Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft, Apple, and Google were the most commonly impersonated brands in phishing attacks last quarter, according to researchers at Check Point. “Microsoft retained its dominance as the most imitated brand in phishing schemes, accounting for a staggering 32% of all attempts,” Check Point says. “Apple followed with 12%, while Google ranked third. Notably, LinkedIn reentered the list at fourth place, emphasizing the persistent targeting of technology and Social Network brands.

73% of educational institutions in the UK have sustained at least one cyberattack or breach in the past five years, according to researchers at ESET. Additionally, a fifth of these organizations said they’ve experienced three or more cyberattacks. 43% of the organizations surveyed cited phishing attacks as their top concern.

Drivers across the U.S. are being bombarded with fraudulent text messages claiming to come from toll operators like E-ZPass. These messages threaten fines for unpaid toll fees and aim to steal personal and financial information. Security experts warn that these scams are becoming more sophisticated, driven by new phishing tools developed and sold in China.

A new survey by cybersecurity vendor Netwrix found that 84% of healthcare organizations spotted a cyberattack in the past twelve months, with phishing attacks accounting for 63% of these incidents. “Phishing was the most common type of incident experienced on premises, similar to other industries,” Netwrix says. “Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise.”

Phishing attacks are the most common security issue for smartphone users, according to a new study by Omdia. The survey found that nearly a quarter (24%) of respondents have fallen victim to a mobile phishing attack. The second most common mobile threat was malware, which is usually delivered via social engineering. The researchers note that phishing attacks reached all the smartphones assessed in the study, regardless of vendor.

Researchers at Malwarebytes are tracking a major malvertising campaign that’s abusing Google Ads to target individuals and businesses interested in advertising. The threat actors are using compromised Google Ads accounts to run ads that impersonate Google, leading victims to a fake Google login page designed to steal their credentials.

The Russian threat actor “Star Blizzard” has launched a spear-phishing campaign attempting to compromise WhatsApp accounts, according to researchers at Microsoft. The operation targets individuals who are involved in providing assistance to Ukraine.

Interpol has recently recommended discontinuing the use of the term "Pig Butchering" in cybercrime discussions, expressing concern that such terminology may discourage victims from reporting incidents due to feelings of shame or embarrassment. While some may question whether Interpol is over analysing the situation, it is prudent to consider the implications carefully. Modifying established cybersecurity terminology could potentially lead to public confusion.

An SMS phishing (smishing) campaign is attempting to trick Apple device users into disabling measures designed to protect them against malicious links, BleepingComputer reports. “Apple iMessage automatically disables links in messages received from unknown senders, whether that be an email address or phone number,” BleepingComputer explains.

Threat actors are abusing Google Translate’s redirect feature to craft phishing links that appear to belong to, according to researchers at Abnormal Security. Users are more likely to trust links that end in Google’s “.goog” domain, and security filters are less likely to flag these URLs as malicious. “When you enter a URL into Google Translate, it generates a new link, redirecting the user through its platform to the requested page,” the researchers explain.