Tag: phishing
-
KI-gestützte Cybersicherheit 10 Prognosen für das Jahr 2025
by
in SecurityNewsSchon seit vielen Jahren warnen Cybersicherheitsexperten auf der ganzen Welt vor den Gefahren KI-gestützter Cyberangriffe. Langsam werden diese Warnungen nun Realität. In diesem Jahr kam KI noch vor allem in Deepfake-, Phishing- und Spear Phishing-Kampagnen zum Einsatz. Für die kommenden Jahre ist aber mit einem deutlichen Anstieg der Anwendungsfälle zu rechnen. KI-gestützte Cyberangriffe werden mehr…
-
New VIPKeyLogger Via Weaponized Office Documenrs Steals Login Credentials
by
in SecurityNewsThe VIPKeyLogger infostealer, exhibiting similarities to the Snake Keylogger, is actively circulating through phishing campaigns. Delivered as attachments disguised as archives or Microsoft 365 files, it employs malicious Microsoft Office documents to spread through command-and-control (C2) infrastructure. It targets sensitive data, including login credentials, financial information, system data, and personally identifiable information, posing a significant…
-
European companies hit with effective DocuSign-themed phishing emails
by
in SecurityNewsA threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple victims in different … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/18/european-companies-docusign-themed-phishing-owa-microsoft-azure/
-
LedgerKampagne: Fake E-Mail will an eure Krypto-Wallets
by
in SecurityNewsAchtung Phishing-Welle!! Gut gemachte Phishing-E-Mails zielen auf Ledger-Recovery-Phrasen ab. So schützt ihr eure Krypto-Wallet. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/krypto/ledger-phishing-kampagne-fake-e-mail-will-an-eure-krypto-wallets-306406.html
-
Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns
by
in SecurityNewsAttackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations. Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts. Google Calendar: A Trusted Tool Turned Target Google Calendar, a widely used scheduling tool with over…
-
5 Reasons to Create a Certificate Lifecycle Management Policy for the New Year
by
in SecurityNewsA CLM policy also puts you in the best position to mitigate and prevent cyberthreats, including man-in-the-middle attacks and phishing scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/5-reasons-to-create-a-certificate-lifecycle-management-policy-for-the-new-year/
-
Key strategies to enhance cyber resilience
by
in SecurityNews
Tags: attack, awareness, backup, banking, breach, business, ceo, compliance, control, crowdstrike, cyber, cybersecurity, data, finance, government, group, healthcare, incident, incident response, infrastructure, insurance, metric, network, phishing, programming, ransom, ransomware, resilience, risk, security-incident, service, skills, software, strategy, supply-chain, technology, threat, training, update, vulnerability, windowsThe faulty CrowdStrike software update that triggered IT outages on a global scale in July was a sobering reminder of the importance of incident response and business continuity plans.The update caused more than eight million Windows devices to crash and take down with them airline reservation systems, hospital and government services, financial and banking applications…
-
Phishers cast wide net with spoofed Google Calendar invites
by
in SecurityNewsNot that you needed another reason to enable the ‘known senders’ setting First seen on theregister.com Jump to article: www.theregister.com/2024/12/18/google_calendar_spoofed_in_phishing_campaign/
-
New fake Ledger data breach emails try to steal crypto wallets
by
in SecurityNewsA new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-fake-ledger-data-breach-emails-try-to-steal-crypto-wallets/
-
390,000 WordPress credentials compromised via phishing, GitHub repos
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos
-
Sophisticated TA397 Malware Targets Turkish Defense Sector
Sophisticated phishing attack targeting Turkey’s defense sector revealed TA397’s advanced tactics First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ta397-malware-targets-turkish/
-
Check Point entdeckt neue Phishing-Angriffsmethode über den Google Calendar
by
in SecurityNewsDer Missbrauch von Google Calendar zeigt, wie kreativ Cyberkriminelle vorgehen, um Schutzmechanismen zu umgehen. Unternehmen und Nutzer müssen wachsam bleiben und ihre Sicherheitsvorkehrungen kontinuierlich anpassen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-neue-phishing-angriffsmethode-ueber-den-google-calendar/a39305/
-
Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks
A new phishing campaign has been observed employing tax-themed lures to deliver a stealthy backdoor payload as part of attacks targeting Pakistan.Cybersecurity company Securonix, which is tracking the activity under the name FLUX#CONSOLE, said it likely starts with a phishing email link or attachment, although it said it couldn’t obtain the original email used to…
