HackDig : Dig high-quality web security articles

Beware of the new phishing technique “file archiver in the browser” that exploits zip domains

“file archiver in the browser” is a new phishing technique that can be exploited by phishers when victims visit a .ZIP domain. A new phishing technique called “file archiver in the browser” can be used by phishers to “emulate” a file archiver software in a web browser when a victim visits a .ZIP domain. The security res
Publish At:2023-05-30 07:29 | Read:55898 | Comments:0 | Tags:Breaking News Cyber Crime Hacking .zip domain Cybercrime fil

Attackers use encrypted RPMSG messages in Microsoft 365 targeted phishing attacks

Experts warn of phishing attacks that are combining the use of compromised Microsoft 365 accounts and .rpmsg encrypted emails. Trustwave researchers have observed threat actors using encrypted RPMSG attachments sent via compromised Microsoft 365 accounts in a phishing campaign aimed at stealing Microsoft credentials. RPMSG files are used to deliver e-m
Publish At:2023-05-29 03:31 | Read:54379 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Cybercrime hacking news in

Google Passkeys: How to create one and when you shouldn't

Google has just brought users closer to a passwordless future. In a recent blog post, the tech giant introduced the option to create and use a safer, more convenient alternative to passwords: Passkeys, a form of digital credential. So, how do they work? Passkeys are generated using public-key cryptography, or asymmetric encrypti
Publish At:2023-05-11 22:02 | Read:162751 | Comments:0 | Tags:News Google passkey passkey passwordless future passwordless

How to protect your small business from social engineering

When Alvin Staffin received an email from his boss, he didn't question it. In the email, Gary Bragg, then-president of Pennsylvania law firm O'Neill, Bragg & Staffin, asked Staffin to wire $580,000 to a Bank of China account. Staffin, who was VP and in charge of banking, sent the money through as asked. An hour later, he realized the request was fra
Publish At:2023-05-01 22:02 | Read:120573 | Comments:0 | Tags:Personal Small Business Week 2023 Small Business Week phishi

What does ChatGPT know about phishing?

Can ChatGPT detect phishing links? Hearing all the buzz about the amazing applications of ChatGPT and other language models, our team could not help but ask this question. We work on applying machine learning technologies to cybersecurity tasks, specifically models that analyze websites to detect threats such as phishing. What if all our complex, multi-layer
Publish At:2023-05-01 07:11 | Read:159265 | Comments:0 | Tags:Research ChatGPT Machine learning Phishing Phishing websites

Russia-linked APT28 uses fake Windows Update instructions to target Ukraine govt bodies

CERT-UA warns of a spear-phishing campaign conducted by APT28 group targeting Ukrainian government bodies with fake ‘Windows Update’ guides. Russia-linked APT28 group is targeting Ukrainian government bodies with fake ‘Windows Update’ guides, Computer Emergency Response Team of Ukraine (CERT-UA) warns. The APT28 group (aka Fancy Bear,&n
Publish At:2023-04-30 14:10 | Read:200275 | Comments:0 | Tags:APT Breaking News Hacking APT28 CERT-UA hacking news IT Info

Zero Trust Data Security: It’s Time To Make the Shift

How do you secure something that no longer exists? With the rapid expansion of hybrid-remote work, IoT, APIs and applications, any notion of a network perimeter has effectively been eliminated. Plus, any risk inherent to your tech stack components becomes your risk whether you like it or not.  Organizations of all sizes are increasingly vulnerable to b
Publish At:2023-04-27 11:13 | Read:222572 | Comments:0 | Tags:Zero Trust Risk Management zero trust PAM lockbit PAM securi

Intro to phishing: simulating attacks to build resiliency

Phishing attacks are a major threat to organizations, they remain a perennial choice of cybercriminals when it comes to hacking their victims. Original post at https://cybernews.com/security/phishing-intro-to-build-resiliency/ While organizations must still account for flashy vulnerability exploitations, denial-of-service campaigns, or movie-themed cyb
Publish At:2023-04-21 07:27 | Read:227403 | Comments:0 | Tags:Breaking News Hacking hacking news IT Information Security p

Securing Your Remote Workforce: How to Reduce Cyber Threats

The debates have (mostly) stopped about whether remote work is here to stay. For many people, it’s just the way we work today. However, even three years later, cybersecurity around remote work is still a top concern. Both companies and employees have room for improvement in terms of protecting devices, data and apps from cybersecurity threats when wor
Publish At:2023-04-18 11:12 | Read:232139 | Comments:0 | Tags:Risk Management remote access security cybersecurity best pr

Threat actors strive to cause Tax Day headaches

Threat actors often take advantage of current events and major news headlines to align attacks and leverage social engineering when people could be more likely to be distracted or misled. Tax season is particularly appealing to threat actors because not only are people busy and under stress, but it is intrinsically tied to financial information. With U.S. Ta
Publish At:2023-04-13 13:15 | Read:201392 | Comments:0 | Tags:Cybersecurity Microsoft Defender for Office 365 Microsoft se

Phishers migrate to Telegram

Experts warn that Telegram is becoming a privileged platform for phishers that use it to automate their activities and for providing various services. Kaspersky researchers have published an analysis of phishers’ Telegram channels used to promote their services and products. The experts pointed out that crooks engaged in phishing activities have starte
Publish At:2023-04-06 15:23 | Read:220131 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Security Cybercrime hackin

The Telegram phishing market

Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging app’s handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is especially popular with phishers. They have become adept at
Publish At:2023-04-05 07:10 | Read:295665 | Comments:0 | Tags:Research Cybercrime Fraud Phishing Phishing kits Phishing we

New Generation of Phishing Hides Behind Trusted Services

The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible. Phishing tactics have evolved
Publish At:2023-04-04 11:48 | Read:303837 | Comments:0 | Tags:Cloud Security Risk Management Amazon AWS Cloud Cybercrimina

A week in security (March 27 - April 2)

Last week on Malwarebytes Labs: Solving the password’s hardest problem with passkeys, featuring Anna Pobletts Food giant Dole reveals more about ransomware attack Bogus Chat GPT extension takes over Facebook accounts Ransomware gunning for transport sector's OT systems next GitHub accidentally exposes RSA SSH key ChatGPT helps both criminals and law e
Publish At:2023-04-03 22:37 | Read:288856 | Comments:0 | Tags:News Lock and Code Anna Pobletts ChatGPT World Backup Day Gi

Big changes to Twitter verification: How to spot a verified account

Twitter has made some fairly major changes to how its verified checkmark status works, and it’s already causing some confusion. If you rely on the checkmark symbol for confirmation that the individual or business tweeting is actually the real deal, your regular process is now different. How verifying identity on Twitter used to work Previousl
Publish At:2023-04-03 22:37 | Read:251070 | Comments:0 | Tags:News twitter blue verified verification fake fraud phish phi

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud