27 Feb 2019

Attackers Continue to Focus on Users, Well-Worn Techniques

Two new research reports indicate that threat actors mostly rely on traditional techniques, including phishing and credential stuffing, to target organizations. Trend Micro’s yearly security report for 2018 shows that the company detected 82% more phishing URLs in 2018 than it did the year before. The other report, a Rapid7

Read More
19 Feb 2019

Hackers Use Compromised Banks as Starting Points for Phishing Attacks

A new report by Group-IB indicates that cyber attacks on financial institutions can create a domino-effect when threat actors use their foothold on a breached network to infiltrate the systems of connected organizations in other parts of the world. Group-IB has seen various real world instances of these kinds of chain

Read More
07 Feb 2019

Clever Phishing Attack Enlists Google Translate to Spoof Login Page

Akamai researchers have uncovered a new and unique phishing campaign. As in all phishing campaigns, the threat actors are out to obtain sensitive information from victims. In this case, they want to trick victims into filling out their Facebook and Google login credentials on a fake website. However, instead of creating

Read More
24 Jan 2019

Microsoft remains the most impersonated brand, Netflix phishing spikes

According to Vade Secure’s latest phishing report, the most impersonated brand in the final quarter of last year was Microsoft (again). The other brands making up the top 10 were Netflix, Paypal, Bank of America, Chase, DHL, Facebook, Docusign, Linkedin and Dropbox. Phishing messages pretending to come from Netflix increased

Read More
16 Jan 2019

Fortnite vulnerabilities would have allowed attackers to intercept and steal login credentials

Research by Check Point has uncovered serious vulnerabilities in the user login process of Fortnite, the immensely popular online battle royale game. The flaws, which have recently been patched, could enable attackers to manipulate the login process by means of a phishing link, in order to steal users’ login credentials

Read More
09 Jan 2019

New tool automates phishing attacks that bypass 2FA

At the start of this year, Polish researcher Piotr Duszyński published Modlishka, a new penetration testing tool that makes the automation of phishing attacks easier than ever before, and even allows attackers to bypass two-factor authentication (2FA) for targeted accounts. Modlishka is considered a reverse proxy that sits between a

Read More