December 13, 2023 at 05:31AM Close to a million records containing personally identifiable information of donors to non-profits were exposed in an online database owned by DonorView, provider of a fundraising platform for schools, charities, and religious institutions. The exposed data included donor names, addresses, phone numbers, emails, and payment methods, raising concerns about potential … Read more
December 12, 2023 at 06:54PM Axiad announced the findings of its 2023 State of Authentication Survey, revealing that phishing is the most feared cyberattack, with 88% of respondents feeling prepared to defend against password-based attacks despite 52% falling victim. Despite this, 93% still use passwords, with 45% planning to adopt passwordless technology. Axiad urges action … Read more
December 11, 2023 at 04:30PM Cyber attackers used hundreds of convincing fake profiles on LinkedIn to target professionals in Saudi Arabia for financial fraud and obtaining sensitive corporate information. Researchers uncovered nearly a thousand fake profiles, which, due to the platform’s extensive data, were difficult to distinguish from real accounts. LinkedIn’s popularity among cyber attackers … Read more
December 1, 2023 at 06:24AM A Chinese-speaking cyberespionage group has launched a campaign using SugarGh0st RAT to target Uzbekistan’s Foreign Affairs Ministry and South Korean individuals. The malware, delivered via phishing emails with malicious attachments, allows remote control and has been active since August 2023. Connections to Chinese hackers are suggested by RAT’s traits and … Read more
November 28, 2023 at 06:24AM Account credentials are highly valuable in cybercrime, with stolen credentials posing a significant risk to organizations. External parties are responsible for 83% of breaches, with 49% involving stolen credentials. Phishing is a common method of credential theft, with threat actors using multi-channel attacks and targeting mobile devices. Phishing-as-a-service (PhaaS) has … Read more
November 27, 2023 at 06:23PM The Google Cloud Cybersecurity Forecast 2024 highlights several key cybersecurity trends. AI technology will be used to create convincing fake audio, video, and images for phishing and disinformation campaigns. Ransomware attacks are increasing, so organizations should have offline backups, incident response plans, and employee training. Cloud environments are vulnerable, so … Read more
November 22, 2023 at 02:45PM A proof of concept exploit has been developed for a critical zero-day vulnerability in Windows SmartScreen technology that allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit requires a user to click on a maliciously crafted Internet shortcut or link. The vulnerability affects Windows 10, Windows … Read more
November 21, 2023 at 04:32PM A proof-of-concept exploit (PoC) has been released for a critical zero-day vulnerability in Windows SmartScreen. The vulnerability, identified as CVE-2023-36025, allows attackers to bypass Windows Defender SmartScreen checks without triggering alerts. The exploit involves tricking users into clicking on a malicious internet shortcut or link. The vulnerability affects various Windows … Read more
November 21, 2023 at 06:24AM QR code-based phishing techniques, known as “quishing,” are becoming popular among cybercriminals. By embedding malicious links in QR codes, attackers can bypass spam filters and evade detection. CAPTCHAs are also being exploited in phishing attacks to mask credential-harvesting forms on fake websites. Additionally, steganography is being used to hide malicious … Read more
November 17, 2023 at 11:11AM Threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. The vulnerability, known as CVE-2023-37580, allowed the hackers to perform email forwarding, steal credentials, and lead victims to phishing pages. The attacks took place before Zimbra released an official … Read more