As if working at Helldesk weren't bad enough, IT helpers now targeted by cybercrims Wave of Okta attacks mark what researchers are calling the biggest security trend of the year Research15 Mar 2024 | 15
Iranian charged over attacks against US defense contractors, government agencies $10M bounty for anyone with info leading to Alireza Shafie Nasab's identification or location Security01 Mar 2024 | 3
Crooks hook hundreds of exec accounts after phishing in Azure C-suite pond Plenty of successful attacks observed with dangerous follow-on activity Cyber-crime13 Feb 2024 | 6
Deepfake CFO tricks Hong Kong biz out of $25 million Recordings of past vidchats suspected as source of fakery – so there's another class of data you need to lock down AI + ML05 Feb 2024 | 27
BreachForums admin 'Pompourin' sentenced to 20 years of supervised release Infosec in brief Also: Another UEFI flaw found; Kaspersky discovers iOS log files actually work; and a few critical vulnerabilities Security22 Jan 2024 | 16
ShinyHunters chief phisherman gets 3 years, must cough up $5M Sebastien Raoult developed various credential-harvesting websites over more than 2 years Cyber-crime10 Jan 2024 | 5
Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials Research highlights how major attacks like those exploiting Booking.com are executed Cyber-crime20 Dec 2023 | 20
Hershey phishes! Crooks snarf chocolate lovers' creds Stealing Kit Kat maker's data?! Give me a break Security04 Dec 2023 | 48
Microsoft unveils shady shenanigans of Octo Tempest and their cyber-trickery toolkit Gang thought to be behind attack on MGM Resorts has a skillset larger than most cybercrime groups in existence Research27 Oct 2023 | 1
Telcos should compensate phished subscribers, suggests Singapore Regulator reckons letting scam texts through is a culpable act Cybersecurity Month26 Oct 2023 | 6
Pro-Russia group exploits Roundcube zero-day in attacks on European government emails With this zero-day, researchers say the 'scrappy' group is stepping up its operations Cyber-crime25 Oct 2023 | 4
D-Link clears up 'exaggerations' around data breach Who knew 3 million actually means 700 in cybercrime forum lingo? Cyber-crime18 Oct 2023 | 5
South Korea accuses North of Phish and Ships attack Kim Jong-un looks at industry's progress with green eyes, says South Korea's spy agency Cyber-crime05 Oct 2023 |
Singapore may split liability for phishing losses between banks and victims Won't someone please think of the banks? Cyber-crime20 Sep 2023 | 14
More Okta customers trapped in Scattered Spider's web Oktapus phishing campaign criminals are back in action Cyber-crime01 Sep 2023 |
US government to investigate China's Microsoft email breach Infosec in brief PLUS: Phishing campaign targets the C-suite; Cybercrime arrests in EU and Africa; and more Security14 Aug 2023 | 1
INTERPOL shutters '16shop' phishing-as-a-service outfit Alleged administrator cuffed in Indonesia, associate arrested in Japan, accused of selling fake Amazons for $60 Security09 Aug 2023 |
American and Southwest Airlines pilot candidate data exposed Time to start practising identity protection Cyber-crime26 Jun 2023 | 2
North Korea created very phishy evil twin of Naver, South Korea's top portal Think of it as a fake Google tuned for credential capture and you'll understand why authorities want to kill it Security15 Jun 2023 | 9
Posing as journalists, Pink Drainer pilfers $3.3M in crypto First the interview, then the phishing attack Cyber-crime12 Jun 2023 | 10
You might have been phished by the gang that stole North Korea’s lousy rocket tech US, South Korea, warn 'Kimsuky' is a very sophisticated social engineer Security02 Jun 2023 | 12
Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammer FBI warns jobseekers to be very skeptical of working holidays in Cambodia Cyber-crime23 May 2023 | 17
Russia's APT28 targets Ukraine government with bogus Windows updates Nasty emails designed to infect systems with info-stealing malware Cyber-crime02 May 2023 | 4
ChatGPT fans need 'defensive mindset' to avoid scammers and malware Palo Alto Networks spots suspicious activity spikes such as naughty domains, phishing, and worse AI + ML21 Apr 2023 | 4
April brings tulips, taxes ... and phisherfolk scammers Tactical#Octopus: Don't let users click on that zip file Research03 Apr 2023 | 6
Vietnam threatens to cut off two million mobile subscribers To scupper scams, account-holders must hand over personal info or else Security03 Apr 2023 | 7
Police pounce on 'pompompurin' – alleged mastermind of BreachForums In Brief Crypto laundering service gets cleaned up by police and SVB mess draws in more criminals Security20 Mar 2023 | 3
SVB collapse's mix of money, urgency and uncertainty makes it irresistible to scammers Phishing, dodgy domain names, and sophisticated attacks already deployed Security15 Mar 2023 | 1
Refreshed from its holiday, Emotet has gone phishing Notorious botnet starts spamming again after a three-month pause Research09 Mar 2023 | 2
Namecheap admits 'unauthorized emails' pwning its customers Blames 'third-party provider' as phishers drain Ethereum wallets Security13 Feb 2023 | 10
