Scammers and hackers are exploiting the confusion regarding Twitter’s new CEO, Elon Musk’s plans for paid blue ticks on the platform. They are sending phishing emails disguised as official Twitter notices and luring users into sharing their details. This post covers the details regarding such phishing schemes.
Twilio has suffered a second attack, leading to the compromise of its former and current employee accounts and the loss of sensitive customer information. This text shares the details of the attack, how it happened, whether it is over, whether customers are safe, how Twilio is dealing with it, and what organizations could learn from the cyberattack.
The ICO has fined Interserve £4.4 million, which is about $5 million, due to the data breach compromising the financial and personal data of 113,000 employees. Here is how the attack occurred, the lost data, why Interserve was fined, and how organizations can avoid a similar fate by investing in anti-phishing solutions.
Taking cybercriminals lightly is no longer an option with the evolving threat landscape. One needs to be aware of what they are up to, to avoid becoming their victim. To that end, here are this week’s phishing and data breach headlines.
Abnormal Security has released the H2 Email Security Threat report highlighting the top email security threats in the first six months of 2022. This article shares key statistics, discovered trends, and revelations of the report.
HIPAA journal has revealed the latest Healthcare Data Breach report highlighting millions of compromised healthcare records. With healthcare data breaches at their highest, affecting California and New York the most, this article shares the report’s findings, summary, and the reason behind the sudden spike in targeting cyber-attacks against Healthcare Industry.
Blockchain gaming is gaining popularity due to the lucrative earning opportunities it offers its players. But it seems even the secure and decentralized nature of Blockchain is not sufficient to stop adversaries from launching Phishing attacks. Read on to know how Axie Infinity became a victim.
The NakedPages phishing toolkit model has been making headlines since its discovery by CloudSEK researchers. This post explains what NakedPages is, everything you need to know, and shares NakedPages’ features, impact, and how you can protect yourself from the phishing toolkit.
There is a new phishing spam campaign making headlines in the cybersecurity world that delivers malware onto compromised machines. The malware is initiated by a phishing attack and delivered by “Matanbuchus,” specially designed to deliver DLL payloads, launch malicious PowerShell commands, and persist via additional task schedules. The attack is highly sophisticated and makes the use of malicious MSI installer files leading to an Adobe Acrobat installer running a beacon for Cobalt Strike in the background.
The following sections delve deeper into how the latest malware attack takes place.
The talk of the town is the phishing campaign on Facebook that has reportedly duped millions into providing their login credentials to cybercriminals. The Facebook phishing operation is the latest in a long line of cybersecurity news that has shaken people worldwide.
Phishing is one of the most formidable threats in the cyber world today. Even though various news, reports, and anti-phishing campaigns attempt to spread awareness and knowledge, people still fall victim to novel phishing methods. This article seeks to summarize key statistics observed so far in 2022 by various cybersecurity organizations and present them in a useful and comprehensive manner. It is also a warning for all organizations and individuals for the rest of the year.
As the conflict between Russia and Ukraine escalates, the potential of utilizing more lethal weapons, which was previously merely a fear, may now take on a new form. The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about a huge distribution campaign based on the concept of a “chemical attack.” Receiving an email like this in Ukraine’s invasion-affected regions is sure to generate widespread panic. Jester Stealer, a malicious file capable of large-scale data theft, is back on the hunt.
Phishing has been one of the most widespread cyber threats and a significant challenge for security solutions for almost three decades. According to this phishing report, in 2021, 35% of all data breaches included scams trying to rob users of their sensitive information and login credentials. Over the past year, phishing attacks have increased by 29% globally. The menace of phishing poses a threat to organizations worldwide.
Cybercrimes have escalated significantly in the past couple of years owing to the mass adoption of online services. Threat actors have exhibited their affinity towards social media profiles and emails, targeting innocent people to scam them out of their finances and private data using phishing to sell on the dark web, to be spread and used in impersonation scams. As per recent reports, social media is the most recent category that cybercrime groups are exploiting for malicious purposes.
Researchers at Armorblox found a malicious campaign that targeted WhatsApp users. The attackers have reached over 27,660 email addresses through targeted phishing attacks appearing to be from WhatsApp. When receiving attachments over email, you might be tricked by the threat actor into downloading other forms of malicious software. The following sections discuss more details about the latest phishing scheme.
Microsoft Azure is one of the leading cloud services used by developers and organizations worldwide. With an easy subscription model, Azure is convenient and popular among its users. However, Azure has also become famous among cyber attackers that use it for phishing scams to exploit protected data.
The RTLO (or RLO) technique is one of the cybercriminals’ oldest and most common techniques. With the help of this technique, they can make a hyperlink look less suspicious, making you think that it is safe to click on it. However, once you click on the link, it might take you to the attacker’s domain that might ask you for confidential information under a suspicious ruse or download suspicious software on your local device.
Recently, according to a Google report, Russian and Belarusian cybercriminals have attacked Ukrainian citizens, using the ongoing conflict as an opportunity to benefit from it. The recent Russia-Ukraine war has become an opportunity for cyberattackers. CSIS reported that in February of 2022, the Ukrainian Ministries, Education, and Infrastructures were attacked. This led to a massive loss for the Ukrainian government. Grasping the understanding of the Ukrainian system gave the cybercriminals a clear understanding of how to proceed with their activities.
The rising threat of cyberattacks and data breaches, in particular, can cripple any organization, especially a small business. SMBs and SMEs are the top targets for threat actors owing to their lack of proper cybersecurity defenses and risk mitigation practices.
SMBs and SMEs need to understand the risks of data breaches and take proactive measures to ensure the security of their enterprise if they wish to maintain a strong market position. They need to evolve their cybersecurity practices with time to grow well for the future.
Phishing remains the top method that cybercriminals use to target individuals and employees worldwide to lure them in and lead them to fake applications, websites, and payment portals to steal information and hard-earned money.
VadeSecure’s latest report highlights how financial services is the most impersonated sector today, along with Facebook and Microsoft taking the crown for the most impersonated brands by phishing criminals. It is imperative to understand the rising threat of phishing, the latest phishing scams, and how you can ensure your organization’s protection against phishing.