data science

Boat Launches Probe Into Data Breach That Impacted 7.5 Million Customers

Boat is investigating a potential data breach that exposed PII of over 7.5 million customers.

The leaked data was available for purchase online, making customers vulnerable to phishing and scams. [ more ]

Mail Online

Warning to Facebook Marketplace users as 200,000 accounts leaked

Hundreds of thousands of Facebook Marketplace accounts have been leaked online, putting users at risk of phishing and cyberattacks.

The leaked data includes personal information such as names, phone numbers, email addresses, and Facebook profile information. [ more ]

ReadWrite

Massive data breach in France affects 33 million citizens

A massive security breach has affected almost half of French citizens, involving two service providers for medical insurance companies.

Around 33 million customers' data was stolen, including personal information such as birth dates, social security numbers, and insurance details. [ more ]

BleepingComputer

Data breach at French healthcare services firm puts millions at risk

French healthcare services firm Viamedis suffered a cyberattack exposing the data of policyholders and healthcare professionals.

The data breach includes sensitive information such as social security numbers and names of health insurers.

The breach was the result of a successful phishing attack on an employee, not ransomware. [ more ]

ITPro

Windows 11 Pro and CDW - Overcoming today's escalating cyberthreats

Security concerns should not impede business growth. Windows 11 Pro devices help mitigate cybersecurity risks. [ more ]

Above the Law

1 month ago

Law

Cybersecurity Statistics In 2024: Is Your Law Firm Protected?

71% of users admitted to taking risky actions in cybersecurity, despite being aware of the risks.

MFA is seen as a valuable tool for protection, although not foolproof against attacks like Evil Proxy and ransomware. [ more ]

eLearning Industry

The Role Of Content Marketing In Educating Clients About Cybersecurity Threats

Content marketing is key in educating clients about cybersecurity threats.

Top cybersecurity threats include phishing, malware, and ransomware. [ more ]

www.theguardian.com

AI will make scam emails look genuine, UK cybersecurity agency warns

AI tools can make it difficult to identify phishing emails and other cyber attacks

Generative AI and large language models will complicate efforts to detect different types of attacks [ more ]

www.theguardian.com

AI will make scam emails look genuine, UK cybersecurity agency warns

Artificial intelligence will make it difficult to spot phishing emails as AI tools become more sophisticated.

Generative AI and large language models will complicate efforts to identify different types of cyber attacks. [ more ]

SecurityWeek

6 months ago

Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide

The Royal ransomware gang has targeted over 350 organizations and demanded over $275 million in ransom.

The US cybersecurity agency and the FBI have issued an updated alert warning about the rebranding of the Royal ransomware operation and the emergence of a new ransomware called Blacksuit.

The Royal gang uses phishing, exploits vulnerabilities, and leverages initial access brokers to gain entry into victims' networks. [ more ]

Mail Online

Hackers are using fake Facebook ads to steal bank account details

Cyberattack targets Facebook users with phishing ads disguised as 'sponsored' Google links. [ more ]

Engadget

Safe Browsing on Google Chrome adds real-time protection against malicious sites

Google updates Safe Browsing mode in Chrome to check sites against a real-time server-side list of known unsafe sites.

Real-time URL checks in Safe Browsing mode can help block 25% more phishing attempts. [ more ]

Entrepreneur

Deliverability

3 Email Changes Google and Yahoo Will Require You to Adopt By February 1st | Entrepreneur

Google and Yahoo have partnered to create new guidelines for mass email senders to combat spam, spoofing, and phishing attacks.

Email senders must authenticate their emails, enable one-click unsubscribing, and maintain a low spam complaint rate. [ more ]

moregoogle

artificial-intelligence

Nextgov.com

1 month ago

AI is creating 'more sophisticated' but not unprecedented election threats, DHS official says

AI tools contributing to more sophisticated misinformation.

Phishing campaigns using generative AI can increase likelihood of election personnel being targeted. [ more ]

english.elpais.com

moreartificial-intelligence

Beware of ChatGPT's evil twin and other generative AI dangers

Generative artificial intelligence tools like FraudGPT and WormGPT are being used by cybercriminals for malicious purposes.

