Cofense Starts New Managed Security Service Provider Anti-Phishing Program

February 22, 2019

January 21, 2019   A new Managed Security Service Provider (MSSP) program has been started by Cofense to help MSSPs supply advanced anti-phishing solutions to their SMB customers to improve defense against sophisticated phishing attacks. Phishing is now the number one cybersecurity danger faced by SMBs. Phishing serves as an easy attack vector for cybercriminals and is one that is frequently used to gain access to business networks. Phishing is used to attack businesses of all sizes, but SMBs can be highly vulnerable to attacks since they lack the resources to spot and obstruct advanced phishing threats. Although cybersecurity solutions such as spam filters can be deployed to decrease the risk of phishing emails being delivered to workers’ inboxes and Read More

773 Million Email Addresses and 21 Million Exclusive Passwords Listed for Sale

February 22, 2019

January 20, 2019   A huge collection of login identifications that includes roughly 773 million electronic mail addresses has been exposed by safety researcher Troy Hunt. Hunt is an Australian Microsoft Regional Director and maintains the Have I Been Pwned (HIBP) website, where people can check to see whether their login identifications have been stolen in a data breach. Hunt discovered the 87GB database on a popular hacking forum. The data was spread through 2,692,818,238 rows and had a total of 1,160,253,228 exclusive combinations of email addresses and passwords, organized into 12,000 files hosted in a root folder named Collection #1 on the Mega cloud service. The data has since been removed from Mega, but it is still promoted for sale on hacking Read More

BenefitMall Phishing Attack Impacts 111,589 Plan Members

February 21, 2019

January 18, 2019   A newly discovered BenefitMall phishing attack has led to the disclosure of 111,589 plan members’ protected health information.   BenefitMall, a department of Centerstone Insurance and Financial Services, noticed on October 11, 2018, that hackers had gained access to numerous worker electronic mail accounts as a result of their replies to phishing electronic mails. Third party computer forensics specialists were called in to help with the probe and decide the scope and extent of the breach.  The probe into the breach exposed those electronic mail accounts had been compromised over a period of 4 months, with the first account compromised in June 2018. Swift action was taken to safeguard the breached electronic mail accounts and avoid Read More

Phishing Website Utilizes Custom Web Fonts to Avoid Identification

January 18, 2019

Jan 11, 2019     Phishers are continuously developing new methods to avoid their websites from being identified. One threat actor is now utilizing custom web fonts to disguise malevolent code on phishing websites. The phishing cheat deceives the main U.S. bank in an attempt to get users to divulge their banking identifications. The website used in the cheat is nicely created, and like several similar cheats, uses thieved patented content to make the website seem genuine. Although on the surface the cheat is just like several others, the threat actors have used a clever technique to avoid detection and make their phishing kit seem benevolent. Custom web fonts – Web Open Font Format (WOFF) files – are used to Read More

FTC Issues Warning About New Netflix Phishing Scam

January 16, 2019

Jan 3, 2019   The U.S. Federal Trade Commission has issued a warning about a new global Netflix phishing scam that tries to fool Netflix subscribers into revealing their account identifications and payment information. The scam uses a well-tried method to get that information: The danger of account closure because of payment information being outdated. Users are sent a message asking them to bring up-to-date their payment details since Netflix has experienced problems getting the monthly subscription payment. The user is offered with an “Update Account Now” button which they can click to enter their true banking/card information. Nevertheless, clicking the link will not direct the user to the authorized Netflix site, in its place they will be taken to Read More

2018 Safety Awareness Training Statistics

December 13, 2018

Dec 14, 2018   A new survey carried out by Mimecast has produced some fascinating safety mindfulness training figures for 2018. The survey indicates many companies are taking substantial risks by not providing sufficient training to their workers on cybersecurity. Question the IT division what is the greatest risk cybersecurity risk and several will say end users. IT teams put a substantial amount of effort into applying and maintaining cybersecurity defences, only for workers to take actions that introduce malware or lead to an electronic mail breach. It is understandable that they are frustrated with workers. Most cyber attacks begin with end users. By compromising one appliance, an attacker gains a footing in the network which can be used as Read More

