An email sent to employees of Chicago-based Tribune Publishing, parent company of the Chicago Tribune, told recipients that they would receive $5,000 to $10,000 in bonus payments, “as a direct result of the success created by the ongoing efforts to cut our costs.” (Adam Jones, Ph.D. via Creative Commons Attribution-Share
Tag: phishing
Phishing attack targeted top financial pro at large company
Attackers using a novel credential phishing attack that leverages Active Directory to verify a victim’s password and gain access to an Office 365 account targeted a top financial person in a division of a large American corporation. Once inside a victim’s account, bad actors could access sensitive financial documents, emails, calendar
Hackers hijack design platform to go phishing
Australian design platform Canva unwittingly provided phishing campaigns with graphics, making threat actors’ schemes appear more legitimate as they pilfer credentials through social engineering trickery. Hackers hijacked the graphic design site, owned by the fast-growing company whose valuation recently grew from $3.2 billion to $6 billion, and used it to leverage
SANS Institute breach proves anyone can fall victim to a ‘consent phishing’ scam
DNA companies vulnerable to phishing, privacy violations after attacks
A malicious server compromise recently confirmed by DNA investigation services provider GEDmatch serves a reminder of the incident response challenges and privacy ramifications that companies face when they trade in sensitive data – in this case, DNA, the most personal of data – especially when such incidents create unique opportunities for targeted
Phishing attack hid in Google Cloud Services
Details of a phishing attack concealed in Google Cloud Services point to a fast-growing trend that has hackers disguising malicious activities in cloud service providers. In a report released today, researchers at Check Point unravel, step-by-step, how even security-savvy professionals could be tricked by a well-disguised ruse, which kicked off with
Report: Lazarus Group has large-scale Covid-19 phishing campaign in the works
North Korea’s Lazarus group is likely behind a planned coronavirus-related phishing campaign taking aim at more than 5 million businesses and people in the U.S. and five other countries June 21. “The hacking campaign involved using phishing emails under the guise of local authorities in charge of dispensing government-funded Covid-19 support
Phishing campaign targets remote workers with fake voicemail notifications
Looking for new angles to socially engineer employees working from home under COVID-19 conditions, attackers have devised a new phishing campaign that distributes emails that look as if they were generated by Private Branch Exchange (PBX), a legacy technology that integrates with employees’ email clients so they can receive their
GitHub users being hit with credential stealing phishing messages
GitHub users are being targeted by a Sawfish phishing campaign designed to steal their GitHub login credentials and time-based one-time password (TOTP) codes. The attack, referred to as Sawfish by GitHub SIRT, comes through a Github message that claims the target’s account has experienced unauthorized activity of some type, GitHub SIRT
Coronavirus sparks phishing, disinformation, tabletop exercises and handwashing
It’s hard to tell who’s benefitting most from the coronavirus – Russia, hackers or hand sanitizer vendors, the latter of whom are at least trying to help stop the spread of the dangerous disease. A State Department official told Congress Thursday that Russian operatives are behind coronavirus conspiracy theories popping up