HackDig : Dig high-quality web security articles for hackers

Targeted Company’s Homepage Used in Message Quarantine Phish

Security researchers observed that malicious actors had incorporated a targeted company’s homepage into a message quarantine phishing campaign.The Cofense Phishing Defense Center found that the phishing campaign began with an attack email that disguised itself as a message quarantine notification from the targeted company’s IT department.The emai
Publish At:2020-09-04 11:58 | Read:231 | Comments:0 | Tags:IT Security and Data Protection Latest Security News email m

Questions to Ask When Conducting Single Sign-On Enrollment

Instead of asking employees to input passwords every day, single sign-on (SSO) offers a simplified but secure authentication process. SSO authentication gives a user the option of choosing a single set of credentials to access multiple accounts and services. So, how can organizations best use SSO for their purposes? This authentication scheme works with the
Publish At:2020-08-11 10:36 | Read:229 | Comments:0 | Tags:Identity & Access Email Identity Identity and Access Managem

Phishing Campaign Leads Users to Site Disguised as Email Scanner

A phishing campaign tricked users into visiting a website that masqueraded as an email scanner in an effort to steal their account credentials.Kaspersky Lab found that the campaign began with a scam email containing a fake virus alert.This email claimed to originate from an organization’s “Email Security Team,” but it actually originated fr
Publish At:2020-08-06 09:45 | Read:291 | Comments:0 | Tags:IT Security and Data Protection Latest Security News email P

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
Publish At:2020-08-06 04:45 | Read:277 | Comments:0 | Tags:Cybercrime Social engineering bec business cybersecurity Bus

Cloud Services Abused by Clever Phishing Campaign

Security researchers detected a clever new phishing campaign that abused three enterprise cloud services in an attempt to steal victims’ credentials.On July 18, Bleeping Computer revealed that the phishing campaign’s attack emails claimed to originated from the domain “servicedesk.com.”The computer self-help site took a closer look. I
Publish At:2020-07-20 08:31 | Read:431 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Cloud e

New Research Exposes Iranian Threat Group Operations

IBM X-Force Incident Response Intelligence Services (IRIS) has uncovered rare details on the operations of the suspected Iranian threat group ITG18, which overlaps with Charming Kitten and Phosphorous. In the past few weeks, ITG18 has been associated with targeting of  pharmaceutical companies and the U.S. presidential campaigns. Now, due to operational erro
Publish At:2020-07-16 08:09 | Read:248 | Comments:0 | Tags:Advanced Threats Incident Response Threat Intelligence Threa

Nigerian National Extradited to United States on BEC Scam Charges

A Nigerian national entered into the custody of the FBI to face charges of having targeted several U.S. companies with business email compromise (BEC) scams.On July 3, the U.S. Attorney’s Office for the Northern District of Illinois announced that the United Arab Emirates had expelled Olalekan Jacob Ponle (a/k/a “Mr. Woodbery” and “Mark Kain”), 29, ori
Publish At:2020-07-07 11:39 | Read:361 | Comments:0 | Tags:IT Security and Data Protection Latest Security News BEC ema

Why Zero-Click Cyberthreats Should Be on Your Radar

For years, the statistics have told us that human error is the greatest contributor to cyberattacks. We’ve stressed the importance of training, training and more training to prevent the almost inevitable from happening. We’ve been convinced that the key to defending against cyberthreats is to keep the unsuspecting from clicking on phishing emails
Publish At:2020-07-02 15:59 | Read:359 | Comments:0 | Tags:Application Security Endpoint Mobile Security Advanced Malwa

New Study Shows Consumers Could Be Vulnerable to COVID-19 Spam

Since the World Health Organization (WHO) declared the COVID-19 outbreak a pandemic on March 11, IBM X-Force has observed a more than 6,000 percent increase in COVID-19-related spam, with lures ranging the full gamut of challenges and concerns facing individuals — from phishing emails impersonating the Small Business Administration (SBA) and the WHO to U.S.
Publish At:2020-05-03 08:13 | Read:595 | Comments:0 | Tags:Advanced Threats Banking & Financial Services Fraud Protecti

SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT

Between late March and mid-April 2020, IBM X-Force Incident Response and Intelligence Services (IRIS) uncovered a phishing campaign targeting small businesses that appears to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which contain subjects and attachments related to the need for small businesses to apply for disa
Publish At:2020-05-03 08:13 | Read:907 | Comments:0 | Tags:Government Malware Threat Hunting Credentials Theft Email IB

COVID-19 Scam Roundup – April 6, 2020

Digital fraudsters have seized upon coronavirus 2019 (COVID-19) as a lure for their new scams and attack campaigns. Together, these malicious operations constitute nothing short of a deluge. Barracuda revealed that it spotted 9,116 coronavirus-themed spear-phishing emails between March 1 and March 23, 2020—a 667% increase over the 1,188 attacks detected a mo
Publish At:2020-04-06 16:53 | Read:761 | Comments:0 | Tags:Security Awareness COVID-19 email scam

COVID-19 Scam Roundup – March 30, 2020

Many in the digital security community are coming together to combat malicious actors during the coronavirus disease 2019 (COVID-19) global outbreak. One of the most visible of these new efforts is the COVID-19 CTI League. Made up of approximately 400 volunteers living in approximately 40 countries, the COVID-19 CTI League is working to block attackers from
Publish At:2020-03-30 05:25 | Read:721 | Comments:0 | Tags:Security Awareness COVID-19 email scam

Coronavirus Bitcoin scam promises “millions” working from home

In the last week, we’ve seen multiple coronavirus scams pushed by bad actors, including RAT attacks via fake health advisories, bogus e-books working in tandem with Trojans, and lots of other phishing shenanigans. Now we have another one to add to the ever-growing list: dubious coronavirus Bitcoin missives landing in your inbox. Reworking a classic spam tact
Publish At:2020-03-26 17:08 | Read:894 | Comments:0 | Tags:Scams bitcoin british celebrities scam coronavirus coronavir

COVID-19 Scam Roundup – Week of 3/16/20

Malicious actors are increasingly leveraging COVID-19 as a theme for new digital fraud attacks. In February 2020, for instance, Action Fraud received 21 reports of fraud relating to the coronavirus. This number of reports more than doubled to 46 between March 1 and March 13, 2020. Between March 14 and March 18, 2020, the United Kingdom’s national fraud
Publish At:2020-03-23 06:49 | Read:1316 | Comments:0 | Tags:Security Awareness COVID-19 email scam

7 Spring Cleaning Tasks to Improve Data Security

This year, March 19 ushered in spring in the Northern Hemisphere — the first time since 1896 that the season has started so early. So why not take advantage of the season’s early arrival to do some spring cleaning, not only of your physical space, but of your data and systems, too? Digital spring cleaning can make your life easier and dramatically impr
Publish At:2020-03-20 10:40 | Read:772 | Comments:0 | Tags:Data Protection Mobile Security Application Security Cloud C

Tools

Tag Cloud