Spotify Phishing Cheat Noticed: User Accounts Breached

December 9, 2018

Dec 3, 2018   Scientists at AppRiver have noticed a Spotify phishing cheat that tries to get users to disclose their Spotify identifications. The electronic mails use brand imaging that makes the electronic mails seem to have been transmitted by the music streaming facility. The emails are genuine, even though there are indications that the messages are not genuine. The electronic mail template used in the Spotify phishing cheat asserts the user requires to verify their account details to get rid of limitations and make sure they can carry on to use their account. The messages contain the Spotify symbol and contact information in the footer. The electronic mails have a link that account holders are requested to click to Read More

Marriott Annonces 500 Million-Record Breach of Starwood Hotel Guests’ Data

December 9, 2018

Dec 2, 2018   The Marriott hotel chain has announced it has experienced a huge data breach that has led to the theft of the private information of up to 500 million visitors of the Starwood Hotels and Resorts group. Marriott found the data breach on September 8, 2018, after a warning was generated by its internal safety system after an attempt by an illegal person to access the Starwood visitor reservation database. Third-party computer forensics specialists were called in to help with the probe, which verified that the access to Starwood network was first gained in 2014. It is presently unclear how the hacker breached safety fortifications and gained access to the network. The hacker had encrypted data on Read More

49% of All Phishing Sites Have SSL Credentials and Show Green Padlock

December 9, 2018

Dec 1, 2018   Nearly half of the phishing sites now have SSL credentials, beginning with HTTPS, and show the green lock to display the sites are safe, as per new research by PhishLabs. The number of phishing websites that have SSL credentials has been rising gradually since Q3, 2016 when about 5% of phishing websites were showing the green lock to show a safe connection. The proportion increased to roughly 25% of all phishing sites by this time last year, and by the end of Q1, 2018, 35% of phishing websites had SSL credentials. At the end of Q3, 2018, the proportion had risen to 49%. It is no shock that so many phishers have chosen to change to Read More

Main Malvertising Campaign Identified: 300 Million Browser Sessions Hijacked in 48 Hours

December 8, 2018

Nov 30, 2018   A major malvertising campaign is being carried out that is redirecting web users to phishing and cheat websites. Although malvertising campaigns are nothing new, this one stands out because of the size of the campaign. In 48 hours, over 300 million users have had their browsers redirected to malevolent web pages. The campaign was found by scientists at a cybersecurity company Confiant on November 12. The scientists noted that the actor behind this campaign had been trailed and was found to have been carrying out campaigns continuously since August; nevertheless, the latest campaign is on a completely different level. Earlier, the scammer had carried out much smaller campaigns not involving level 1 publishers. The campaign is Read More

California Wildfire-Themed BEC Attack Identified

December 8, 2018

Nov 29, 2018   It’s usual for phishers to use natural catastrophes as a lure to get ‘donations’ to line their pouches instead of helping the sufferers and the California wildfires are no exception. A lot of people have lost their lives in the fires and the death toll is likely to increase further as hundreds of people are still unaccounted for. Entire towns such as Paradise have been completely devastated by the wildfires and hundreds of people have lost their homes. Numerous are suffering, have nowhere to reside, and have lost everything. As expected many people desire to donate money to assist the sufferers to rebuild their lives. The attackers are using the sympathy of others to deceive companies. Read More

2,393 Patients of Southwest Washington Regional Surgery Center Affected by Phishing Attack

December 8, 2018

Nov 18, 2018   Southwest Washington Regional Surgery Center in Vancouver, WA, has experienced a phishing attack that has led to the disclosure of 2,393 patients’ protected health information. The breach was restricted to a single electronic mail account and no proof was found to indicate any electronic mails have been accessed or downloaded by the attacker. An extensive inquiry was carried out with help provided by a third-party cybersecurity company. The inquiry finished on September 25. The inquiry included a manual analysis of all electronic mails in the undermined account to recognize patients affected and the kinds of information that might have been undermined. Southwest Washington Regional Surgery Center clarified in its breach notification that the beach was restricted Read More

