What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Phishing

Sekoia: Latest in the Financial Sector Cyber Threat Landscape

A new report from French-based cybersecurity company Sekoia describes evolutions in the financial sector threat landscape. The sector is the most impacted by phishing worldwide and is increasingly targeted by QR code phishing. The financial industry also suffers from attacks on the software supply chain and stands among the most . . . Read more

Google Cloud’s Cybersecurity Trends to Watch in 2024 Include Generative AI-Based Attacks

A November report from Google Cloud details possible nation-state malware tactics in 2024 and new angles of cyberattacks. What will cybersecurity look like in 2024? Google Cloud’s global Cybersecurity Forecast found that generative AI can help attackers and defenders and urged security personnel to look out for nation-state backed attacks . . . Read more

New SecuriDropper Malware Bypasses Android 13 Restrictions, Disguised as Legitimate Applications

A new malware is bypassing an Android 13 security measure that restricts permissions to apps downloaded out of the legitimate Google Play Store. A new report from ThreatFabric, a fraud protection company, exposes SecuriDropper malware, which is capable of bypassing Android 13 restricted settings. The malware makes Android consider the . . . Read more

Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds

Hacker Stephanie “Snow” Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT. An IBM X-Force research project led by Chief People Hacker Stephanie “Snow” Carruthers showed that phishing emails written by humans have a 3% better . . . Read more

New Netskope Report Exposes Increasing Use of Cloud Apps to Spread Malware

A new report from Netskope detailing the top techniques used by cybercriminals to attack organizations found that cloud apps are increasingly being used by threat actors, representing 19% of all clicks on spearphishing links. The report also shed light on the attackers’ targets according to their financial or geopolitical motivations. . . . Read more

New CISA and NSA Identity and Access Management Guidance Puts Vendors on Notice

The National Security Agency and the Cybersecurity and Infrastructure Security Agency published on October 4, 2023, a document titled Identity and Access Management: Developer and Vendor Challenges. This new IAM CISA-NSA guidance focuses on the challenges and tech gaps that are limiting the adoption and secure employment of multifactor authentication . . . Read more

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat. A new EvilProxy phishing attack is leveraging an open redirection flaw from the legitimate Indeed.com job search site, according . . . Read more

New DarkGate Malware Campaign Hits Companies Via Microsoft Teams

Get technical details about how this new attack campaign is delivered via Microsoft Teams and how to protect your company from this loader malware. Image: James Thew/Adobe Stock A new report from global cybersecurity company Truesec reveals a new attack campaign leveraging Microsoft Teams to infect companies’ users. While the . . . Read more

Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits

Image: Timon/Adobe Stock A significant portion of social engineering attacks, such as phishing, involve cloaking a metaphorical wolf in sheep’s clothing. According to a new study by Abnormal Security, which looked at brand impersonation and credential phishing trends in the first half of 2023, Microsoft was the brand most abused . . . Read more

Major US Energy Company Hit by QR Code Phishing Campaign

This QR code phishing campaign is targeting multiple industries and using legitimate services such as Microsoft Bing to increase its efficiency and bypass security. Image: ronstik/Adobe Stock Cofense, a U.S.-based email security company, released a new report about a massive QR code phishing campaign that targets numerous industries. The campaign . . . Read more