Phishing

Russian spies use remote desktop protocol files in unusual mass phishing drive

The prolific Midnight Blizzard crew cast a much wider net in search of scrummy intel

Cyber-crime30 Oct 2024 | 18

ESET denies it was compromised as Israeli orgs targeted with 'ESET-branded' wipers

Says 'limited' incident isolated to 'partner company'

Cybersecurity Month18 Oct 2024 | 3

Microsoft says more ransomware stopped before reaching encryption

Volume of attacks still surging though, according to Digital Defense Report

Cyber-crime15 Oct 2024 | 6

US and UK govts warn: Russia scanning for your unpatched vulnerabilities

in brief Also, phishing's easier over the phone, and your F5 cookies might be unencrypted, and more

Security12 Oct 2024 | 11

OpenAI says Chinese gang tried to phish its staff

Claims its models aren't making threat actors more sophisticated - but is helping debug their code

Cybersecurity Month10 Oct 2024 | 4

If you're holding important data, Iran is probably trying spearphish it

It's election year for more than 50 countries and the Islamic Republic threatens a bunch of them

Cyber-crime30 Sep 2024 | 6

Mind your header! There's nothing refreshing about phishers' latest tactic

It could lead to a costly BEC situation

Research12 Sep 2024 | 2

Kremlin-linked COLDRIVER crooks take pro-democracy NGOs for phishy ride

The latest of many attempts to stifle perceived threats to Putin's regime

Security09 Sep 2024 | 10

Novel attack on Windows spotted in phishing campaign run from and targeting China

Resources hosted at Tencent Cloud involved in Cobalt Strike campaign

Research02 Sep 2024 | 3

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

Needless to say, it backfired in a big way

CSO22 Aug 2024 | 118

Iran named as source of Trump campaign phish, leaks

Political stirrer Roger Stone may have been a weak link after personal emails cracked

Security20 Aug 2024 | 40

Google raps Iran's APT42 for raining down spear-phishing attacks

US politicians and Israeli officials among the top targets for the IRGC’s cyber unit

Research15 Aug 2024 | 1

Orion SA says scammers conned company out of $60 million

Incident sounds like a BEC fraud targeting an unwitting staffer

Cyber-crime13 Aug 2024 | 7

Small CSS tweaks can help nasty emails slip through Outlook's anti-phishing net

A simple HTML change and the warning is gone!

Research07 Aug 2024 | 13

Users call on Microsoft to update Outlook's friendly name feature

That one weird thing in Outlook that gives phishers and scammers an in to an inbox

Security06 Aug 2024 | 76

'LockBit of phishing' EvilProxy used in more than a million attacks every month

Insight Leaves a trail of ransomware infections, data theft, business email compromise in its wake

Malware Month30 Jul 2024 | 7

Cybercrooks spell trouble with typosquatting domains amid CrowdStrike crisis

Latest trend follows various malware campaigns that began just hours after IT calamity

Cyber-crime23 Jul 2024 | 4

Singapore's banks to ditch texted one-time passwords

Accessibility be damned, preventing phishing is the priority

Security12 Jul 2024 | 41

Cops cuff 22-year-old Brit suspected of being Scattered Spider leader

Spanish plod make arrest at airport before he jetted off to Italy

Cyber-crime17 Jun 2024 | 22

Two cuffed over suspected smishing campaign using 'text message blaster'

Thousands of dodgy SMSes bypassed network filters in UK-first case, it is claimed

Cyber-crime10 Jun 2024 | 23

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

Current approaches aren't working and demonize security teams

Security23 May 2024 | 57

US charges Iranians with cyber snooping on government, companies

Their holiday options are now far more restricted

Cyber-crime24 Apr 2024 |

Fraudsters abused Apple Stores' third-party pickup policy to phish for profits

Black Hat Asia Scam prevalent across Korea and Japan actually had some winners

Cyber-crime18 Apr 2024 | 2

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Feature Police emit Spotify Wrapped-style videos to let crims know they're being hunted

Security18 Apr 2024 | 13

X fixes URL blunder that could enable convincing social media phishing campaigns

Poorly implemented rule allowed miscreants to deceive users with trusted URLs

CSO10 Apr 2024 | 27

China encouraged armed offensive against Myanmar government to protest proliferation of online scams

Report claims Beijing is most displeased by junta's failure to address slave labor scam settlements

Cyber-crime28 Mar 2024 | 5

As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims

Wave of Okta attacks mark what researchers are calling the biggest security trend of the year

