Search the Community

In August 2023, Russian threat actors targeted several government agencies worldwide with Microsoft Teams phishing attacks. Many of these attacks were successful because unsuspecting users fell for the lures set by the attackers—emails purporting to be from trusted senders. Unfortunately, these incidents targeting and successfully infiltrating some government organizations were far from an anomaly. Given […] The post 10 Essentials Every Anti-Phishing Course Must Have appeared first on CybeReady. The post 10 Essentials Every Anti-Phishing Course Must Have appeared first on Security Boulevard. View the full article

What is Phishing Detection and Response (PDR)? In today’s digital world, the strength of an organization’s cybersecurity posture directly influences its resilience against disruptions. Phishing Detection and Response is a critical component of this defensive matrix––it involves identifying, assessing, and neutralizing malicious or suspicious activities within email systems as quickly as possible. Why Prioritize PDR? […] The post Phishing Detection and Response: What You Need to Know appeared first on Cofense. The post Phishing Detection and Response: What You Need to Know appeared first on Security Boulevard. View the full article

In light of recent cyber threats, the Dracula phishing platform has prevailed, targeting organizations in over 100 countries. The Dracula phishing attacks are centered on leveraging an immense network of over 20,000 counterfeit domains to scale the implementation of malicious intent. As per recent reports, the Dracula phishing campaign encompasses several high-profile attacks where both […] The post Dracula Phishing Platform Targets Organizations Worldwide appeared first on TuxCare. The post Dracula Phishing Platform Targets Organizations Worldwide appeared first on Security Boulevard. View the full article

A new phishing service has been detected sporting a unique way of approaching iOS and Android users. The Phishing-as-a-Service (PhaaS) tool, called “Darcula” and uncovered by researchers at Netcraft, stands out from the crowd as it reaches out to its victims via the Rich Communication Services (RCS) protocol for Google Messages and iMessage, instead of the usual Short Message System (SMS). There are two reasons for the move to RCS, they explain, with the first one being an improved sense of legitimacy of the messages. The second one is that RCS messages are end-to-end encrypted, making them impossible to intercept, or block based solely on the contents of the message. Thousands of domains and IP addresses It’s impossible to say how many people received these smishing messages, but we do know that they’re located in more than 100 countries around the world. Hackers who sign up for the service can impersonate dozens of organizations, choosing between more than 200 phishing templates. After paying for the subscription, the threat actors can choose one of many companies in the postal, financial, government, tax, telecommunications, airlines, and utility verticals, and get a dedicated phishing website with properly aligned fonts, logo images, and more. The researchers described the phishing websites as “high quality”. “The Darcula platform has been used for numerous high-profile phishing attacks over the last year, including messages received on both Apple and Android devices in the UK, as well as package scams impersonating United States Postal Service (USPS) highlighted in numerous posts on Reddit’s /r/phishing,” the researchers explained in their writeup. The PhaaS apparently has some 20,000 domains, across 11,000 IP addresses. More than 100 new domains are being added to the tool, every day. As usual, the best way to defend against phishing is to use common sense. If the message is unexpected, sounds strange, or too good to be true, extra caution is advised. Via BleepingComputer More from TechRadar Pro A new phishing kit is targeting Gmail and Microsoft email accounts — and it can even bypass 2FA Here's a list of the best firewalls around today These are the best endpoint security tools right now View the full article

Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack. The good news is there are steps IT can take to mitigate this security threat.View the full article

DevOps engineers are prime targets for phishing as cybercriminals look to infiltrate and disrupt the software supply chain. View the full article

AWS Network Firewall supports AWS Managed Threat Signatures to detect threats and block attacks against known vulnerabilities so you can stay up to date on the latest security threats without writing and maintaining your own rules. Starting today, you can enable AWS managed rules to protect against coin mining malware, credential phishing, and malware for mobile operating systems (OS). View the full article

In this week’s The Long View: Spear-phishing causes $540 million loss, a high severity bug in OpenSSL might be “worse than Heartbleed,” and Lennart Poettering is now working for Microsoft. The post Dev Job Phisher Steals $540M | Patch OpenSSL NOW | Systemd Dev Joins Microsoft appeared first on DevOps.com. View the full article