Reddit reveals security incident that looks more SNAFU than TIFU Phishing hooked internal documents, code, and some non-critical systems, but users' personal info safe Cyber-crime10 Feb 2023 | 8
Attackers abuse Microsoft’s 'verified publisher' status to steal data Malicious OAuth apps were the tickets into victims' systems Security01 Feb 2023 | 7
Microsoft to enterprises: Patch your Exchange servers If you want to keep the miscreants out, put the updates in, Redmond says Patches28 Jan 2023 | 14
UK Cyber Security Centre's scary new story: One phish, two phish, Russia phish, Iran phish Nice people on LinkedIn want to harvest logins from politicians, boffins, and defense types Cyber-crime27 Jan 2023 | 10
IT security teams, business execs still not on same page In brief Also: Guri the air-gap guru strikes again, while pro-Ukraine hackers set up a proxy network in Russia Security12 Dec 2022 | 6
World Cup phishing emails spike in Middle Eastern countries That's where the money is Security21 Nov 2022 | 6
Robin Banks crooks back at the table with fresh phish from Russia Phishing-as-a-service group's toolset now includes ways to get around MFA Research08 Nov 2022 | 1
Microsoft hits the switch on password-free smartphone authentication No more MF phish on this MFA cellphone as Azure AD CBA + YubiKey hits preview Security07 Nov 2022 | 23
Multi-factor auth fatigue is real – and it's why you may be in the headlines next Analysis Overwhelmed by waves of push notifications, worn-down users inadvertently let the bad guys in Security03 Nov 2022 | 88
Dropbox admits 130 of its private GitHub repos were copied after phishing attack Personal info and data safe, stolen code not critical, apparently Cyber-crime01 Nov 2022 | 2
Gone phishing: UK data watchdog fines construction biz £4.4m for poor infosec hygiene Staff member bit on lure, ultimately exposed up to 113,000 colleagues' personal information Cyber-crime25 Oct 2022 | 11
DHL named most-spoofed brand in phishing With Microsoft and LinkedIn close on shipping giant's heels Research24 Oct 2022 | 4
FBI: Looking for Biden's student loan forgiveness? Watch out for these scams You really think someone would do that? Just go on the internet and steal identities? Cyber-crime19 Oct 2022 | 8
Phishing works so well crims won't bother with deepfakes, says Sophos chap People reveal passwords if you ask nicely, so AI panic is overblown Research17 Oct 2022 | 15
US election workers slammed with phishing, malware-stuffed emails It's almost like there's some midterms coming up Security12 Oct 2022 | 6
FCC takes on robotexts. Good news if your dad thinks IRS gives SMS rebates But how will you know when your vehicle's extended warranty has expired? Networks03 Oct 2022 | 16
The web's cruising at 13 million new and nefarious domain names a month Or so Akamai is dying to tell us Research28 Sep 2022 | 10
Microsoft says it's boosted phishing protection in Windows 11 22H2 Security tool warns admins, users when a password is used on an untrusted site or stored locally Security27 Sep 2022 | 12
Cisco: Yes, Yanluowang leaked our data. No, it's not serious Everything's fine! Security13 Sep 2022 | 4
Chinese-linked cyber crims nab $529 million from Indian nationals Authorities also bust a shell company scam operation with links to the Middle Kingdom Security13 Sep 2022 | 6
Dump these small-biz routers, says Cisco, because we won't patch their flawed VPN Nothing like an authentication bypass for your private IPSec network CSO08 Sep 2022 | 56
Cyberattack brings down InterContinental Hotels' booking systems Online booking systems and other services knocked offline amid network intrusion Cyber-crime06 Sep 2022 | 16
Now Oktapus gets access to some DoorDash customer info via phishing attack Double check who exactly you're sending your username and password to, eh? Cyber-crime26 Aug 2022 | 8
Twilio, Cloudflare just two of 135 orgs targeted by Oktapus phishing campaign Updated This, this is more like what we mean by a sophisticated cyberattack CSO25 Aug 2022 | 6
Hiding a phishing attack behind the AWS cloud Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials Security22 Aug 2022 | 7
After 7 years, long-term threat DarkTortilla crypter is still evolving .NET-based malware can push wide range of malicious payloads, and evades detection, Secureworks says CSO17 Aug 2022 | 2
Reckon Russian spies are lurking in your inbox? Check for these IOCs, Microsoft says Seaborgium targeted dozens of orgs this year alone CSO16 Aug 2022 | 7
Cisco admits corporate network compromised by gang with links to Lapsus$ Voice-phished their way in, but Switchzilla claims no damage done Security11 Aug 2022 | 7
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too Attack was foiled by content delivery network's hardware security keys Security10 Aug 2022 | 10
Twilio customer data exposed after its staffers got phished Comms giant says several other firms targeted in 'sophisticated attack' Cyber-crime08 Aug 2022 | 13
Decentralized IPFS networks forming the 'hotbed of phishing' P2P file system makes it more difficult to detect and take down malicious content Security29 Jul 2022 | 23