Researchers at INKY have observed an “explosion” of Zoom-themed phishing attacks over the Spring and Summer of 2020. Most of the attacks are aimed at stealing credentials to services like Outlook and Office 365 by directing users to spoofed login pages. The researchers say they’ve observed the emails being sent from legitimate, compromised accounts as […]
Five Reasons Why Ransomware Attacks Should Be Your Biggest Worry and Aren’t Going Anywhere
No other cyberattack has evolved like ransomware. Today’s attacks are more pervasive, invasive, impactful, damaging, and costly. Learn why and what to do about it. Unless you’ve been hiding under a rock, you can’t go online to any tech news without bumping into a ransomware story. This cyberattack method has gone from nuisance, to a […]
Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be
An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 election. Late last year, these trade documents were leaked and disseminated online by a Russian disinformation campaign. The new addition to this story, according to Reuters, is […]
GitHub is the Latest Target of Social Engineering Phishing Attacks
Using simple alert-style email notices, scammers look to steal credentials to gain access to development code, intellectual property, and project details. While the preponderance of impersonation attacks focus on brands like Office 365, Facebook, and others, it’s only a matter of time until cybercriminals decided going after developers was a good idea. Last month, GitHub […]
Sawfish Spearphishing Attacks Continue, Prompting Password Resets on GitHub and DeepSource
A new wave of attacks on GitHub users via app developer DeepSource has raised concerns over access to user credentials and development code. I’ve written about phishing attacks targeting GitHub users previously. But this month, users of GitHub partner DeepSource were notified of a security incident in which at least one of DeepSource’s employee credentials […]
1 in 3 Employees Rarely or Never Think About Cybersecurity
Eye-opening data around the impact of human error demonstrates how simple user mistakes can compromise your organization’s cybersecurity posture. It’s something we all know – employees that aren’t paying attention to corporate security aren’t helping. But new data from email security vendor Tessian quantifies this notion with some pretty surprising data. In their Psychology of […]
An Old Dog with Some New Tricks
The Emotet botnet is now including stolen attachments in its phishing emails to increase the appearance of authenticity, BleepingComputer reports. The botnet is well-known for targeting the contacts of compromised email accounts with phishing emails that are sent as replies to existing email threads, but the use of legitimate, benign attachments in these emails is […]
What’s so bad about the NXNSAttack DNS Amplification Attack?
How did NXNSAttack Against DNS Services get Noticed? In May 2020, the NXNSAttack was identified as a new DDoS attack on DNS servers by the cybersecurity researchers at Tel Aviv University. The NXNSAttack exploits the vulnerability at recursive DNS resolvers and triggers an amplification attack to other recursive DNS servers and authoritative DNS servers by […]
New Phishing Attack Targets 200M+ Microsoft 365 Accounts Via Malicious Excel .SLK Files to Bypass Security
Using an old (but supported) Excel filetype, attackers can bypass both Exchange Online Protection and Advanced Threat Protection to run malicious macros. Security researchers at Avanan have discovered a new attack method where cybercriminals send phishing emails that contain what appears to be an Excel spreadsheet. The file is actually an SLK file – a […]
New Calendar Invitations as Phishbait Attack Wave
BleepingComputer warns that cybercriminals are using calendar invites to send phishing links to Wells Fargo customers. Researchers at Abnormal Security discovered this phishing campaign in mid-June, and it’s targeted more than 15,000 people. The attackers are sending emails purporting to come from Wells Fargo that inform the recipient that they need to update their security […]