2,393 Patients of Southwest Washington Regional Surgery Center Affected by Phishing Attack

December 8, 2018

Nov 18, 2018   Southwest Washington Regional Surgery Center in Vancouver, WA, has experienced a phishing attack that has led to the disclosure of 2,393 patients’ protected health information. The breach was restricted to a single electronic mail account and no proof was found to indicate any electronic mails have been accessed or downloaded by the attacker. An extensive inquiry was carried out with help provided by a third-party cybersecurity company. The inquiry finished on September 25. The inquiry included a manual analysis of all electronic mails in the undermined account to recognize patients affected and the kinds of information that might have been undermined. Southwest Washington Regional Surgery Center clarified in its breach notification that the beach was restricted Read More

1,800 Patients’ PHI Undermined in Metrocare Services Phishing Attack

December 8, 2018

Nov 16, 2018   Metrocare Services, the biggest supplier of mental health facilities in North Texas, has experienced a phishing attack that has led to the disclosure of 1,804 patients’ protected health information. Numerous worker electronic mail accounts were undermined in the attack, with the first account breach happening on August 2, 2018. Metrocare didn’t notice the phishing attacks until September 4. As soon as the breach was noticed, measures were taken to safeguard the accounts. Metrocare has also provided its workers with additional training on information safety, additional methods are being launched to improve the safety of its information technology infrastructure, and electronic mail safety has been reinforced. The inquiry into the breach could not decide whether any electronic Read More

Health First Phishing Attack Affects 42,000 Clients

December 8, 2018

Nov 15, 2018   Health First Inc., a four-hospital Florida-based health system, suffered a hacking/IT occurrence earlier this year that was informed to the Division of Health and Human Services’ Office for Civil Rights on October 5. As per the OCR breach summary, 42,000 clients were affected by the breach. Additional information has now been issued on the type of the breach. As per Health First, the electronic mail accounts of several workers were undermined in the phishing attack. The disclosed protected health information was contained in the undermined electronic mail accounts. The electronic medical record system was unchanged by the attack. An inquiry into the breach disclosed the attackers first gained access to worker electronic mail accounts in February Read More

APT28 Group Utilizes New Cannon Trojan in Spear Phishing Campaign Targeting US and EU Government Organizations

November 25, 2018

November 25, 2018   A new spear phishing campaign is being carried out by the AP28 (Sofacy Group/Fancy Bear/Sednit) on government companies in the United States, Europe, and a former USSR state using the earlier unidentified Cannon Trojan. The campaign was noticed by Palo Alto Networks’ Unit 42 team and was first recognized in late October. The campaign is being carried out through spam electronic mail and uses weaponized Word document to supply two malware variations. The first, the Zebrocy Trojan, has been utilized by APT28 in earlier campaigns and was first identified in 2015. The main objective of the Zebrocy Trojan is to provide access to an appliance and establish a link with a C2 server. It works as Read More

Gmail Weakness Allows Phishing Emails to Be Transmitted Anonymously

November 25, 2018

November 24, 2018   A Gmail weakness has been found that lets electronic mails to be transmitted anonymously with no information contained in the sender field. The weakness might easily be abused by cybercriminals for use in phishing attacks. Phishers often hide the sender of an electronic mail in phishing campaigns to deceive the receiver into believing the electronic mail is genuine. The sender’s electronic mail address can be deceived so the shown name seems to be a known contact or well-known organization. Nevertheless, if there is no information in the from field, several end users might be deceived into thinking the electronic mail has come from a genuine source. The weakness was found by software developer Tim Cotton. It Read More

