Russian state hackers exploit WinRAR vulnerability
Russian state-affiliated hacker gang APT29 is exploiting the CVE-2023-38831 vulnerability in WinRAR 6.23 and older versions. A combined tactic of "old-school phishing and new cloaking capabilities" is used for this purpose. This is what the Ukrainian National Security and Defense Council (NDSC) ind... Read more
Hotel industry faces large-scale phishing attack
The hotel industry has been facing a major global advanced phishing attack since June. This is a two-step attack that uses vulnerabilities in DNS protocols.
According to researchers at Akamai, a large advanced phishing attack has been underway since June that specifically targets the hotel indus... Read more
HR topics used the most as attack method in phishing attacks
HR-related topics are the most commonly used among hackers to enable phishing attacks. The tactic is far from new, but it generates successful attacks time and again.
Those are the findings from research done by KnowBe4. E-mail phishing is still very popular among hackers and generates a lot of ... Read more
Belgian government releases Chrome extension to combat phishing
Belgian security regulator CCB has introduced Safeonweb, a Chrome extension that helps users detect rogue websites.
The Center for Cybersecurity in Belgium will soon start a new awareness campaign, going by the slogan 'Phishing, 't is in the details'. This campaign should make Belgian Internet u... Read more
Qakbot still a threat despite its supposed destruction
The collective of Qakbot ransomware gang members is still actively spreading malware, Cisco Talos researchers note. This is despite their network having been targeted and supposedly destroyed by the FBI.
In August of this year, the FBI managed to dismantle the infrastructure of the ransomware sp... Read more
What does effective security awareness training look like?
Hackers can find an entry point into your company's digital spaces through your employees. A popular technique among hackers to get in is phishing, where an employee is tricked into sharing personal data or installing malware. For IT professionals, the attack may be familiar, but what about managem... Read more
Google Chrome offers real-time phishing protection
Google Chrome is getting more personalization options, new security features and a different look. The most important update is better protection against phishing and malware.
Chrome is fifteen years old, and users are benefiting because Google is giving the browser several updates that should ... Read more
Phishing kits from 16shop created 70,000 victims in 43 countries
The administrator of platform 16shop was arrested last week, Interpol reports. 16shop was a Phishing-as-a-Service (PaaS) platform on which phishing kits were traded.
Interpol reports in a statement that the administrator of the platform 16shop was arrested last week in Indonesia. It is said to ... Read more
EvilProxy phishing campaign hits thousands of Microsoft 365 accounts
A recent EvilProxy phishing campaign attacked thousands of Microsoft 365 accounts worldwide. C-level accounts in particular were targeted to penetrate deeper into organizational structures.
During the months of March through June this year, the EvilProxy phishing campaign attacked thousands of ... Read more
New phishing tactic abuses Google AMP to trick email security solutions
Hackers have found a way to circumvent mailbox security solutions. A higher number of phishing emails end up in employees' inboxes as a result.
Through Google Accelerated Mobile Pages (AMP), hackers can still get phishing messages into companies' mailboxes. Hackers extend the URL leading to the... Read more