17 Sep 2021

Cyberattacks against the aviation industry linked to Nigerian threat actor

Researchers have uncovered a campaign against the aviation sector and tracked it back to Nigeria-based threat actors. Microsoft Intelligence released a series of tweets outlining the campaign, which it determined to target aerospace and travel sectors with spear-phishing emails distributing an actively developed loader. The loader then delivers two different

Read More
15 Sep 2021

Attackers Impersonate DoT in Two-Day Phishing Scam

Threat actors allegedly impersonated the US Department of Transportation in a two-day phishing campaign, leveraging the recent $1 trillion infrastructure bill. The cyber attackers created new domains mimicking the real DoT site. The campaign combined a series of tactics, such as creating seemingly legitimate domains to evade security detections and

Read More
03 Aug 2021

Chipotle Emails Serve Up Phishing Lures

According to new information, a breach of Chipotle’s restaurant email marketing service last month has lead to customers being targeted with phishing lures in seemingly legitimate emails that then harvested users’ credentials. This attack mirrors earlier Nobelium attacks, according to researchers at Inky, who first reported that Chipotle’s email vendor

Read More
15 Jul 2021

Phishing continues to be one of the easiest paths for ransomware

According to a new survey from Cloudian, ransomware gangs are still using phishing attacks as one of the main methods to gain the initial access into organizations’ systems. Cloudian’s report contains the insight of 200 IT decision-makers who have experienced a ransomware attack in the past two years. According to

Read More
01 Jul 2021

Impersonation Becomes Top Phishing Technique

New research by Avanan reveals that impersonation and credential harvesting attacks are the most common among phishing attackers this year. Avanan’s 2021 Global Phish Cyber Attack Report found that credential harvesting is used in over half of all phishing attacks, up nearly 15% since 2019. Researchers at Avanan also found

Read More
30 Jun 2021

Reported HMRC-Branded Phishing Scams Grew by 87% During COVID-19

Official figures obtained by accountancy group Lanop Outsourcing reveal that HMRC-branded phishing scams grew by 87% during the Covid-19 pandemic. The company gained access to the information after filing a Freedom of Information request. The data revealed that reports of phishing scams impersonating the UK’s tax, payments, and customs authority

Read More
04 Jun 2021

‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles

An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that

Read More
02 Jun 2021

Rhode Islander Charged with Phishing Political Candidates

A Rhode Island woman has been charged with phishing and email fraud after impersonating Microsoft to steal personal information from political candidates and their staff. The woman, Diana Lebeau, allegedly delivered phishing emails to 22 different campaign staffers working for a political candidate around January 2020. Lebeau, who is 21,

Read More
01 Jun 2021

Hackers Exploit Post-COVID Return to Offices

As Covid-19 restrictions begin to lift and thousands of employees return back to offices, ending the work-from-home movement, threat actors are ramping up spear-phishing campaigns. The latest campaign consisted of sending employees emails posing as CIOs welcoming employees back into offices. The emails outline a targeted company’s post-pandemic cubicle protocols,

Read More
24 May 2021

This massive phishing campaign delivers password-stealing malware disguised as ransomware

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised

Read More