[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe
The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.
social engineering
Cybercriminals exploit fear and urgency to trick consumers
Cybercriminals remained active in spying and information stealing, with lottery-themed adware campaigns used as a tactic to obtain people’s contact details, according to Avast. Threats using social engineering to steal money, such as refund and invoice…
Cybercriminals exploit volatile job market for targeted email attacks
Between July–December 2022, the median open rate for text-based business email compromise (BEC) attacks was nearly 28%, according to Abnormal Security. Business email and supply chain compromise as attack strategies Additionally, of the malicious email…
Do Not Fall Victim to Cyber Attacks – Find Out What the Latest Hiscox Report Reveals!
Insurance provider Hiscox has published its fifth annual cyber readiness report, which has some eye-opening statistics.
Thinking Critically About Your Online Behavior
Employees need to adjust their mindsets in order to defend themselves against social engineering attacks, according to Jonathon Watson at Clio. In an article for Dark Reading, Watson explains that security training should emphasize that employ…
A Close Call – PayPal Scam Warning
On Sunday, I received an urgent message from a friend. PayPal had sent him an email saying that a co-worker had sent him money. This was not unexpected, as he was collecting contributions towards a farewell gift for another coworker. What stru…
BEC Group Launches Hundreds of Campaigns
A business email compromise (BEC) gang has launched more than 350 attacks against organizations in the US, according to researchers at Abnormal Security. The threat actor, which Abnormal Security tracks as “Firebrick Ostrich,” conducts open-so…
Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. The attacks were first spotted by Proofpoint resea…
Alert: Refund Scam Targeting Federal Agencies via RMM Software
At least two federal civilian agencies were the unfortunate victims of a refund scam campaign, perpetrated through the use of remote monitoring and management (RMM) software. CISA, the NSA and the MS-ISAC discovered the campaign in October, bu…
Survey: Cybersecurity budgets aren’t matching cybersecurity challenges
A new study finds that due to the growing threat surface from hybrid work and third-party vendors, only half of organizations have the budget to meet current cybersecurity needs.
The post Survey: Cybersecurity budgets aren’t matching cybersecurity chal…