These AI tools can create convincing fake messages and emails, leading to scams, deepfakes, and misinformation campaigns. [ more ]

WIRED

4 months ago

Staying One Step Ahead of Hackers When It Comes to AI

Generative AI is being used by cybercriminals to automate the creation of personalized phishing emails.

Generative AI may make biometric hacking easier and allow hackers to target chatbots and inject malware into their generated output. [ more ]

The Verge

1 week ago

Yubico bolsters authentication security with updated YubiKey 5 series devices

Yubico launching refreshed security keys with 5.7 firmware to enhance security features and move away from password-based protections. [ more ]

ITPro

3 days ago

What is a TOAD attack?

TOAD attacks combine different phishing methods, posing a significant threat to businesses globally. [ more ]

TechRadar

1 day ago

Meta business accounts increasingly being hit by cyberattacks

Cybercriminals target Meta business accounts for malvertising campaigns, leveraging phishing kits to bypass multi-factor authentication. [ more ]

www.housingwire.com

1 day ago

Reducing risk bynhancing organizational cybersecurity

Phishing simulation training is an effective strategy for enhancing employees' ability to recognize and neutralize email phishing threats. [ more ]

BKReader

2 weeks ago

Top 10 Tips for Seniors to Defend Against Scammers

Seniors are frequent targets of scammers due to trust and digital unfamiliarity. [ more ]

TechRepublic

MFA vs 2FA: Which Is Best for Your Business?

Breaches are common, phishing scams prevalent, AI aids cybercrime.

Phishing is a major attack vector, MFA and 2FA enhance security. [ more ]

ComputerWeekly.com

4 weeks ago

International police operation infiltrates LabHost phishing website used by thousands of criminals | Computer Weekly

Law enforcement shuts down major phishing-as-a-service platform LabHost, leading to 37 arrests worldwide and revealing 70,000 UK fraud victims. [ more ]

Theregister

IT helpdeskers increasingly targeted by cybercriminals

IT helpdesk workers are increasingly targeted by cybercriminals, a trend growing in success.

Attacks involve pretending to be an employee, requesting changes to identity access, and registering their device for insider access. [ more ]

The Globe and Mail

Manitoba government could boost security for remote work, auditor-general says

Manitoba government implements IT security measures for remote work, but improvements needed

Auditor-General highlights weaknesses in encryption settings and outdated remote work security policies. [ more ]

Theregister

Orgs are having a major identity crisis

Identity-related threats are increasing with attackers using stolen credentials.

Reports show a surge in cyber attacks using valid credentials and phishing as top access vectors. [ more ]

Hubspot

4 Phishing Email Examples Even I Could Fall For (& How to Spot Them)

Phishing emails are online scams that trick recipients into providing sensitive information.

Phishing emails come in various types, each designed to exploit specific vulnerabilities or scenarios. [ more ]

Ars Technica

Ongoing campaign compromises senior execs' Azure accounts, locks them using MFA

Unknown attackers are targeting Microsoft Azure accounts in an ongoing campaign to steal sensitive data and financial assets.

The attackers use phishing techniques and account takeovers to compromise the targeted accounts and enroll them in multifactor authentication to secure them. [ more ]

Coindesk

Cryptocurrency

MicroStrategy's X Account Hacked, Leads to $440K Crypto Being Stolen: Blockchain Sleuth ZachXBT

MicroStrategy's X account was hacked, leading to a phishing message posted for followers.

Over $440,000 worth of crypto was stolen due to the phishing attempt. [ more ]

TNW | Data-Security

Deliverability

New Russian PSYOPs mix disinformation, spam, and Navalny

Russia-aligned PSYOPs campaign involved espionage, disinformation, and phishing.

ESET uncovered Operation Texonto, linking it to Russian propaganda, targeting Ukrainians, and Navalny-related domains. [ more ]

TechRepublic

What is a Passkey? Definition, How It Works and More

Passkeys combine private and public cryptographic keys for authentication.

