16 Oct 2019

Fake mobile app fraud tripled in first half of 2019

In the first six months of this year, phishing campaigns rose by 6% compared to the second half of 2018, while other fraud attacks such as fake mobile apps and financial malware skyrocketed, increasing by 191% and 80%, respectively, a new report by RSA Security shows. Phishing remained the top

Read More
14 Oct 2019

Iran-Linked ‘Charming Kitten’ Touts New Spearphishing Tactics

Iranian state-backed hacking group APT 25 (also known as Charming Kitten, Phosphorus, Ajax Security Team, NewsBeef and Newscaster) has updated its attack techniques to carry out a spearphishing campaign targeting US President Donald Trump’s re-election campaign, according to recent research[pdf] by ClearSky Cyber Security. The report states that the new attack

Read More
10 Oct 2019

Financial industry spending millions to deal with breaches in 2019

82% of organizations suffered a DNS attack last year, and many companies were hit multiple times, with the average number of attacks per company falling just short of 9.5, a new report by EfficientIP shows. Because the average cost per attack exceed $1.3 million, companies can expect to lose over

Read More
09 Oct 2019

Only 1 in 5 enterprises have DMARC records set up with an enforcement policy

A new Valimail report shows that while companies are increasingly adopting the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol for email authentication, which is designed to prevent email spoofing attacks, the vast majority have not configured it properly. In fact, only 17% of email domains using DMARC have an enforcement

Read More
09 Oct 2019

Phishing attempts increase 400%, many malicious URLs found on trusted domains

Between January and July of this year, the number of detected phishing URLs surged by 400%, a recent Webroot study found. Phishing attacks continue to get more sophisticated, with 29% of phishing sites now using HTTPS in order to appear more legitimate, while 24% of malicious URLS are hosted on

Read More
08 Oct 2019

FBI warns about attacks that bypass multi-factor authentication (MFA)

Last month, the US Federal Bureau of Investigation (FBI) warned private industry partners that sophisticated cyberattacks capable of bypassing multi-factor authentication (MFA) solutions are on the rise. The FBI stated that threat actors were increasingly “circumventing multi-factor authentication through common social engineering and technical attacks” and listed a number of

Read More
03 Oct 2019

New Silent Starling Attack Group Puts Spin on BEC

Security researchers with Agari warn that scammers are targeting companies with a new technique, which is a variation of business email compromise (BEC). The new attack, dubbed “vendor email compromise,” has been used by the Silent Starling group that is operating from West Africa. The scammers have so far taken

Read More
02 Oct 2019

New Adwind RAT Variant Used Against the US Petroleum Sector

Security researchers with Netskope have uncovered a sophisticated malware campaign targeting firms in the US petroleum industry. Companies in the sector are receiving malicious phishing messages that trigger the download of a new variant of the Adwind Remote Access Trojan (RAT). Adwind is also known as jRAT, AlienSpy, JSocket, and

Read More
27 Sep 2019

75% of execs cite phishing as the most significant security threat to businesses

A new report by CybeReady shows that three in four (75%) executives consider phishing to be the top threat to their organization. A majority (58%) of respondents said that cybersecurity / phishing awareness training is a better way to mitigate the phishing threat than purchasing technology solutions. However, many companies

Read More
25 Sep 2019

Zebrocy Retools for New Political Attacks

Notorious Russian hacking group Fancy Bear (aka Sofacy, APT28 and Sednit) is targeting embassies and foreign affairs ministries in Eastern European and Central Asian countries in a new spearphishing campaign, researchers with ESET have discovered. The phishing emails contain a malicious attachment that delivers an updated version of the Zebrocy

Read More