Increase in Phishing Emails Using .Com File Extensions

November 25, 2018

November 23, 2018   The anti-phishing solution supplier Cofense, formerly PhishMe, has informed a noticeable rise in phishing campaigns utilizing files with the .com extension. The .com extension is utilized for text files with executable bytecode. The code can be performed on Microsoft NT-kernel-based and DOS operating systems. The campaigns recognized through Cofense Intelligence are mainly being transmitted to financial facility divisions and are utilized to download a range of malevolent payloads including the Loki Bot, Pony, and AZORult information stealers and the Hawkeye keylogger. Some of the electronic mails in the campaigns clarify the user must open a .iso file attached to the electronic mail to see information linked to the electronic mail notification. The .iso file contains the Read More

Phishing Accounts for 50% of All Scam Attacks

November 25, 2018

November 17, 2018   A study of existing cyber scam dangers by network safety company RSA demonstrates that phishing attacks have risen by 70% since Q2 and now account for 50% of all scam attacks experienced by companies. Phishing attacks are trendy since they are easy to carry out and have a high success rate. An attacker can set up a webpage that imitates a famous brand such as Microsoft or Google that demands login particulars. Electronic mails are then transmitted containing hyperlinks to the site together with a valid reason for clicking. As per a research carried out by Verizon, 12% of users click hyperlinks in phishing electronic mails. RSA notes that the bulk of phishing attacks are carried Read More

Cofense Increases 24/7 Global Phishing Defense Facilities

November 25, 2018

November 2, 2018   Cofense has declared that it has increased its 24/7 Phishing Defense Facility to deliver even greater help to clients beyond business hours and make sure that phishing dangers are recognized in the shortest possible time. The Cofense Phishing Defense Center (PDC) was introduced to ease the load on IT safety teams by letting them unload some of the load of searching through electronic mails informed by their end users and analyzing those electronic mails to recognize the actual threats. When workers report doubtful electronic mails – through Cofense Reporter for example – the electronic mails are transmitted to Cofense Triage for scrutiny. The malware and danger experts in the Cofense PDC team carry out an in-depth Read More

U.S. Treasury Probing $700,000 Loss to Phishing Scam

November 25, 2018

November 1, 2018   In July 2018, the Washington D.C. government fell for an electronic mail cheat that led to wire transfers totaling approximately $700,000 being sent to a scammer’s account. The scammer mimicked a seller used by the city and demanded unsettled bills for construction work be paid. The seller had been hired to work on a design and build the project on a permanent supportive lodging facility. The electronic mails demanded the payment method be altered from check to bank transfer, and particulars of a Bank of America account was specified where the payments needed to be directed. Three separate payments were made adding up $690,912.75. The account details provided were for an account managed by the scammer. Read More

75% of Workers Lack Security Consciousness

November 25, 2018

October 30, 2018   MediaPro has published its 2018 State of Secrecy and Safety Consciousness Report which evaluates the level of safety consciousness of workers across various industry sectors. The report is based on the replies to surveys sent to 1,024 workers throughout the United States that investigated their knowledge of real-world dangers and safety best practices. This is the third year that MediaPro has carried out the survey, which classifies respondents in one of three groups –Risk, Novice, or Hero – based on their knowledge of safety dangers and understanding of best practices that will keep them and their company secure. In 2016, when the survey was first carried out, 16% of respondents rated a risk, 72% were rated beginners, and Read More

United States Steers the World as Key Host of Malware C2 Infrastructure

November 25, 2018

October 29, 2018   The United States is home to the maximum proportion of malware command and control (C2) infrastructure – 35% of the international total, as per fresh research circulated by phishing defense and threat intelligence company Cofense.  27% of network Indicators of Compromise (IoCs) from phishing-borne malware are also either situated in or proxied through the United States. Cofense data indicate that Russia is in the second position with 11%, followed by the Netherlands and Germany with 5% each and Canada with 3%. C2 infrastructure is utilized by hackers to communicate with malware-infected hosts and deliver orders, download new malware modules, and exfiltrate data. Cofense clarified that simply because the C2 infrastructure is hosted in the United States Read More

Stealthy sLoad Downloader Executes Extensive Investigation to Improve Quality of Infected Hosts

