Articles tagged "Phishing"

Found 301 articles

A recent analysis by Comparitech has revealed that the government and healthcare sectors are particularly vulnerable to email security threats. The study examined 5,849 domains across 13 different sectors and found that many of them do not implement essential email authentication protocols such as SPF, DMARC, DKIM, and MTA-STS. Without these protections, these domains are at a higher risk of phishing attacks, which can lead to data breaches and compromised sensitive information. This situation is concerning given the critical nature of the data handled by these sectors, and it highlights a significant gap in cybersecurity practices that needs urgent attention. Improving email security measures could help protect against potential attacks and safeguard sensitive information.

Read Original

Bitdefender researchers have identified a new ransomware campaign where attackers are impersonating Interpol to deceive victims into downloading malicious software. These phishing emails are designed to appear legitimate, tricking recipients into believing they are receiving official communication from a global law enforcement agency. This campaign has targeted businesses worldwide, making it a significant threat as it could lead to severe financial losses and operational disruptions. Organizations should be vigilant about unusual emails and verify the sender's identity before clicking on links or downloading attachments. The use of such tactics highlights the evolving methods cybercriminals are using to exploit trust and execute their attacks.

Read Original

Medtronic, a well-known healthcare device company, has informed customers about a data breach that compromised their personal information. The breach was linked to a hacking group known as ShinyHunters, which is notorious for stealing data from various organizations. While the specific details of the exposed data have not been fully disclosed, affected customers are being urged to monitor their accounts closely for any unusual activity. This incident raises concerns about the security of sensitive health information and highlights the vulnerabilities that can exist within the healthcare sector. Customers are encouraged to take proactive steps to protect their information, such as changing passwords and being cautious of phishing attempts.

Read Original

The Ousaban banking trojan is targeting users in Spain and Portugal through a new phishing campaign. This campaign begins with a deceptive PDF file that appears to be corrupted, luring users to click an 'Update' button. Once activated, the trojan can compromise personal banking information, posing significant risks to individuals' finances. This type of attack demonstrates a shift towards more stealthy methods, making it harder for users to recognize the threat. As phishing techniques continue to evolve, it's crucial for users to remain vigilant and skeptical of unexpected prompts, especially those urging software updates.

Read Original
Critical
Fake Interpol Investigation Emails Push Ransomware at Small Businesses Globally

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Small businesses are facing a new threat from fake emails that appear to come from Interpol. These emails contain links to Proton Drive, which, when clicked, deliver ransomware to victims' systems. The ransomware encrypts files, effectively locking businesses out of their data. Additionally, the malware directs users to Tox chat, which may facilitate further malicious activity. This incident is particularly concerning as it targets smaller companies that may lack robust cybersecurity measures, making them more vulnerable to such attacks. Businesses need to be vigilant about phishing attempts and ensure they have adequate protections in place.

Read Original
Actively Exploited

A new Brazilian banking trojan named Ousaban is now targeting users in Spain and Portugal through phishing attacks, according to FortiGuard researchers. This malware is designed to steal sensitive banking information, posing a significant risk to individuals and financial institutions in these countries. Phishing typically involves deceptive emails or messages that trick users into revealing personal data or downloading malicious software. As Ousaban spreads, it raises concerns about the vulnerability of online banking systems and highlights the need for robust security measures among users. Both individuals and businesses in Spain and Portugal should remain vigilant against suspicious communications and take steps to protect their financial information.

Read Original

Aflac Japan has reported a data breach that has compromised sensitive information, including policy details, personal data, and banking information of millions of customers. The company has informed regulators about the incident, which raises significant concerns regarding the security of personal financial data in the insurance sector. A breach of this magnitude can lead to identity theft and financial fraud, affecting the trust customers place in their insurance providers. Aflac's response will be crucial in mitigating the fallout from this incident and ensuring that affected individuals are informed and protected. As this situation develops, customers should remain vigilant about their financial accounts and be cautious of potential phishing attempts that may arise as a result of the breach.

Read Original
Critical
New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A new phishing technique known as EvilTokens is raising concerns among security operations centers (SOCs) due to its ability to conceal account takeover indicators until the attack is executed within a browser. This tactic complicates the detection of threats, leaving SOC teams struggling to validate risks quickly. As a result, organizations may face increased vulnerability to account takeovers, putting sensitive information at risk. The need for enhanced visibility into browser activity is becoming clearer, highlighting a gap in current security measures that companies need to address to protect their users and data. This incident emphasizes the ongoing challenges faced by enterprises in maintaining security in an evolving cyber environment.

