October 30, 2024 at 12:36PM A new variant of the FakeCall malware enhances vishing and mishing attacks on Android devices, allowing attackers greater control and monitoring over compromised phones. It integrates with Android’s Accessibility Service for extensive user interface manipulation, making detection difficult. Experts emphasize the need for advanced security and user education to combat … Read more
October 28, 2024 at 07:26AM Cybersecurity researchers warn of a rise in phishing attacks utilizing Webflow, targeting sensitive crypto wallet information and webmail credentials. Over 120 organizations, primarily in North America and Asia, are affected. Attackers exploit legitimate services to create deceptive phishing pages, increasing their success in stealing user credentials. ### Meeting Takeaways 1. … Read more
October 17, 2024 at 05:04PM The ClickFix campaign, emerging in May, lures users to fake Google Meet pages leading to malware infections via fraudulent connectivity errors. It has evolved to target firms with phishing tactics and impersonates legitimate tools. Two threat groups, SNE and Scamquerteo, are behind this rise in cyberattacks, exposing various malware risks. … Read more
October 17, 2024 at 02:53PM Email phishing is a common threat, but lesser-known techniques are on the rise. Many new phishing websites are emerging, highlighting the need to be aware of these underrated phishing methods, which can be easily underestimated yet pose significant risks. **Meeting Takeaways: Key Points on Underestimated Phishing Techniques** 1. **Prevalence of … Read more
October 16, 2024 at 12:59PM Hackers employ various techniques to compromise passwords and access systems. This post outlines seven common password attacks including brute-force, phishing, and credential stuffing, alongside prevention strategies such as multi-factor authentication, user education, and robust password policies. Implementing these measures can significantly enhance organizational security against attacks. **Meeting Takeaways on Password … Read more
October 15, 2024 at 10:55AM Cyber threats targeting the 2024 US elections are escalating, with phishing kits, malicious domains, and ransomware attacks on the rise. Cybercriminals are leveraging AI and personal data to spread misinformation and undermine public trust. Vigilance and strong cybersecurity measures are crucial for stakeholders to protect the election process. **Meeting Takeaways … Read more
October 14, 2024 at 04:50AM Water Makara has been employing Astaroth banking malware in a spear phishing campaign targeting Latin American companies, particularly in Brazil. Malicious emails often imitate standard tax documents to deceive recipients into downloading infected attachments. Trend Micro highlights the need for increased security awareness and protective measures against evolving phishing threats. … Read more
October 9, 2024 at 09:11AM Threat actors are enhancing business email compromise (BEC) campaigns by using legitimate cloud file-sharing services like Dropbox and OneDrive, combined with social engineering tactics. This approach bypasses traditional security measures, allowing attackers to phish credentials and conduct further malicious activities. Microsoft advises enterprises to implement extended detection and response (XDR) … Read more
October 4, 2024 at 09:31AM Humor is emerging as a powerful asset in cybersecurity, boosting engagement, retention, and fostering a resilient security culture. Examples include gamification and humor-based competitions, effectively increasing motivation and productivity. However, implementing humor carries risks and challenges, such as trivializing threats or lacking cultural sensitivity. Nevertheless, humor can combat security fatigue, … Read more
March 11, 2024 at 07:06PM Voice phishing, known as vishing, is on the rise globally, including in South Korea, where recent scams have caused significant financial losses. These schemes involve sophisticated social engineering tactics and impersonation of law enforcement, exploiting cultural and legal understanding. Vishing operators are utilizing technology and apps, such as SecretCalls, to … Read more