November 24, 2018

October 28, 2018   A new PowerShell downloader has been found – the sLoad downloader – which is being utilized in silent, highly targeted attacks in the UK and Italy. The sLoad downloader executes a wide variety of tests to find out a lot of information regarding the system on which it lives, before picking the most suitable malevolent payload to install – if a payload is installed at all. The sLoad downloader was first known in May 2018 when it was mainly being utilized to download the Ramnit banking Trojan, even though more lately it has been providing a much wider variety of malevolent payloads including DarkVNC, PsiBot, Ursnif, and Gootkit, as per safety scientists at Proofpoint who have Read More

Brands Most Usually Spoofed by Phishers Exposed

November 24, 2018

October 27, 2018   Vade Secure has issued a new report describing the brands most usually targeted by phishers in North America. The Phishers’ Favorites Top 25 list discloses the most usually spoofed brands in phishing electronic mails found in Q3, 2018. For the latest report, Vade Security followed 86 brands and rated them based on the number of phishing attacks in which they were mimicked. Those 86 brands account for 95% of all brands deceiving attacks in Q3, 2018. Vade Secure notices that there has been a 20.4% rise in phishing attacks in Q3. As was the case the preceding quarter, Microsoft is the most targeted brand. Phishers are trying to gain access to Azure, Office 365, and OneDrive Read More

Cofense Creates New SOAR Platform That Lets IRs to Block Phishing Attacks Even Quicker

September 10, 2018

August 3, 2018   The prominent anti-phishing solution supplier Cofense has developed a new platform that finds and stops phishing attacks in progress even quicker. The Cofense Phishing-Specific Security Orchestration, Automation, and Response (SOAR) platform is the first such platform to come to the marketplace that has been particularly developed to recognize and interrupt phishing attacks in progress. Cofense had already developed its modern, multi-award winning Cofense Triage platform to assist occurrence responders to separate real phishing attacks from the noise in misused mailboxes. The solution eliminates caring messages that have been informed by workers as possibly malevolent through the Cofense Reporter electronic mail add-on, letting incident reaction groups focus on actual phishing dangers. Cofense Triage incorporates with nearly two Read More

UnityPoint Health Phishing Attack Disclosed PHI of 1.4 Million Patients

September 9, 2018

August 2, 2018   One more UnityPoint Health phishing attack has been seen, and this time it is huge. Hackers have gained access to numerous electronic mail accounts which had the PHI of approximately 1.4 million patients. This occurrence is the biggest healthcare data breach to be informed since August 2016 and the biggest healthcare phishing occurrence reported since the HHS’ Office for Civil Rights began publishing briefs of healthcare data breaches in 2009. Not only does this breach stand out in terms of scale, it is also remarkable for the amount of data that was included in the compromised electronic mail accounts. While the kinds of data disclosed differ by patients, the breach involved names, Social Security numbers, driver’s Read More

Confluence Health Informs Patients of Phishing Occurrence

September 8, 2018

August 1, 2018   Confluence Health, a not-for-profit health system that manages Central Washington Hospital, Wenatchee Valley Hospital and a dozen satellite health centers in Central and North Central Washington, has suffered a data safety occurrence involving a worker’s electronic mail account that might have led to illegal accessing of patients’ PHI. The safety breach was noticed on May 29, 2018. A digital forensics company was called in to carry out an inquiry, which disclosed that the electronic mail account had been retrieved by an illegal person on May 28 and May 30, 2018. The electronic mail account had only a limited amount of PHI and no highly confidential data like Social Security numbers or financial information was disclosed. Patients Read More

Persuading Phishing Campaign Targets Australian Companies and Spreads DanaBot Trojan

September 8, 2018

July 19, 2018   A new phishing campaign has been identified that is dispersing the DanaBot Trojan. The campaign includes phishing electronic mails which seem to have invoices from the Australian international company MYOB – a supplier of tax and accounting facilities for small and medium-sized companies. The phishing campaign was identified by Trustwave scientists. The phishing electronic mails are brief and well written and instruct the receiver of the invoice amount, the due date for payment, a request to get in touch if there are any queries regarding the invoice, and a link to see the invoice. The electronic mails appear professional and might easily pass for a sincere communication. Although the link seems to connect to a website, Read More