-
Hacker missbrauchen Google-Calendar zum Angriff auf Postfächer
by
in SecurityNewsCheck Point hat eine neue Hacker-Kampagne aufgedeckt: Der Google-Calendar wird missbraucht, um Postfächer anzugreifen. Sie missbrauchen dabei Benachrichtigungen, um Phishing-E-Mails an den Sicherheitsmaßnahmen vieler Postfächer vorbei zu schmuggeln. Google-Calendar ist ein Tool zur Organisation von Zeitplänen und zur Zeitverwaltung, das Einzelpersonen und Unternehmen bei der effizienten Planung ihrer Arbeitszeit unterstützt. Nach Angaben von Calendly.com wird…
-
LW ROUNDTABLE, How 2024’s cyber threats will transform the security landscape in 2025
Continuing our look back at 2024, part two of Last Watchdog’s year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/lw-roundtable-how-2024s-cyber-threats-will-transform-the-security-landscape-in-2025/
-
Organizations Warned of Rise in Okta Support Phishing Attacks
by
in SecurityNewsOkta has warned customers that it has seen an increase in phishing attacks impersonating its support team. The post Organizations Warned of Rise in Okta Support Phishing Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/organizations-warned-of-rise-in-okta-support-phishing-attacks/
-
Cyber Criminals Exploit Windows Management Console to Deliver Backdoor Payloads
A recent campaign dubbed FLUX#CONSOLE has come to light, leveraging Microsoft Common Console Document (.MSC) files to infiltrate systems with backdoor malware. The campaign showcases the growing sophistication of phishing techniques and the exploitation of lesser-known Windows features. The FLUX#CONSOLE Campaign The FLUX#CONSOLE campaign has been identified as a multi-stage attack with sinister objectives. By using MSC files, threat actors…
-
Threat Actors Exploit Fake Brand Collaborations to Target YouTube Channels
by
in SecurityNewsA recent report from CloudSek’s Threat Researcher Team exposes a highly sophisticated phishing campaign that targets popular YouTube channels through fraudulent brand collaboration offers. Threat actors behind this scheme employ... First seen on securityonline.info Jump to article: securityonline.info/threat-actors-exploit-fake-brand-collaborations-to-target-youtube-channels/
-
Voice Phishing on Microsoft Teams Facilitates DarkGate Malware Attack
by
in SecurityNewsTrend Micro has revealed a new vector for cyberattacks: voice phishing (vishing) conducted via Microsoft Teams. This tactic was recently employed to distribute DarkGate malware, a sophisticated threat capable of... First seen on securityonline.info Jump to article: securityonline.info/voice-phishing-on-microsoft-teams-facilitates-darkgate-malware-attack/
-
Microsoft Teams Vishing Spreads DarkGate RAT
A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/vishing-via-microsoft-teams-spreads-darkgate-rat
-
Catching the ghost in the machine: Adapting threat detection to cloud speed
by
in SecurityNewsThe rapid adoption of cloud technology has transformed how businesses operate, offering scalability, agility, and opportunities for innovation. However, this transformation has also introduced a profound challenge: the “ghost in the machine””, elusive and dynamic threats that exploit the complexity and scale of cloud environments to remain hidden, evading traditional detection methods and posing significant…
-
Malware Hidden in Fake Business Proposals Hits YouTube Creators
by
in SecurityNewsCybercriminals are targeting YouTube creators with sophisticated phishing attacks disguised as brand collaborations. Learn how to identify these scams, protect your data, and safeguard your online presence First seen on hackread.com Jump to article: hackread.com/malware-fake-business-proposals-hits-youtube-creators/
-
YouTube Creators Targeted in Global Phishing Campaign
by
in SecurityNewsOver 200,000 YouTube creators have been targeted by malware-laden phishing emails with the aim of infecting their followers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/youtube-creators-global-phishing/
-
New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
by
in SecurityNewsCybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss.”The main goal of the fraudsters is to lead victims to phishing websites and forms that harvest…
-
December 2024 Cyble Report: Malware, Phishing, and IoT Vulnerabilities on the Rise
by
in SecurityNewsThe latest First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cyble-sensor-intelligence-report/
-
Security leaders top 10 takeaways for 2024
by
in SecurityNews
Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerabilityThis year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…