phishing

Microsoft warns of a malware-based campaign that targeted organizations in the aerospace and travel sectors in the past months. Microsoft researchers revealed that organizations in the aerospace and travel sectors have been targeted in the past months in a malware-based campaign. Threat actors conducted a spear-phishing campaign using messages that were specifically designed to be […]

The post Organizations in aerospace and travel sectors under attack, Microsoft warns appeared first on Security Affairs.

Read More Organizations in aerospace and travel sectors under attack, Microsoft warns

Read our investigation of a BEC campaign that used attacker-created email infrastructure to facilitate gift card theft targeting the consumer goods, process manufacturing and agriculture, real estate, discrete manufacturing, and professional services sectors.

The post Business email compromise campaign targets wide range of orgs with gift card scam appeared first on Microsoft Security.

Read More Business email compromise campaign targets wide range of orgs with gift card scam

Phishers targeting Microsoft Office 365 users increasingly are turning to specialized links that take users to their organization’s own email login page. After a user logs in, the link prompts them to install a malicious but innocuously-named app that gives the attacker persistent, password-free access to any of the user’s emails and files, both of which are then plundered to launch malware and phishing scams against others.

Read More Malicious Office 365 Apps Are the Ultimate Insiders

The Threat Report Portugal: Q1 2021 compiles data collected on the malicious campaigns that occurred from January to March, Q1, of 2021. Threat Report Portugal Q1 2021: Phishing and malware by numbers. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is […]

The post Threat Report Portugal: Q1 2021 appeared first on Security Affairs.

Read More Threat Report Portugal: Q1 2021

Cyber criminals have many tricks up their sleeves when it comes to compromising sensitive data. They don’t always rely on system vulnerabilities and sophisticated hacks; they’re just as likely to target an organisation’s employees. The attack methods they use to do this are known as social engineering. In this blog, we explain how social engineering works, look at common techniques and show you how to avoid social engineering scams. Contents What is social engineering? Why social engineering works Common social engineering techniques How to protect yourself from social engineering What is social engineering? Social engineering is a collective term for

The post How to avoid social engineering scams appeared first on IT Governance UK Blog.

Read More How to avoid social engineering scams

Researchers from threat intelligence Cyble have discovered threat actors abusing the Ngrok platform in a fresh phishing campaign. Researchers at the threat intelligence firm Cyble discovered a new wave of phishing attacks targeting multiple organizations that are abusing the ngrok platform, a secure and introspectable tunnel to the localhost. ngrok is a cross-platform application used to […]

The post Hackers abusing the Ngrok platform phishing attacks appeared first on Security Affairs.

Read More Hackers abusing the Ngrok platform phishing attacks

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. Experts discovered that malicious […]

The post Gmail users from US most targeted by email-based phishing and malware appeared first on Security Affairs.

Read More Gmail users from US most targeted by email-based phishing and malware

Protecting your organisation against cyber attacks can sometimes feel like a never-ending game of security whack-a-mole. As soon as you’ve secured one weakness, another one appears. This can demoralise any organisation and make them believe that good information security practices are impossible. However, there is a solution – but it requires a different way of thinking. Organisations must stop looking at each individual threat as it arises and instead build defences that are equipped to handle whatever cyber criminals throw at you. Doing that is simpler than it sounds. That’s because, as much as cyber criminals’ tactics evolve, they tend

The post 5 ways to improve your information security in 2021 appeared first on IT Governance UK Blog.

Read More 5 ways to improve your information security in 2021

An international operation conducted by Ukraine’s police, along with the US and Australia peers, shut down the world’s largest phishing Service U-Admin. Last week, an international operation conducted by Ukraine’s police, along with the US and Australian authorities, lead to the shut down of the world’s phishing framework U-Admin. The National Police and its Main […]

The post Ukraine’s police arrested the author of the U-Admin phishing kit appeared first on Security Affairs.

Read More Ukraine’s police arrested the author of the U-Admin phishing kit

Sweeping research into massive attacker infrastructures, as well as our real-time monitoring of malware campaigns and attacker activity, directly inform Microsoft security solutions, allowing us to build or improve protections that block malware campaigns and other email threats, both current and future, as well as provide enterprises with the tools for investigating and responding to email campaigns in real-time.

The post What tracking an attacker email infrastructure tells us about persistent cybercriminal operations appeared first on Microsoft Security.

Read More What tracking an attacker email infrastructure tells us about persistent cybercriminal operations

Data Privacy Day

Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII) Seems like we always have a connected device somewhere within arm’s reach, whether it’s a smartphone, laptop, tablet, a wearable, or some combination of them all. In a way, we bring the internet along with us nearly wherever we go. Yet there’s something […]

The post Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII) appeared first on McAfee Blogs.

Read More Take It Personally: Ten Tips for Protecting Your Personally Identifiable Information (PII)

holiday phishing scams

Top Phishing Lures to Look Out for This Holiday Season And just like that, the holidays are here! That means it’s time to grab your devices and credit cards for some online holiday shopping. But while you plan to share the merry and shop for gifts, criminals are preparing some not-so-festive tricks of their own. According […]

The post Top Phishing Lures to Look Out for This Holiday Season appeared first on McAfee Blogs.

Read More Top Phishing Lures to Look Out for This Holiday Season

Halloween scams

Trick or Treat: Avoid These Spooky Threats This Halloween Spooky season is among us, and ghosts and goblins aren’t the only things hiding in the shadows. Online threats are also lurking in the darkness, preparing to haunt devices and cause some hocus pocus for unsuspecting users. This Halloween season, researchers have found virtual zombies and witches […]

The post Trick or Treat: Avoid These Spooky Threats This Halloween appeared first on McAfee Blogs.

Read More Trick or Treat: Avoid These Spooky Threats This Halloween