Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims. Impersonation in phishing attacks only works if the target has an established rapport or relationship with the sender.
The United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes. “Threats from synthetic media, such as deepfakes, present a growing challenge for all users of modern technology and communications, including National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators,” the report says.
A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond. Usually, the intent of a phishing attack is evident. For example, if the attack is pretending to be Microsoft and sends you to a spoofed login page, the whole point of the attack is to harvest the victim’s Microsoft 365 credentials.
A new report takes an exhaustive look at how cybersecurity professionals see the current and future state of attacks, and how well vendors are keeping up. The role of artificial intelligence (AI) in cyber attacks and cyber defenses can be pretty confusing.
Cybercriminals can't ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper. Researchers have demonstrated a method that uses Wi-Fi signals to infer numerical passwords, and the mechanics behind it are nothing short of intriguing. Side-channel attacks often remind me of James Bond-like espionage. So does a research paper that is to appear at ACM CCS later this year.
As the aftermath unfolds, the details around the recent attack on MGM Resorts, providing crucial insight into the attacks impact, who’s responsible, and how it started. On September 11, Las Vegas-based MGM Resorts International reported a cybersecurity “issue” affecting many of the company’s systems.
Four days later, $52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, Excalibur, Luxor, and the MGM Grand itself, had the house brought down by a perfect example of vishing…a 10-minute phone call. Gamblers could not gamble. Guests could not access rooms. Lights went out. Panic set in.
Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks. Singapore’s position at 5th place “Between 1st January and 1st August, CYFIRMA’s telemetry recorded 410,793 phishing campaigns,” the researchers write.
In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.
Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails. This advancement in AI technology has made it easier for even amateur hackers to analyze vast amounts of publicly available data about their targets and create highly personalized and convincing emails within seconds.
