phishing - Security Ticks

Is the cybersecurity community’s obsession with compliance counter-productive?

CISO, Compliance, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, News, opinion, phishing, trackd, vulnerability / SecurityTicks

Is the cybersecurity community’s obsession with compliance counter-productive? 29/08/2023 at 07:01 By Help Net Security Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have […]

React to this headline:

Is the cybersecurity community’s obsession with compliance counter-productive? Read More »

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed

Cryptocurrency, data breach, Don't miss, Hot stuff, Kroll, News, phishing, T-Mobile / SecurityTicks

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed 28/08/2023 at 14:48 By Helga Labus Financial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August

React to this headline:

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed Read More »

Open redirect flaws increasingly exploited by phishers

Don't miss, Hot stuff, Kroll, News, phishing, security awareness, social engineering, training / SecurityTicks

Open redirect flaws increasingly exploited by phishers 23/08/2023 at 12:49 By Helga Labus Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider refreshing employees’ awareness and knowledge on how to spot them. Malicious URL redirection Open redirect vulnerabilities in web

React to this headline:

Open redirect flaws increasingly exploited by phishers Read More »

Cybercriminals turn to AI to bypass modern email security measures

Artificial Intelligence, attacks, BEC scams, cybercriminals, cybersecurity, Email, email security, News, Osterman Research, Perception Point, phishing, report, scams, threats / SecurityTicks

Cybercriminals turn to AI to bypass modern email security measures 23/08/2023 at 06:31 By Help Net Security Cybercriminals employ artificial intelligence (AI) to create complex email threats like phishing and business email compromise (BEC) attacks, while modern email security systems use AI to counter these attacks, according to Perception Point and Osterman Research. AI’s role

React to this headline:

Cybercriminals turn to AI to bypass modern email security measures Read More »

Zimbra users in Europe, Latin America face phishing threat

credentials, Don't miss, ESET, Europe, Government, Hot stuff, News, phishing, SMBs, social engineering / SecurityTicks

Zimbra users in Europe, Latin America face phishing threat 18/08/2023 at 11:04 By Help Net Security ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions. About the Zimbra phishing campaign The campaign has been

React to this headline:

Zimbra users in Europe, Latin America face phishing threat Read More »

30% of phishing threats involve newly registered domains

BEC scams, Cloudflare, Email, human error, identity, News, phishing, report, zero trust / SecurityTicks

30% of phishing threats involve newly registered domains 18/08/2023 at 05:31 By Help Net Security Phishing remains the most dominant and fastest growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to Cloudflare. While business email compromise (BEC)

React to this headline:

30% of phishing threats involve newly registered domains Read More »

Malicious QR Codes Used in Phishing Attack Targeting US Energy Company

cybercrime, energy, phishing, QR / SecurityTicks

Malicious QR Codes Used in Phishing Attack Targeting US Energy Company 17/08/2023 at 19:02 By Ionut Arghire A widespread phishing campaign utilizing malicious QR codes has hit organizations in various industries, including a major energy company in the US. The post Malicious QR Codes Used in Phishing Attack Targeting US Energy Company appeared first on

React to this headline:

Malicious QR Codes Used in Phishing Attack Targeting US Energy Company Read More »

Phishers use QR codes to target companies in various industries

Cofense, Don't miss, Hot stuff, Microsoft, News, phishing, QR codes / SecurityTicks

Phishers use QR codes to target companies in various industries 17/08/2023 at 13:01 By Helga Labus A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major Energy company based in the US, saw about 29% of the over 1000 emails

React to this headline:

Phishers use QR codes to target companies in various industries Read More »

Product showcase: Free email security test by ImmuniWeb Community Edition

Don't miss, email security, FBI, Hot stuff, ImmuniWeb, News, phishing, Product showcase, software / SecurityTicks

Product showcase: Free email security test by ImmuniWeb Community Edition 14/08/2023 at 07:03 By Help Net Security According to an FBI report, in 2022, global losses from business email compromise (BEC) and email account compromise (EAC) attacks attained $43 billion, hitting a historic anti-record. Multiple cybersecurity vendors, including Microsoft and Trend Micro, reported a rapid

React to this headline:

Product showcase: Free email security test by ImmuniWeb Community Edition Read More »

Microsoft 365 accounts of execs, managers hijacked through EvilProxy

account hijacking, Don't miss, Hot stuff, MFA, Microsoft 365, News, phishing, Proofpoint / SecurityTicks

Microsoft 365 accounts of execs, managers hijacked through EvilProxy 10/08/2023 at 14:48 By Helga Labus A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. The rise of phishing-as-a-service As organizations increasingly employ multi-factor authentication (MFA),

React to this headline:

Microsoft 365 accounts of execs, managers hijacked through EvilProxy Read More »

Utilization of Leaked Ransomware Builders in Tech-Related Scams

Builders, Chaos Ransomware, CraxsRAT, Microsoft Services.exe, NoCry Ransomware, phishing, Pwdsueslxagy.exe, Ransomware, System.exe, Tech Scam, Timestomping, Vippqmccfq‎.exe / SecurityTicks

