Phishing Archives - Page 2 of 23 - Cyber Security Minute

Takeovers of MFA-protected accounts increase, as Microsoft 365 phishing campaign shows

Issued by: CSO Online

A Microsoft 365 phishing campaign has targeted over 100 companies since March and successfully compromised accounts belonging to senior business executives. The attackers used EvilProxy, a phishing toolkit that uses reverse-proxy tactics to bypass multifactor authentication (MFA). “Contrary to what one might anticipate, there has been an increase in account takeovers among tenants that have…

Malware & Threats

Law Enforcement Takes Down Phishing As A Service Site

Issued by: DataBreach Today

An international law enforcement operation took down a phishing-as-a-service website that security researchers say was responsible for more than 150,000 phishing domains. Authorities in Indonesia arrested the site’s alleged administrator and another man, while Japanese police arrested an additional suspect, Interpol announced Tuesday. The site, 16shop, has been in existence since at least 2017. It…

Malware & Threats

When Cybercriminals Go Phishing, Emails Get the Most Bites

Issued by: DataBreach Today

For cybercriminals looking to attack businesses, email continues to be the preferred attack vector. Despite a rapidly changing technology landscape with new innovations such as ChatGPT, cybercriminals are opting to adapt their email-based techniques to improve old tactics rather than create new methods altogether. This is largely because email provides cybercriminals with a direct line…

Mobile Security

Mobile Cyberattacks Soar, Especially Against Android Users

Issued by: Dark Reading

Attackers are increasingly targeting users through their mobile devices, attacking vulnerabilities in services that are built into applications and mounting increasing numbers of SMS phishing attacks. That’s according to mobile security firm Zimperium’s 2023 “Global Mobile Threat Report,” which also found that the average number of unique mobile malware samples grew 51% in 2022, totaling…

Malware & Threats

Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools

Issued by: Dark Reading

The Iran-linked threat group known as APT35 (aka Charming Kitten, Imperial Kitten, or Tortoiseshell) has updated its cyberattack arsenal with improved abilities to hide its actions, as well as an upgraded custom backdoor that it’s distributing via a spear-phishing campaign. The advanced persistent threat (APT) has been alleged to be operating out of Iran and…

Malware & Threats

SANS Reveals Top 5 Most Dangerous Cyberattacks for 2023

Issued by: Dark Reading

Expert instructors from the SANS Institute here yesterday detailed what they cite as the most dangerous forms of cyberattacks for 2023. Some of the key themes bubbling to the surface included the intersection of AI with attack patterns and the ways that attackers are taking advantage of highly flexible development environments. “This is my favorite…

Malware & Threats

‘EvilExtractor’ All-in-One Stealer Campaign Targets Windows User Data

Issued by: Dark Reading

A phishing campaign that launched in March and is actively targeting Microsoft operating system users in Europe and the US is making the rounds, using the EvilExtractor tool as its weapon of choice. Research this week from FortiGuard Labs details the EvilExtractor attack chain, explaining that it usually starts with a legitimate-seeming Adobe PDF or…

News

Cyber Police of Ukraine arrested members of a gang that defrauded EU citizens of $4.33M

Issued by: Security Affairs

The Cyber Police of Ukraine, with the support of law enforcement officials from the Czech Republic, has arrested several members of a cybercriminal ring that defrauded EU citizens of $4.33 million with phishing campaigns. The suspects set up more than 100 phishing websites to obtain the bank card data and banking account credentials of foreign…

News

Ukrainian Cops Bust Phishing Group That Stole $4.3 Million

Issued by: DataBreach Today

Ukrainian law enforcement busted a transnational group of scammers that used more than 100 phishing websites to defraud Europeans. The Cyber Police of Ukraine and the Security Service of Ukraine, together with Czech law enforcement agencies, detained 19 individuals across Ukraine and the EU, including Ukrainian and Belarusian nationals. Ukrainian authorities said Thursday the suspects…

Application Security

40% of Global ICS Systems Attacked With Malware in 2022

Issued by: Dark Reading

More than 40% of the total number of global industrial control systems (ICS) computers saw some kind of malicious attack during the course of 2022. This volume of cyberattacks against industrial systems was led by growth in Russia, which, as a region, saw a full 9 percentage-point increase in malicious activity in 2022, according to…