A recent spate of attacks using phishing, social engineering, exploits, and obfuscation are being used to spread a Quant Loader trojan capable of distributing ransomware and password stealers.
Phishing has become one of the most pervasive problems facing data security staff today. Generally speaking, a basic phishing attack is relatively easy to conduct and inexpensive for the attacker.
The nine US-indicted Iranians who stand accused of exfiltrating 31 terabytes of research and data from educational institutions, companies and government agencies, allegedly used phishing schemes to steal university credentials.
Cyber-security executives and business decision makers question whether phishing emails or ransomware attacks are the most potent threats faced, but are businesses equipped to implement all-round risk mitigation strategies?
There are some difficult obstacles to overcome in the cyber-security tough-mudder challenge, from ransomware and phishing to insider threats and GDPR, but thorough preparation can boost your chances of success.
Phishme announced that it has been acquired by a consortium of private equity firms and has changed its name to Cofense.
A strange spam campaign that targets Apple customers has been found distributing phishing emails containing an Apple receipt that bills US$ 9.99 (£7) to an Edward Snowden residing at a US address.
People are very predictable when it comes to designing phishing attacks that appeal to a potential victims with people most likely to click on messages concerning money.
Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.
The small US Iowan city of Keokuk has disclosed that a cyber-criminal used a phishing scam to fraudulently obtain an electronic file containing the 2017 W-2 tax forms of current and former employees and elected officials.
Phishing from G-suite users: a weaponised Google spreadsheet hosted on G-Suite opens a remote HTML page which mimics the Google sign-in process and gives the impression that the victim needs to re-authenticate.
BeeToken customers were duped out of more than US$1 million (£700,000) worth of Ethereum in a phishing scam targeting BeeToken's initial coin offering (ICO) in a scam similar to the one that targeted Experty earlier this week.
Several universities and more than 20 companies have been hit with malware whose creators are using several layers of subterfuge to camouflage their phishing attack by taking advantage of a few trusted brand names.
Originally used by reputed North Korean hackers to attack the global banking sector, the Ratankba downloader trojan has been repurposed into a PowerShell-based variant that appears to be targeting small, non-financial organisations.
Just as phishing has evolved, the way organisations detect and deflect these malicious messages must also change, looking at each distinct stages to a phishing attack - before, during and after.
Phishing, smishing and other types of malware are not going anywhere and the risks are only going to rise as mobile becomes a primary device for employees. Companies need to get ahead of the issue rather than responding.
It's essential that IT teams complete patching, updates and changes to their networks before high volume traffic times hit so they can focus on responding quickly to network events and security issues says James Barrett.
Hackers are taking advantage of poorly secured systems at schools in the UK, nicking identifying data, typically through phishing attacks, that they could use to target parents with fake invoices and other means of cyber-crime.
While many organisations still fear of malware being the main burden to their email cyber-resilience, the findings show only 15 percent increase in these type of email attacks compared to the last figures.
Given the volumes of cash swashing around, it's no surprise that leisure and gaming industries have become a target for cyber-crime; new reports suggest there is growing interest on the Dark Web in attacks on the gaming industry.
Malwarebytes researchers are warning IT workers seeking love online to beware "CatPhishing" scams which can leave entire companies devastated.
Security researchers have warned that a new phishing campaign is using the DDE feature in Microsoft Office to deliver DNSMessenger malware undetected.
An attack campaign targeting Android users in Austria has been employing a novel trio of techniques to steal their funds: a credentials phishing web page, malicious banking app overlays, and credit card phishing screens.
Phishing is on an upward trajectory, with a 600% surge in the number of malicious URL emails in Q3 2017. But there are policies and procedures which can be implemented to help prevent users from falling victim to a phishing attack.
Researchers with PhishMe have released the details of a phishing campaign, currently being run in Switzerland, that uses a tax dodge to entice its victims to open an attached file, which will then download the Retefe banking trojan.
Researchers at PhishMe recently detected two email-based phishing campaigns that infected users with either Lockyransomware or the Trickbot banking trojan based on the victim's geographical location.
Middle-eastern bank, international sporting organisation and Asian individuals were victims of a highly-targeted attack that interrupted an in-progress conversation using compromised credentials.
2017 first half: Kaspersky Labs products blocked 51 million phishing attempts; mobile ransomware attacks up 250% percent; Ironscales' own research estimates 95 percent of successful attacks start with phishing says Eyal Benishti
Malware distributors are now maliciously crafting PowerPoint Open XML Slide Show (PPSX) files to take advantage of a Microsoft Office vulnerability.