Utilization of Leaked Ransomware Builders in Tech-Related Scams 09/08/2023 at 22:02 By rohansinhacyblecom Key Takeaways This blog sheds light on a new Tech Scam wherein scammers employ deceptive tactics to lure users into paying for non-existent antivirus solutions. Uncovering Tech Scammers possible involvement in different ransomware attacks. The IP address of a domain used in

React to this headline:

Utilization of Leaked Ransomware Builders in Tech-Related Scams Read More »

Sophisticated SiMay RAT Spreads Via Telegram Phishing Site

Gh0st RAT, Keylogger, phishing, Remote Access Trojan, SiMay, SiMay RAT, Telegram / SecurityTicks

Sophisticated SiMay RAT Spreads Via Telegram Phishing Site 09/08/2023 at 22:02 By rohansinhacyblecom Keylogger and Gh0st RAT Variant deployed to spy on Users Threat actors (TAs) have been relentlessly employing diverse techniques to propagate malware by leveraging counterfeit websites of renowned applications. Cyble Research and Intelligence Labs (CRIL) reported on a trojanized version

React to this headline:

Sophisticated SiMay RAT Spreads Via Telegram Phishing Site Read More »

Russian APT phished government employees via Microsoft Teams

APT, Don't miss, Government, government-backed attacks, Hot stuff, Microsoft, Microsoft Teams, News, phishing, social engineering / SecurityTicks

Russian APT phished government employees via Microsoft Teams 03/08/2023 at 15:17 By Zeljka Zorz An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. A social engineering attack to bypass MFA protection “To facilitate their attack, the actor uses Microsoft

React to this headline:

Russian APT phished government employees via Microsoft Teams Read More »

Salesforce Email Service Zero-Day Exploited in Phishing Campaign

email security, Featured, phishing, Salesforce / SecurityTicks

Salesforce Email Service Zero-Day Exploited in Phishing Campaign 03/08/2023 at 12:47 By Eduard Kovacs Threat actors have exploited a Salesforce email service zero-day vulnerability and abused Meta features in a sophisticated phishing campaign. The post Salesforce Email Service Zero-Day Exploited in Phishing Campaign appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Salesforce Email Service Zero-Day Exploited in Phishing Campaign Read More »

Shield and Visibility Solutions Target Phishing From Inside the Browser

phishing / SecurityTicks

Shield and Visibility Solutions Target Phishing From Inside the Browser 02/08/2023 at 21:18 By Kevin Townsend Menlo Security introduced anti-phishing solutions that analyze what users see on a landing page rather than just analyzing the content of an email. The post Shield and Visibility Solutions Target Phishing From Inside the Browser appeared first on SecurityWeek.

React to this headline:

Shield and Visibility Solutions Target Phishing From Inside the Browser Read More »

Salesforce and Meta suffer phishing campaign that evades typical detection methods

0-day, cybercrime, cybersecurity, email security, Facebook, Guardio, News, phishing, Salesforce, vulnerability / SecurityTicks

Salesforce and Meta suffer phishing campaign that evades typical detection methods 02/08/2023 at 17:18 By Help Net Security The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as was sent from the “@salesforce.com” email address The vulnerability allowed threat actors

React to this headline:

Salesforce and Meta suffer phishing campaign that evades typical detection methods Read More »

Google AMP Abused in Phishing Attacks Aimed at Enterprise Users

phishing / SecurityTicks

Google AMP Abused in Phishing Attacks Aimed at Enterprise Users 02/08/2023 at 15:42 By Ionut Arghire Threat actors are using Google AMP URLs in phishing campaigns as a new detection evasion tactic. The post Google AMP Abused in Phishing Attacks Aimed at Enterprise Users appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Google AMP Abused in Phishing Attacks Aimed at Enterprise Users Read More »

1 in 100 emails is malicious

BEC scams, cybercrime, cybersecurity, News, Perception Point, phishing, report, survey / SecurityTicks

1 in 100 emails is malicious 02/08/2023 at 06:04 By Help Net Security BEC and phishing attacks soar by 20% and 41% respectively in H1 2023, according to Perception Point. Cyber attackers have continued to refine their methods, adopting more sophisticated techniques to exploit vulnerabilities across various sectors. With the ever-increasing reliance on workplace technologies,

React to this headline:

1 in 100 emails is malicious Read More »

The gap in users’ identity security knowledge gives cybercriminals an opening

Artificial Intelligence, cybersecurity, data breach, identity, News, phishing, report, risk, RSA, survey, Verizon, Zimperium / SecurityTicks

The gap in users’ identity security knowledge gives cybercriminals an opening 01/08/2023 at 06:34 By Help Net Security With exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming a super-human problem, according to RSA. Paradoxically, even

React to this headline:

The gap in users’ identity security knowledge gives cybercriminals an opening Read More »

Zero trust rated as highly effective by businesses worldwide

authentication, Beyond Identity, framework, News, passwordless, phishing, report, social engineering, zero trust / SecurityTicks

Zero trust rated as highly effective by businesses worldwide 26/07/2023 at 06:33 By Help Net Security Zero trust is here to stay, with 82% of experts currently working on implementing zero trust, and 16% planning to begin within 18 months, according to Beyond Identity. Over 90% of those working on zero trust cited that the

React to this headline:

Zero trust rated as highly effective by businesses worldwide Read More »