HackDig : Dig high-quality web security articles for hackers

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking, studied the vulnerabilities in dnsmasq called DNSpooq, asked if Ti
Publish At:2021-01-25 12:06 | Read:228 | Comments:0 | Tags:A week in security Malwarebytes news bec Brave chrome Cisco

Cybercriminals want your cloud services accounts, CISA warns

On January 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about several recent successful cyberattacks on various organizations’ cloud services. What methods did the attackers use? In the initial phase, the victims were targeted by phishing emails trying to capture the credentials of a cloud service account. Once the at
Publish At:2021-01-14 18:42 | Read:183 | Comments:0 | Tags:Awareness bec brute force cisa cloud services IOCs mfa pass-

Phishing tricks that really work – and how to avoid them

Co-authored byJuan Badell and Russell PetrichAs two people for whom creating phishing emails constitutes legitimate employment (we are on the product team behind the Sophos Phish Threat phishing simulation service) we know we’re in the minority.Like our not-so-lawful counterparts, we spend our days using social engineering techniques to trick people into ope
Publish At:2020-12-15 11:37 | Read:446 | Comments:0 | Tags:BEC Phishing education Phish Threat phishing training

BEC Scammers Struck Philadelphia Non-Profit Food Bank

Malicious actors used a Business Email Compromise (BEC) scam to prey upon a Philadelphia non-profit food bank.According to The Philadelphia Inquirer, the scam occurred back in July when the hunger relief organization Philabundance was nearing the completion of its $12 million Philabundance Community Kitchen.Nefarious individuals impersonated the construction
Publish At:2020-12-07 11:26 | Read:319 | Comments:0 | Tags:IT Security and Data Protection Latest Security News BEC foo

APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS

<div> <img src="https://info.phishlabs.com/hs-fs/hubfs/APWG%20Q3%20Report-%20Four%20Out%20of%20Five%20Criminals%20Prefer%20HTTPS.jpg?width=1600&amp;name=APWG%20Q3%20Report-%20Four%20Out%20of%20Five%20Criminals%20Prefer%20HTTPS.jpg" alt="APWG Q3 Report- Four Out of Five Criminals Prefer HTTPS" width="1600" style="width: 1600px; margin: 0px 0px
Publish At:2020-12-03 16:23 | Read:457 | Comments:0 | Tags:Phishing BEC business email compromise https Domains

Operation Falcon: Group-IB helps INTERPOL identify Nigerian BEC ring members

Group-IB supported an INTERPOL-led operation Falcon targeting business email compromise cybercrime gang from Nigeria, dubbed TMT. Group-IB, a global threat hunting and intelligence company, supported an INTERPOL-led operation Falcon targeting business email compromise (BEC) cybercrime gang from Nigeria, dubbed TMT by Group-IB.
Publish At:2020-11-25 19:00 | Read:498 | Comments:0 | Tags:Breaking News Cyber Crime BEC Cybercrime TMT

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

byPaul DucklinWe know what you’re thinking: “Another year; another vendor; another threat report……and when I open it, I’ll be stuck in a thinly disguised product brochure.”Well, not this one.We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Re
Publish At:2020-11-18 12:13 | Read:480 | Comments:0 | Tags:Android BEC Botnet Data loss Linux Machine Learning Malware

$2.3M Stolen from Wisconsin GOP via BEC Attack

<div> &nbsp; </div> <img src="https://info.phishlabs.com/hs-fs/hubfs/2.3M%20Stolen%20from%20Wisconsin%20GOP%20via%20BEC%20Attack.jpg?width=300&amp;name=2.3M%20Stolen%20from%20Wisconsin%20GOP%20via%20BEC%20Attack.jpg" alt="2.3M Stolen from Wisconsin GOP via BEC Attack" width="300" style="width: 300px; float: right; margin: 0px 0px
Publish At:2020-10-30 17:16 | Read:431 | Comments:0 | Tags:Spear Phishing BEC Election 2020

Gone phishing: workplace email security in five steps

byDavid MitchellDavid Mitchell, Senior Director of Email Product Management at Sophos, shares his top tips to optimize workplace email security.How many work emails have you sent and received today? Despite the rise of workplace chat and instant messaging apps, for many of us email continues to dominate business communications both internally and externally.
Publish At:2020-10-06 11:06 | Read:503 | Comments:0 | Tags:BEC Phishing email phishing email security security

APWG: SSL Certificates No Longer Indication of Safe Browsing

<div> The Anti-Phishing Working Group (APWG) has released its <a href="https://docs.apwg.org/reports/apwg_trends_report_q2_2020.pdf">Phishing Activity Trends Report</a> analyzing phishing attacks and identifying theft techniques reported by its members for Q2 of 2020. Key highlights of the report include a significant increase in wire
Publish At:2020-09-30 12:14 | Read:465 | Comments:0 | Tags:Phishing APWG BEC business email compromise social media Dom

Phishing scam uses Sharepoint and One Note to go after passwords

byPaul DucklinHere’s a phishing email we received recently that ticks all the cybercriminal trick-to-click boxes.From BEC, through cloud storage to an innocent-sounding One Note document, right into harm’s way.Instead of simply spamming out a clickable link to as many people as possible, the crooks used more labyrinthine techniques, presumably in
Publish At:2020-09-02 10:18 | Read:800 | Comments:0 | Tags:Phishing BEC one note phishing

Gift Cards Requested in Two-Thirds of BEC Attacks, Report Reveals

A report revealed that scammers requested funds in the form of gift cards in two-thirds of business email compromise (BEC) attacks.For a phishing trends report from the Anti-Phishing Working Group (APWG), APWG member Agari examined thousands of BEC attacks that occurred in the second half of 2020. It found that 66% of them involved gift cards. By contrast, d
Publish At:2020-09-01 16:00 | Read:654 | Comments:0 | Tags:IT Security and Data Protection Latest Security News BEC gif

A week in security (August 3 – 9)

Last week on Malwarebytes Labs, on our Lock and Code podcast, we talked about identity and access management technology. We also wrote about business email compromises to score big, discussed how the Data Accountability and Transparency Act of 2020 looks beyond consent, and we analyzed how the Inter skimming kit is used in homoglyph attacks. Other cyberse
Publish At:2020-08-10 15:06 | Read:768 | Comments:0 | Tags:A week in security australian signals directorate bec chrome

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
Publish At:2020-08-06 04:45 | Read:807 | Comments:0 | Tags:Cybercrime Social engineering bec business cybersecurity Bus

Sports team nearly paid a $1.25m transfer fee… to cybercrooks

byPaul DucklinIf you were about to spend more than a million dollars, how careful would you be about where you sent the money?More importantly, how would you check with the recipient of the money – and how would they check with you – that both ends of the transaction were lined up correctly, with no treachery in between?It’s quite likely yo
Publish At:2020-07-23 14:46 | Read:752 | Comments:0 | Tags:BEC Cybercrime fraud Hushpuppi NCSC


Tag Cloud