Phishing Archives - Page 3 of 23 - Cyber Security Minute

New cyberattack tactics rise up as ransomware payouts increase

Issued by: CSO Online

While phishing, business email compromise (BEC), and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint. “While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery (TOAD) and…

Malware & Threats

6 Examples of the Evolution of a Scam Site

Issued by: Dark Reading

Fraudsters are getting more sophisticated about how they set up and make adjustments to brand impersonation scam sites — not just for phishing, but for all kinds of consumer fraud. A recent analysis by security researchers at Allure Security illustrates how brand impersonation sites are born, how they progress, and the evolutionary steps that fraudsters…

Malware & Threats

Rising ‘Firebrick Ostrich’ BEC Group Launches Industrial-Scale Cyberattacks

Issued by: Dark Reading

Business email compromise (BEC) has become one of the most popular methods of financially motivated hacking. And over the past year, one group in particular has demonstrated just how quick, easy, and lucrative it really is. In a Feb. 1 blog post, Crane Hassold, director of threat intelligence at Abnormal Security, profiled “Firebrick Ostrich” a…

Malware & Threats

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

Issued by: The Hacker News

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. “This ransomware variant, dubbed ‘PolyVice,’ implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms,” SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the…

Malware & Threats

T-Mobile Carrier Scammer Gets Decade in the Slammer

Issued by: Dark Reading

Phishing emails and social engineering scams were all it took for mobile phone store owner Argishti Khudaverdyan to breach the mobile provisioning systems of T-Mobile, AT&T, and Sprint to “unlock” phones from their network constraints — earning him more than $25 million in the process. Now Khudaverdyan has been convicted and sentenced to 10 years…

Vulnerabilities

Patch Tuesday: Microsoft Plugs Windows Hole Exploited in Ransomware Attacks

Issued by: Security Week

The operating system update, released as part of Microsoft’s scheduled Patch Tuesday, addresses a flaw that lets malicious attackers use rigged files to evade MOTW (Mart of the Web) defenses. “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability…

Malware & Threats

Fake subscription invoices lead to corporate data theft and extortion

Issued by: Help Net Security

A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. The group is eschewing the use of ransomware and instead relies on targeted employees calling a phone number manned by the attackers and convincing them to install a remote…

Malware & Threats

DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions

Issued by: Dark Reading

It generally starts with malvertising and ends with the deployment of Royal ransomware, but a new threat group has distinguished itself by its ability to innovate the malicious steps in between to lure in new targets. The cyberattack group, tracked by Microsoft Security Threat Intelligence as DEV-0569, is notable for its ability to continuously improve…

Malware & Threats

Top enterprise email threats and how to counter them

Issued by: Help Net Security

A research from Tessian, the State of Email Security Report, found that enterprise email is now the No. 1 threat vector for cyberattacks. According to the report, 94% of organizations experienced a spear phishing or impersonation attack, and 92% suffered ransomware attacks over email this year. Organizations send and receive thousands of emails per day,…

Vulnerabilities

Microsoft: China Flaw Disclosure Law Part of Zero-Day Exploit Surge

Issued by: Security Week

The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks. According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates…