The Emotet Trojan, after undergoing a makeover, is back at the top of malware charts, according to Check Point’s Global Threat Index for December 2020. Emotet was re-designed to boast more evasive strategies that prevent detection. The malware was in fifth place in the Global Threat Index in November but

Scammers were able to spoof the New York Department of Labor, sending out emails to thousands of residents from the domain “noreply@labor.ny .gov,” claiming to be sending Covid-19 relief money. The emails bear the NY state logo and capitalize on struggling Americans seeking to claim Covid-19 stimulus checks. The email

According to Barracuda Networks, business email compromise attacks have surged in 2020, alongside Covid-19 related scams seeking to lure victims into surrendering passwords or money. During the period of August to October 2020, Barracuda Networks found that the total number of targeted email threats was a whopping 2.3 million. Spear

The advanced persistent threat (APT) group SideWinder has allegedly launched a campaign targeting Nepal and Afghanistan. The group has also brought new techniques onboard, creating convincing phishing emails, backdoors, and malicious mobile apps to lure targets into handing over valuable information. The APT is leveraging recent territorial disputes between China,

In Lagos, Nigeria, three Nigerian nationals were arrested for their involvement in a widespread Business Email Compromise (BEC) campaign. The three men were also allegedly involved with a large organized crime group known as TMT, which is known to be involved in cybercrime such as phishing attacks, malware distribution, and

Cybercriminals are increasingly exploiting Google Services to conduct phishing and business email compromise (BEC) attacks, according to research firm Armorblox. Attackers are leveraging services provided by Google, such as Forms, Firebase, Docs, and more. A report from Armorblox shows how Google Forms and Docs are being used by malicious actors

GoDaddy employees have allegedly fallen victim to a series of social engineering phishing scams that led them to facilitate attacks on multiple cryptocurrency exchanges. The scam duped employees into changing email and registration records which were then used by cyberattackers to launch attacks on other organizations. The incident was reported

Cybercriminals are preparing for one of the largest hacking days in the US, Black Friday, and Cyber Monday. The shopping holidays attract scammers and hackers due to their nature in pushing a high volume of traffic through eCommerce sites in preparation for the holiday season. Due to the pandemic, shoppers

McAfee security researchers first released detailed information on Operation North Star earlier this year, highlighting the campaigns conducted by Lazarus Group (Hidden Cobra) targeting defense and aerospace companies in a social engineering and phishing campaign. McAfee’s coverage showed that the campaign was larger than previously thought. In the McAfee report,

A new campaign utilizing Google Forms to impersonate popular brands such as Office 365, Wells Fargo, and Microsoft OneDrive has been discovered. The phishing attacks aim to collect credentials from targets, utilizing a common technique in which recipients of the phishing emails are re-directed to fraudulent login pages masquerading as