25 Sep 2019

Zebrocy Retools for New Political Attacks

Notorious Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) is targeting embassies and foreign affairs ministries in Eastern European and Central Asian countries in a new spearphishing campaign, researchers with ESET have discovered. The phishing emails contain a malicious attachment that delivers an updated version of the Zebrocy

Read More
25 Sep 2019

Why employees still fall for phishing emails

Almost one in two employees (49%) have put their firm at risk by clicking on a link in an email from an unknown sender, yet 80% believe they can tell the difference between a genuine email and a phishing message, a new Webroot survey shows. While cybersecurity best practices discourage

Read More
24 Sep 2019

More US Utility Firms Targeted in Evolving LookBack Spearphishing Campaign

Researchers with Proofpoint have updated their analysis of a recent spearphishing campaign going after US utility companies. The campaign was initially discovered in July of this year, when three firms were targeted with malicious phishing messages distributing a new kind of remote access trojan (RAT) dubbed LookBack. As it turns

Read More
24 Sep 2019

Massive wave of account hijacks hits YouTube creators

As part of an ongoing coordinated hacking campaign, threat actors have recently taken over several popular YouTube creator accounts, including a number of channels tailoring to the car community. The attackers seem to be targeting channel owners with phishing messages that lead to fake Google websites where victims are asked

Read More
19 Sep 2019

Small businesses underestimate financial damage of cyberattacks

70% of small to mid-sized businesses (SMBs) believe that losses from a successful cyberattack on their firm would not exceed $25,000, while over half think total damages would remain under $10,000, a new AppRiver survey shows. This implies that small business owners are grossly underestimating the amount of money they

Read More
17 Sep 2019

Phishing attacks up, especially against SaaS and webmail services

Phishing attacks increased in the first half of this year, with many campaigns spoofing webmail and software-as-a-service (SaaS) providers, a recent APWG report[pdf] shows. The number of detected phishing campaigns surged from 138,328 in Q4 of 2018 to 180,768 in Q1 of 2019 and then grew further to 182,465 in

Read More
12 Sep 2019

Iranian Hackers Hit Over 60 Universities to Get Library Access

Between July and August of this year, Iranian state-backed hacking group Cobalt Dickens (aka Silent Librarian) targeted over 60 universities across four continents as part of a phishing campaign designed to obtain unauthorized access to university libraries. Secureworks tracked the campaign and recently revealed all known domains linked to the threat

Read More
04 Sep 2019

A look into the frequency and success of phishing attacks on SMBs

In the last 12 months, threat actors targeted 43% of small to mid-sized businesses (SMBs) in the UK with a phishing attack in which they masqueraded as one or more employees, a new CybSafe report found. It is rather worrisome that two-thirds (66%) of targeted SMBs were actually compromised as

Read More
30 Aug 2019

Phishing attacks jump by 21% in latest quarter, says Kaspersky

The number of phishing campaigns increased by 21% in the second quarter of 2019 compared to the same period last year, a new Kaspersky report shows. The firm detected a total of 129.9 million phishing emails that impacted 12.3% of Kaspersky users. The most targeted organizations were banks (30.7%), payment

Read More
29 Aug 2019

North Korean state hackers target retired diplomats and military officials

New research by IssueMakersLab has identified a unique state-sponsored threat campaign targeting retired South Korean government and military officials. Between July and August of this year, hackers linked to the North Korean regime sent spear phishing emails to the accounts of former officials. The emails contained malicious links that redirected

Read More