Research15 Mar 2024 | 15

Iranian charged over attacks against US defense contractors, government agencies

$10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location

Security01 Mar 2024 | 3

Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond

Plenty of successful attacks observed with dangerous follow-on activity

Cyber-crime13 Feb 2024 | 6

Deepfake CFO tricks Hong Kong biz out of $25 million

Recordings of past vidchats suspected as source of fakery – so there's another class of data you need to lock down

AI + ML05 Feb 2024 | 27

BreachForums admin 'Pompourin' sentenced to 20 years of supervised release

Infosec in brief Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities

Security22 Jan 2024 | 16

ShinyHunters chief phisherman gets 3 years, must cough up $5M

Sebastien Raoult developed various credential-harvesting websites over more than 2 years

Cyber-crime10 Jan 2024 | 5

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials

Research highlights how major attacks like those exploiting Booking.com are executed

Cyber-crime20 Dec 2023 | 20

Hershey phishes! Crooks snarf chocolate lovers' creds

Stealing Kit Kat maker's data?! Give me a break

Security04 Dec 2023 | 48

Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit

Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence

Research27 Oct 2023 | 1

Telcos should compensate phished subscribers, suggests Singapore

Regulator reckons letting scam texts through is a culpable act

Cybersecurity Month26 Oct 2023 | 6

Pro-Russia group exploits Roundcube zero-day in attacks on European government emails

With this zero-day, researchers say the 'scrappy' group is stepping up its operations

Cyber-crime25 Oct 2023 | 4

D-Link clears up 'exaggerations' around data breach

Who knew 3 million actually means 700 in cybercrime forum lingo?

Cyber-crime18 Oct 2023 | 5

South Korea accuses North of Phish and Ships attack

Kim Jong-un looks at industry's progress with green eyes, says South Korea's spy agency

Cyber-crime05 Oct 2023 |

Singapore may split liability for phishing losses between banks and victims

Won't someone please think of the banks?

Cyber-crime20 Sep 2023 | 14

More Okta customers trapped in Scattered Spider's web

Oktapus phishing campaign criminals are back in action

Cyber-crime01 Sep 2023 |

US government to investigate China's Microsoft email breach

Infosec in brief PLUS: Phishing campaign targets the C-suite; Cybercrime arrests in EU and Africa; and more

Security14 Aug 2023 | 1

INTERPOL shutters '16shop' phishing-as-a-service outfit

Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60

Security09 Aug 2023 |

American and Southwest Airlines pilot candidate data exposed

Time to start practising identity protection

Cyber-crime26 Jun 2023 | 2

North Korea created very phishy evil twin of Naver, South Korea's top portal

Think of it as a fake Google tuned for credential capture and you'll understand why authorities want to kill it

Security15 Jun 2023 | 9

Posing as journalists, Pink Drainer pilfers $3.3M in crypto

First the interview, then the phishing attack

Cyber-crime12 Jun 2023 | 10

You might have been phished by the gang that stole North Korea’s lousy rocket tech

US, South Korea, warn 'Kimsuky' is a very sophisticated social engineer

Security02 Jun 2023 | 13

Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammer

FBI warns jobseekers to be very skeptical of working holidays in Cambodia

Cyber-crime23 May 2023 | 17

Russia's APT28 targets Ukraine government with bogus Windows updates

Nasty emails designed to infect systems with info-stealing malware

Cyber-crime02 May 2023 | 4

ChatGPT fans need 'defensive mindset' to avoid scammers and malware

Palo Alto Networks spots suspicious activity spikes such as naughty domains, phishing, and worse

AI + ML21 Apr 2023 | 4

April brings tulips, taxes ... and phisherfolk scammers

Tactical#Octopus: Don't let users click on that zip file

Research03 Apr 2023 | 6

Vietnam threatens to cut off two million mobile subscribers

To scupper scams, account-holders must hand over personal info or else

Security03 Apr 2023 | 7

Police pounce on 'pompompurin' – alleged mastermind of BreachForums

In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals

Security20 Mar 2023 | 3

SVB collapse's mix of money, urgency and uncertainty makes it irresistible to scammers

Phishing, dodgy domain names, and sophisticated attacks already deployed

Security15 Mar 2023 | 1

Refreshed from its holiday, Emotet has gone phishing

Notorious botnet starts spamming again after a three-month pause

Research09 Mar 2023 | 2

Namecheap admits 'unauthorized emails' pwning its customers

Blames 'third-party provider' as phishers drain Ethereum wallets

Security13 Feb 2023 | 10