December 21, 2018 What Can Your Enterprise Learn From the Worst Passwords of 2018? 2 min read - Splash Data released its list of the worst passwords of 2018. How does your enterprise stack up, and what advice can you give users to help improve their password security hygiene in the new year?
December 14, 2018 Magecart Group’s Use of Credit Card-Skimming JavaScript Attack on the Rise 2 min read - An online retailer was hit by a JavaScript attack from a group associated with Magecart, a collective of cybercriminals that specializes in skimming credit card numbers from compromised websites.
October 30, 2018 Fraudsters Abuse Trusted Web Services to Conduct Phishing Attacks 2 min read - Researchers reported that threat actors are using web services such as Google Drive, SharePoint and Dropbox to host files containing malicious links as part of phishing campaigns.
October 29, 2018 New Phishing Scheme Exploits Public Interest Around Hurricane Michael to Steal Email Credentials 2 min read - Security researchers discovered a recent phishing scheme that took advantage of Hurricane Michael's impact to steal victims' email credentials across multiple services.
September 12, 2018 DanaBot’s Anti-VM Update Shows How Quickly Financial Cyberthreats Evolve 2 min read - DanaBot, one of the most recent financial cyberthreats, has developed a way to avoid detection on virtual machines as it shifts focus from Australia to Poland.
September 10, 2018 60 Percent of Targeted Email Attacks Aimed at Contributors and Lower Management < 1 min read - A new report revealed that 60 percent of targeted email attacks were aimed at individual contributors and lower-level management between April and June 2018.
September 10, 2018 New WordPress Phishing Campaigns Target User Credentials 2 min read - Newly discovered phishing campaigns are targeting WordPress users with malicious emails designed to steal user credentials.
Malware September 10, 2018 IBM X-Force Delves Into ExoBot’s Leaked Source Code 9 min read - IBM X-Force researchers unpacked ExoBot's inner workings to reveal insights into its dynamic mechanisms and the features that help criminals use it in cross-channel bank fraud schemes.
September 3, 2018 Security Threat Group Spoofs Login Screens to Gain Unauthorized Access at 76 Universities in 14 Countries 2 min read - A security threat group called COBALT DICKENS used more than 16 domains and 300 websites to create bogus login screens for 76 different universities in an attack that spanned 14 countries.
August 2, 2018 New UK Phishing Campaigns Lure Industry Targets With Compromised Email Contacts 2 min read - A new batch of industry-specific phishing campaigns is leveraging compromised email contacts to steal login information associated with employees of engineering, transport and defense organizations.