Read Original

Cyber threat intelligence provider WhoisXML API has reported a surge in newly registered domains related to the recent earthquake in Venezuela, with 212 domains registered between June 24 and June 28, 2026. This spike raises concerns about potential online scams or phishing attempts, as attackers often take advantage of natural disasters to exploit unsuspecting users. Individuals looking for information or assistance after the earthquake may inadvertently visit these malicious sites. It's crucial for users to be cautious and verify the legitimacy of websites before providing any personal information or clicking on links. This incident underscores the need for heightened awareness during crises, as cybercriminals are quick to capitalize on public interest and vulnerability.

Read Original

In May, a series of phishing emails targeted hotels in Japan that partner with Booking.com. These emails tricked recipients into downloading malware hosted on a blockchain platform. The attackers aimed to exploit the trust that hotels place in Booking.com communications, leading to potential breaches of sensitive data. This incident raises concerns about the security of online booking systems and the need for increased vigilance among hotels and similar businesses. As phishing tactics evolve, it’s crucial for companies to educate their staff about recognizing fraudulent communications to prevent such attacks.

Read Original

ESET has reported that the Gamaredon group, a known cyber threat actor, has ramped up its activities with 35 distinct spear-phishing campaigns targeting Ukrainian governmental and military institutions in 2025, particularly in the latter half of the year. These campaigns are part of ongoing efforts to exploit vulnerabilities in these sectors amid the ongoing conflict in Ukraine. The attacks primarily use deceptive emails to trick recipients into revealing sensitive information or downloading malicious software. This increase in activity poses significant risks to national security and the integrity of critical infrastructure in Ukraine, highlighting the persistent threat posed by cyber warfare in the region. As these attacks continue, it is crucial for organizations to enhance their cybersecurity measures and remain vigilant against phishing attempts.

Read Original

A recent phishing campaign is targeting hotels in Europe and Asia by using deceptive emails that reference common operational issues, such as guest complaints and health inspections. The attackers employ a Node.js implant to execute their malicious activities. Microsoft has not linked this campaign to any known threat actor, making it difficult to predict future attacks. The phishing email lures are designed to exploit hotel staff's urgency to resolve these issues, potentially leading to compromised systems and data breaches. This incident serves as a reminder for hospitality businesses to remain vigilant against phishing attempts that exploit everyday concerns.

Read Original

Recent research from Infoblox has revealed that over 236,000 websites are utilizing templates from DCloud Uni-App, a legitimate Chinese application framework, to conduct various online scams. These sites are involved in investment fraud, fake cryptocurrency exchanges, phishing schemes through WhatsApp, and other deceptive activities. The exploitation of these templates raises significant concerns as users may easily fall victim to these scams, resulting in financial losses. The widespread use of such templates indicates a troubling trend in the misuse of legitimate technology for malicious purposes. It is crucial for internet users to be cautious and verify the authenticity of websites before engaging in any financial transactions.

Read Original
Actively Exploited

The FBI has issued a warning that Russian intelligence operatives are targeting users of the messaging app Signal by attempting to steal their backup keys. These backup keys are crucial for users to recover their encrypted messages and secure their accounts. The FBI's alert indicates that this tactic could allow attackers to gain unauthorized access to sensitive communications. Users of Signal, particularly those involved in sensitive conversations, should remain vigilant and consider enhancing their security measures. This situation underscores the ongoing risks posed by state-sponsored cyber activities and the importance of protecting personal data.

Read Original

KDDI Corporation, a major telecommunications provider in Japan, has reported a significant data breach affecting its email system, which is also used by five other internet service providers (ISPs). The breach has exposed up to 14.2 million email logins, putting users' personal information at risk. KDDI did not specify how the attackers gained access or whether any sensitive data beyond email logins was compromised. This incident raises concerns about the security measures in place at ISPs and the potential for increased phishing attacks targeting affected users. As the investigation continues, users are advised to change their passwords and remain vigilant against suspicious communications.

Read Original
PreviousPage 3 of 21Next