Military-themed Email Scam Spreads Malware to Infect Pakistani Users

June 21, 2024 at 09:45AM Cybersecurity researchers have uncovered a new phishing campaign targeting people in Pakistan, utilizing military-themed documents to deploy a custom backdoor called PHANTOM#SPIKE. The unsophisticated campaign’s ZIP file, posing as meeting minutes for a legitimate event, contains a CHM file and an executable backdoor, enabling remote access and command execution. Based … Read more

Worldwide 2023 Email Phishing Statistics and Examples

June 20, 2024 at 01:31PM The need for enhanced email security is evident as cyber threats continue to rise in remote work environments. In 2023, Trend Micro discovered over 45 million high-risk email threats, emphasizing the insufficiency of native security in popular email services. Phishing incidents surged by 40%, with credential phishing and BEC attacks … Read more

Worldwide 2023 Email Phishing Statistics and Examples

June 20, 2024 at 12:45PM The text highlights the increasing risks associated with email threats in 2023, with a rise in phishing, malware attacks, and business email compromise (BEC) incidents. It emphasizes the limitations of built-in security for popular email services and recommends leveraging a SaaS-based platform like Cloud App Security for comprehensive visibility and … Read more

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

June 19, 2024 at 04:03AM Two security vulnerabilities in Mailcow, impacting versions prior to 2024-04, were disclosed by SonarSource. CVE-2024-30270 allows arbitrary code execution via path traversal, and CVE-2024-31204 enables cross-site scripting. Exploiting both could hijack admin sessions and execute arbitrary code. Mailcow users are urged to update to the latest version to mitigate these … Read more

LA County Dept. of Public Health Data Breach Impacts 200K

June 17, 2024 at 03:56PM The Los Angeles County Department of Public Health suffered a phishing attack on Feb. 19-20, leading to the compromise of 53 employees’ credentials and personal information of over 200,000 people. After disabling affected email accounts, the department launched an investigation and notified law enforcement. Potentially accessed sensitive information includes medical … Read more

Microsoft: New Outlook security changes coming to personal accounts

June 15, 2024 at 01:15PM Microsoft’s ‘Secure Future Initiative’ for Outlook personal email accounts includes deprecating basic authentication by September 16, 2024. It aims to enhance cybersecurity by phasing out unsafe practices and replacing them with modern authentication methods backed by multi-factor authentication. Deprecations include ‘Mail’ and ‘Calendar’ apps on Windows and Outlook Light, with … Read more

Phishing emails abuse Windows search protocol to push malicious scripts

June 12, 2024 at 06:33PM A new phishing campaign uses HTML attachments to exploit the Windows search protocol, enabling remote servers to deliver malware via batch files. Attackers can manipulate the search window’s title and force searches on remote hosts. The technique was highlighted by Prof. Dr. Martin Johns in 2020 and is now used … Read more

Spam blocklist SORBS closed by its owner, Proofpoint

June 7, 2024 at 02:36AM SORBS, a popular source for identifying spam servers, has been shut down by Proofpoint, its owner. The DNS-based Block List contained over 12 million known spam and phishing servers and was used by over 200,000 organizations. The service, in existence for 20 years, may be acquired, but high operational costs … Read more

Free Piano phish targets American university students, staff

May 29, 2024 at 02:16PM Large-scale phishing campaign using unusual lure, offering baby grand piano for free, has earned over $900,000. Phishing emails from alleged university professor lead recipients to a second email purporting to be from a moving firm with payment options only through non-traditional methods. Bitcoin wallet linked to campaign holds over $900,000. … Read more

Report: The Dark Side of Phishing Protection

May 27, 2024 at 08:06AM The article discusses the increasing risk of phishing attacks due to cloud transition, poor password hygiene, and advancements in webpage technologies. LayerX’s report highlights the rising magnitude of phishing attacks and suggests methods for organizations to protect against them, focusing on browser security platforms and deep session inspection as effective … Read more