Passkeys are phishing-resistant and eliminate the need for complex passwords. [ more ]

DevOps.com

The Code Caveat: When Developer Credentials Become the Hacker's Pickaxe - DevOps.com

Developers are often the weakest link in cloud security.

Common ways developers can compromise cloud security include exposing credentials, falling victim to phishing campaigns, and using weak passwords. [ more ]

ComputerWeekly.com

Security Think Tank: The phishing forecast for 2024 | Computer Weekly

Phishing campaigns leveraging AI capabilities expected to increase in 2024.

Automation behind cyber attacks and AI will continue to expand, allowing for more sophisticated targeted attacks. [ more ]

TechRepublic

Spear Phishing vs Phishing: What Are The Main Differences?

Phishing is the most common attack vector, with 1.6 billion potentially harmful emails sent in 2023.

Spear phishing is a highly targeted form of phishing that can cause greater damage. [ more ]

Tripwire

NCSC Warns That AI is Already Being Used by Ransomware Gangs

Malicious attackers are using artificial intelligence (AI) for more effective cyber attacks, and the volume and impact of threats will increase in the next two years.

AI tools make it easy to generate believable text, images, audio, and deepfake videos that can be used to deceive targets. [ more ]

New York Post

'Extremely dangerous' leak reveals 26 billion account records stolen from Twitter, LinkedIn, more: 'Mother of All Breaches'

One of the largest data breaches in history has compromised billions of accounts worldwide.

The dataset is extremely dangerous and valuable for malicious actors, who could use it for identity theft, phishing schemes, and targeted cyberattacks. [ more ]

CyberScoop

North Korean government hackers target individuals of interest, infosec professionals

North Korean hackers targeted media organizations and experts in the country's affairs, with a potential focus on cybersecurity researchers.

The hackers used phishing emails to install the RokRAT backdoor, and also used a decoy document from a previous North Korean hacking campaign to plan upcoming attacks on cybersecurity professionals. [ more ]

Theregister

Google TAG: Kremlin cyber spies build a custom backdoor

Russian cyberspies linked to the FSB have developed a custom backdoor called SPICA and are targeting various organizations and individuals in the US, UK, Ukraine, and other NATO countries.

The backdoor allows the attackers to execute shell commands, steal cookies, and upload/download files and documents. [ more ]

TechCrunch

4 months ago

Framework says hackers accessed customer data after phishing attack on accounting partner | TechCrunch

U.S. repairable laptop maker Framework confirmed a data breach after an employee at its accounting service provider was phished.

Hackers accessed customers' personal information, including names, email addresses, and balances owed.

It's unclear if any other clients of the accounting service provider were affected. [ more ]

www.fastcompany.com

5 cybersecurity predictions for 2024

Cybersecurity costs are predicted to rise globally to $10.5 trillion by 2025 as cybercrime becomes more sophisticated.

AI-powered scams and advanced phishing techniques are expected to increase in 2024. [ more ]

Theregister

Money-grubbing crooks abuse OAuth apps for BEC, phishing

Miscreants are misusing OAuth for financially motivated cyber crimes such as phishing and crypto mining.

Microsoft warns that compromised accounts without strong authentication are particularly vulnerable to OAuth abuse. [ more ]

Theregister

The Russians are coming! Err, they've already infiltrated

Russia-backed attackers named defense-industrial firms and energy facilities as new targets for phishing campaigns.

The Russian group Star Blizzard, believed to be affiliated with the FSB, is responsible for the attacks. [ more ]

ComputerWeekly.com

UK names Russian FSB agents behind political hacking campaign | Computer Weekly

Russia's FSB is confirmed to be behind a hacking campaign targeting politicians, civil servants, journalists, and civil society organizations.

The campaign aimed to interfere with UK politics and the democratic process by phishing high-profile individuals. [ more ]

TechRepublic

Sekoia: Latest in the Financial Sector Cyber Threat Landscape

The financial sector is the most impacted by phishing worldwide and is increasingly targeted by QR code phishing.

Phishing-as-a-service model is being massively adopted in 2023, with phishing kits sold to cybercriminals.

QR code phishing campaigns are on the rise in the financial sector. [ more ]

TechRepublic

9 months ago