Flipping the BEC funnel: Phishing in the age of GenAI
For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the bait. Over time, however, as s.....»»
SquarePhish: Advanced phishing tool combines QR codes and OAuth 2.0 device code flow
In this Help Net Security video, Security Consultant Kam Talebzadeh and Senior Security Researcher Nevada Romsdahl from Secureworks, showcase SquarePhish, a tool that combines QR codes and OAuth 2.0 device code flow for advanced phishing attacks. Squ.....»»
Scientists twirl liquid light into time-periodic cluster
Researchers from Skoltech, the University of Iceland, and the University of Southampton have demonstrated the formation of an odd never-before-seen entity from the realm of quantum physics: a cluster of optical vortices with periodic charge flipping......»»
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Unusually resourced threat actor has targeted multiple companies in recent days. Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advan.....»»
LogoKit update: The phishing kit leveraging open redirect vulnerabilities
Resecurity identified threat actors leveraging open redirect vulnerabilities in online services and apps to bypass spam filters to ultimately deliver phishing content. Using highly trusted service domains like Snapchat and other online-services, they.....»»
Hackers target unsecured Amex and Snapchat sites to steal user data
Maryland-based security firm Inky Security tracked attack activity related to the vulnerability from mid-May through mid-July. The phishing attack relies on a known open redirect vulnerability (CWE-601) and popular brand recognition to deceive and ha.....»»
Don"t click on that Twilio message - it could be a scam
Twilio was compromised, and users are being targeted with phishing emails......»»
Hackers have found a way to log into your Microsoft email account
Account holders for Microsoft email services are being targeted in a fresh phishing campaign, according to security researchers from Zscaler's ThreatLabz group......»»
Phishing campaign targets Coinbase wallet holders to steal cryptocurrency in real-time
In this video for Help Net Security, Nick Ascoli, VP of Threat Research, PIXM, discusses a multilayered phishing campaign targeting cryptocurrency exchange Coinbase. Attackers are sending out spoofed Coinbase emails to harvest personal credentials an.....»»
Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning. The.....»»
GM to penalize consumers who resell certain high-demand vehicles within 12 months
GM is asking dealers to help prevent customers from quickly flipping high-demand vehicles and adding exorbitant markups......»»
The most impersonated brand in phishing attacks? Microsoft
Vade announced its H1 2022 Phishers’ Favorites report, a ranking of the top 25 most impersonated brands in phishing attacks. Microsoft came in at #1 on the list, followed by Facebook. Rounding out the top five are Crédit Agricole, WhatsApp, and Or.....»»
Konnecto uses data science to replace traditional sales funnel
In addition to the pandemic driving more customers online, changes in privacy regulations have shifted how brands track their online customers — opening a market for companies like Konnecto, a consumer journey analytics platform that uses data scie.....»»
The rise and continuing popularity of LinkedIn-themed phishing
Phishing emails impersonating LinkedIn continue to make the bulk of all brand phishing attempts; according to Check Point, 45% of all email phishing attempts in Q2 2022 imitated the style of communication of the professional social media platform, wi.....»»
Pro-Russia hacking campaigns are running rampant in Ukraine
Hacks also exploit critical Follina vulnerability and phishing campaigns. Enlarge (credit: Getty Images) Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that.....»»
Pro-Russia hack campaigns are running rampant in Ukraine
Hacks also exploit critical Follina vulnerability and phishing campaigns. Enlarge (credit: Getty Images) Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that.....»»
Report: 47% of orgs experienced a voice phishing attack last year
Enterprises are unaware of the volume of unwanted voice traffic that traverses their network, or the threats that lurk in unwanted traffic. Enterprises are unaware of the volume of unwanted voice traffic that traverses their network, or the threa.....»»
Ran Dubin joins BUFFERZONE as CTO
BUFFERZONE has appointed Dr. Ran Dubin as the company’s CTO as part of the company’s efforts to add another layer to its Safe Workspace solution by combining phishing and fraud protection with endpoint containment and isolation. Prior to.....»»
PayPal-themed phishing kit allows complete identity theft
Sometimes phishers are just after your username and password, but other times they are after every scrap of sensitive information they can extract from you. To do that, they use tools like the phishing kit recently analyzed by Akamai researchers. By.....»»
Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication (MFA) set up to protect the accounts. The attackers use pro.....»»
Ongoing phishing campaign can hack you even when you’re protected with MFA
Campaign that steals email has targeted at least 10,000 organizations since October. Enlarge (credit: Getty Images) On Tuesday, Microsoft detailed an ongoing large-scale phishing campaign that can hijack user accounts when the.....»»