05 Jul 2019

The biggest concern for election security may be phishing

Outdated voting machines that are vulnerable to hacking are hardly the only cybersecurity concern for US election security officials. Earlier this week, the US Department of Homeland Security warned election officials across the country about the threat of phishing campaigns. Threat actors are targeting election officials with seemingly legitimate emails

Read More
04 Jul 2019

This hacking gang just switched its malware attacks to a new target

The notorious cybercriminal group TA505 has fundamentally changed its tactics in recent campaigns, Proofpoint recently discovered. While TA505 is known for distributing Trojans, information stealers, ransomware and other malware in large-scale campaigns, it has now shifted toward more targeted phishing attacks. The hacking group also began using a new malware

Read More
02 Jul 2019

Four in 10 North American Banks Don’t Use EV Certificates

A new Sectigo report rates the data protection practices of the largest banks in North America and Europe. While the research found that all major banks use SSL certificates in some form, 40% of the North American banks leave customers vulnerable to phishing scams because they do not extended validation

Read More
01 Jul 2019

This Scary Game Stole Passwords From Thousands of Android Users

Security researchers with Wandera recently discovered that a seemingly legitimate Android mobile game available on Google Play actually targeted users with adware, and phishing attacks aimed at stealing Google account credentials. The game, called Scary Granny, was downloaded by 50,000 users before Google was informed about is malicious nature by

Read More
01 Jul 2019

New Dridex Variant Slips By Anti-Virus Detection

Security researchers with eSentire have detected a new phishing campaign involving a sophisticated new version of Dridex, a banking Trojan that was first spotted in 2011. The new Dridex version is capable of bypassing anti-malware software, a very disturbing development. Dridex has remained popular over the years because it is

Read More
26 Jun 2019

Malicious URL attacks using HTTPS surge across the enterprise

The latest Email Threat report by FireEye shows that threat actors are increasingly using HTTPS in order to make malicious URLs to seem legitimate. Between Q4 of 2018 and Q1 of this year, the number of malicious HTTPS links increased by 26%. Malicious email attachments are becoming less common. Phishing

Read More
20 Jun 2019

Mozilla Patches Firefox Critical Flaw Under Active Attack

Mozilla has issued a patch for a critical security flaw affecting Windows, macOS and Linux versions of the popular Firefox browser. Threat actors have already begun exploiting the vulnerability, tracked as CVE-2019-11707, in targeted campaigns in order to take over machines running the vulnerable browser. The flaw was found on

Read More
20 Jun 2019

Phishing Attack Exposes Data of 645,000 Oregon DHS Clients

The Department of Human Services (DHS) in Oregon suffered a data breach earlier this year in which a threat actor obtained unauthorized access to the personal data of around 645,000 of the agency’s clients. The agency is notifying those impacted by the breach. On January 8, a cybercriminal was able

Read More
18 Jun 2019

How Fraudulent Domains ‘Hide in Plain Sight’

New research by Proofpoint shows that over 3 in 4 firms have found fraudulent domains impersonating their company and a whopping 96% have discovered domains using their exact brand name, but a different top-level domain (TLD), i.e. examplebusiness.net instead of examplebusiness.com. According to Kevin Epstein of Proofpoint, fraudulent domains represent

Read More
17 Jun 2019

Three US Universities Disclose Data Breaches Over Two-Day Span

A recent string of data breaches impacting three US universities serves as a reminder that universities are major targets for cybercrime. Graceland University discovered that an “unauthorized user gained access to the email accounts of current employees,” and was thereby able to obtain the personal information of anyone who had

Read More