Using a new twist to bypass detection from security solutions, cyber attacks are now employing what will be construed as a benign image whose malicious intent can’t be traced. Threat actors need some means of getting a user to engage with malicious content – whether an attachment, link, or phone call, there needs to be some content within an email that provides the victim user with their next step.
As the rate of ransomware attacks steadily increased over time, there are clear indicators as to how these attacks are starting and, therefore, what can be done to stop them. With the exception of the Verizon Data Breach Investigations Report, we rarely get insight into specific industry verticals.
A phishing campaign is targeting the tourism and hospitality industries, according to researchers at Votiro. “In this instance, the hacker booked a room at an international hotel and submitted a request for the hotel to get in touch with them immediately via WhatsApp about an urgent issue,” the researchers write. “Once the hotel employee engaged the customer over WhatsApp, the hacker responded with their request.
Job scams are a rising form of socially engineered cybercrime. And while it’s easy to imagine the trouble they cause individuals who innocently fall for them (lost opportunities, identity theft, financial loss, and so on) this form of fraud also affects businesses.
Australia officially launched their National Anti-Scam Centre this week. With more than AUD $3.1 billion lost each year, Australians need support. With representatives from the banks, telecommunications industries and digital platforms, the intent of the center is to identify methods to disrupt all kinds of scams and reduce scam losses. While I completely support this initiative, it would be remiss of me not to highlight that the prevention of scams is perhaps as important as the cure.
If your organization uses Microsoft Teams, then you definitely want to hear about a new way bad actors are exploiting this newly discovered cyber attack tool. "TeamsPhisher," a new tool recently discovered on GitHub, gives cybercriminals a new way to deliver malicious files directly to any Teams user. The genesis of this new cyber attack tool was published by the US Navy Red Team due to a recently discovered vulnerability in Microsoft Teams.
An abnormally massive focus on business email compromise attacks in Europe has fueled an equally large growth in overall email attacks there, with the U.S. also seeing significant attack growth. We’ve seen a lot of recent reports looking back at 2022 to help provide insight into what to continue to expect this year. But new data from security analysts at Abnormal Security takes us well into June of this year, highlighting the problem of email-based attacks.
Apparently expanding efforts outside of Southeast Asian countries, this threat group’s known malware has shown up in a European healthcare facility, raising concerns for USB-based attacks. You’d think that literally no one uses USB drives anymore, making them a very improbable attack vector. And yet, the Camaro Dragon APT group has been tracked by security researchers at Check Point for well over a year, with them finding instances of attacks throughout all of last year and into this year.
A new threat alert from ConsumerAffairs and TrendMicro proves more than just shoppers will take advantage of Amazon’s upcoming Prime Day. As Prime Day approaches on July 11-12, ConsumerAffairs reports on a variety of scams bad actors are expected to use to take advantage of online shoppers looking for a good deal: Trend Micro's research team identified.
Attackers are increasingly using images in phishing to evade text-based security filters, according to researchers at INKY.
