Researchers have uncovered a campaign against the aviation sector and tracked it back to Nigeria-based threat actors. Microsoft Intelligence released a series of tweets outlining the campaign, which it determined to target aerospace and travel sectors with spear-phishing emails distributing an actively developed loader. The loader then delivers two different

Threat actors allegedly impersonated the US Department of Transportation in a two-day phishing campaign, leveraging the recent $1 trillion infrastructure bill. The cyber attackers created new domains mimicking the real DoT site. The campaign combined a series of tactics, such as creating seemingly legitimate domains to evade security detections and

According to new information, a breach of Chipotle’s restaurant email marketing service last month has lead to customers being targeted with phishing lures in seemingly legitimate emails that then harvested users’ credentials. This attack mirrors earlier Nobelium attacks, according to researchers at Inky, who first reported that Chipotle’s email vendor

According to a new survey from Cloudian, ransomware gangs are still using phishing attacks as one of the main methods to gain the initial access into organizations’ systems. Cloudian’s report contains the insight of 200 IT decision-makers who have experienced a ransomware attack in the past two years. According to

New research by Avanan reveals that impersonation and credential harvesting attacks are the most common among phishing attackers this year. Avanan’s 2021 Global Phish Cyber Attack Report found that credential harvesting is used in over half of all phishing attacks, up nearly 15% since 2019. Researchers at Avanan also found

Official figures obtained by accountancy group Lanop Outsourcing reveal that HMRC-branded phishing scams grew by 87% during the Covid-19 pandemic. The company gained access to the information after filing a Freedom of Information request. The data revealed that reports of phishing scams impersonating the UK’s tax, payments, and customs authority

An unprotected server hosting AMT Games user data has been discovered by security researchers at WizCase. The researchers found that the Elasticsearch server contained the personal data of 6 million players of AMT’s popular game Battle for the Galaxy. The server contained over 1 terabyte of unencrypted data, meaning that

A Rhode Island woman has been charged with phishing and email fraud after impersonating Microsoft to steal personal information from political candidates and their staff. The woman, Diana Lebeau, allegedly delivered phishing emails to 22 different campaign staffers working for a political candidate around January 2020. Lebeau, who is 21,

As Covid-19 restrictions begin to lift and thousands of employees return back to offices, ending the work-from-home movement, threat actors are ramping up spear-phishing campaigns. The latest campaign consisted of sending employees emails posing as CIOs welcoming employees back into offices. The emails outline a targeted company’s post-pandemic cubicle protocols,

Cybersecurity researchers at Microsoft have identified a massive phishing campaign that is distributing trojan malware to create a backdoor into Windows systems, stealing usernames, passwords, and other sensitive information from victims. The phishing messages deliver the latest version of the Java-based STRRAT malware. The email campaign consists of utilizing compromised