In the first six months of this year, phishing campaigns rose by 6% compared to the second half of 2018, while other fraud attacks such as fake mobile apps and financial malware skyrocketed, increasing by 191% and 80%, respectively, a new report by RSA Security shows. Phishing remained the top

Iranian state-backed hacking group APT 25 (also known as Charming Kitten, Phosphorus, Ajax Security Team, NewsBeef and Newscaster) has updated its attack techniques to carry out a spearphishing campaign targeting US President Donald Trump’s re-election campaign, according to recent research[pdf] by ClearSky Cyber Security. The report states that the new attack

82% of organizations suffered a DNS attack last year, and many companies were hit multiple times, with the average number of attacks per company falling just short of 9.5, a new report by EfficientIP shows. Because the average cost per attack exceed $1.3 million, companies can expect to lose over

A new Valimail report shows that while companies are increasingly adopting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol for email authentication, which is designed to prevent email spoofing attacks, the vast majority have not configured it properly. In fact, only 17% of email domains using DMARC have an enforcement

Between January and July of this year, the number of detected phishing URLs surged by 400%, a recent Webroot study found. Phishing attacks continue to get more sophisticated, with 29% of phishing sites now using HTTPS in order to appear more legitimate, while 24% of malicious URLS are hosted on

Last month, the US Federal Bureau of Investigation (FBI) warned private industry partners that sophisticated cyberattacks capable of bypassing multi-factor authentication (MFA) solutions are on the rise. The FBI stated that threat actors were increasingly “circumventing multi-factor authentication through common social engineering and technical attacks” and listed a number of

Security researchers with Agari warn that scammers are targeting companies with a new technique, which is a variation of business email compromise (BEC). The new attack, dubbed “vendor email compromise,” has been used by the Silent Starling group that is operating from West Africa. The scammers have so far taken

Security researchers with Netskope have uncovered a sophisticated malware campaign targeting firms in the US petroleum industry. Companies in the sector are receiving malicious phishing messages that trigger the download of a new variant of the Adwind Remote Access Trojan (RAT). Adwind is also known as jRAT, AlienSpy, JSocket, and

A new report by CybeReady shows that three in four (75%) executives consider phishing to be the top threat to their organization. A majority (58%) of respondents said that cybersecurity / phishing awareness training is a better way to mitigate the phishing threat than purchasing technology solutions. However, many companies

Notorious Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) is targeting embassies and foreign affairs ministries in Eastern European and Central Asian countries in a new spearphishing campaign, researchers with ESET have discovered. The phishing emails contain a malicious attachment that delivers an updated version of the Zebrocy