Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

To stop receiving most spam emails, you can report them, block spam email addresses, make a burner email account and remove third-party account access. Spam emails are unwanted messages sent to many people, usually to advertise an item or service. According to Statista, approximately 46% of email traffic as of December 2023 could be classified as spam.

Halloween-themed spam and phishing emails have surged over the past two months, with a significant increase beginning in October, according to researchers at Bitdefender. “Bitdefender’s telemetry indicates a sharp rise in Halloween-themed spam throughout September and October,” the researchers write. “However, Halloween-themed spam rose 18% percentage points between 1-16 October 2024, compared to the entire month of September.

Sophisticated threat actors are increasingly targeting organizations with tailored phishing campaigns. Recently, SecurityScorecard detected a similar attempt against our team—and stopped it in its tracks. We’re sharing our findings to support the InfoSec community and strengthen collective defenses against continually evolving threats.

How Generative AI Can Help Identify Malware? Spambrella explains how AI models add value: Generative AI models can identify malware by learning the patterns and structures typical of malicious code versus benign software. Code Generation and Analysis – By generating variations of known malware, these models can simulate potential new forms of malware, helping cybersecurity teams anticipate and defend against unseen threats.

Cybercriminals are offering tools to help phishing pages avoid detection by security tools, according to researchers at SlashNext. “Anti-bot services, like Otus Anti-Bot, Remove Red, and Limitless Anti-Bot, have become a cornerstone of complex phishing operations,” the researchers write. “These services aim to prevent security crawlers from identifying phishing pages and blocklisting them.

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos. The researchers have published a report on threat trends in the third quarter of 2024, finding that attackers are increasingly targeting valid accounts to gain footholds within organizations.

From April to September 2024, Netskope Threat Labs tracked a 10-fold increase in traffic to phishing pages crafted through Webflow. The campaigns target sensitive information from different crypto wallets, including Coinbase, MetaMask, Phantom, Trezor, and Bitbuy, as well as login credentials for multiple company webmail platforms, as well as Microsoft365 login credentials.

Threat actors spread malware via callback phishing, Mandiant analyzes time-to-exploit trends, and PureLogs targets the Chrome browser.

Researchers at Trustwave observed a 140% increase in callback phishing attacks between July and September 2024. Callback phishing is a social engineering tactic that involves emails and phone calls to trick users into handing over login credentials or other sensitive data or installing malware. The attacks begin with a phishing email that appears to be a notification for something that needs to be addressed urgently, such as an order invoice or an account termination notice.

Sixty-four percent of IT leaders have clicked on phishing links, a new survey by Arctic Wolf has found. Despite this, 80% of these same professionals are confident their organization won’t fall victim to a phishing attack. The survey found that 34% of organizations send simulated phishing emails to their employees at least once every two weeks, but only 15% of end users are aware of them. Likewise, the IT and security leaders surveyed said 83% of their employees fall for the phishing simulations.