Russian Impeachments Reminder of Phishing Dangers

September 8, 2018

July 18, 2018   In the aftereffects of the 13 July declaration that the Mueller investigation charged 12 Russian military officers, Americans have discussed everything from the genuineness of the inquiry to the outcomes of the election meddling, however, Sen. Rand Paul (Ky.) told CNN, “We must now spend our time safeguarding ourselves rather than having this type of witch hunt on the president. I think we need to be done with this and begin actually safeguarding our votes from foreign countries.” Specialists in the cybersecurity industry decide, noting that the charges serve as a reminder that US national and election security remain susceptible to dangers from phishing campaigns. As regional, state and federal officers take another look at their election safety infrastructure Read More

Manitowoc County Phishing Attack Results in PHI Thievery

September 7, 2018

July 13, 2018   Manitowoc County in Wisconsin has disclosed that protected health information has been unlawfully obtained because of a successful phishing attack. The occurrence happened almost January 14, 2018, even though the attack and data breach was not known until April 24. Although the account was swiftly protected to halt any more access, the hacker had well over two months to see and copy confidential data saved in the electronic mail account. Throughout the time period that the hacker had electronic mail account access, electronic mails transmitted to that account were re-routed to a different electronic mail account to which Manitowoc County workforce had no access. Although County officers have not found any evidence to show any of Read More

New AZORult Phishing Campaign Noticed by Cofense

September 7, 2018

July 11, 2018   Prominent anti-phishing solution supplier Cofense has noticed a new AZORult phishing campaign. AZORult is an information thief capable of thieving cookies, saved passwords, payment card information, autocomplete data saved in web browsers, Bitcoin wallet information, and electronic mail, FTP, and XMPP client identifications. The latest campaign uses malevolent electronic mail attachments to disperse a new variation of the malware. Type 3 of AZORult includes anti-analysis protections and is capable of noticing if it’s running in a VM or sandbox setting. The malware also has new abilities and can take and exfiltrate screenshots, harvest Skype and Jabber program logs and conversation histories, and it now encrypts telecommunications between an endpoint and its management panel. The newest variation Read More

Iranian Attackers Cheat Security Site for Phishing

September 7, 2018

July 7, 2018   An Iranian APT group has been noticed creating a phishing site, utilizing a cybersecurity company which outed it as a lure. Charming Kitten has been in action since 2014 and its actions were laid bare in a December report by an Israeli safety vendor Clearsky Security. The company declared to have found more than 85 IP addresses, 240 malevolent domains, hundreds of hosts, a number of bogus units as well as possibly thousands of sufferers connected to the group. In a series of tweets this week, the company said that it had found out that the same group is building a phishing site intended to capitalize on interest in the vendor’s findings. “The bogus website is clearskysecurity\.net (the actual website Read More

Phishing Occurrence Informed by Trezor Wallet

September 6, 2018

July 6, 2018   Trezor, the multi-cryptocurrency wallet facility, has declared it has been aimed in a phishing campaign that has seen some users of its facility redirected to a malevolent website in an effort to get their identifications. Trezor became conscious of the phishing campaign when the firm began to receive grievances from its users concerning an illegal Secure Sockets Layer (SSL) document on the site. Users who were guided to the bogus Trezor site were cautioned regarding memory damage with the message, “Mistake particulars: Your Trezor data loss! Please, recuperate seed to reestablish data.” The lack of a legal SSL document was a red flag, as was the use of improper phrasing and bad grammar. Nevertheless, aside from Read More

Cryptocurrency Investors Aimed with MacOs Malware on Slack and Discord

September 6, 2018

July 5, 2018   A number of MacOs malware attacks have been recognized in the past few days with sufferers targeted through the Slack as well as Discord chat platforms. The attackers are aiming cryptocurrency investors and are posting messages on Slack and Discord groups connected to cryptocurrencies. This is an impersonation attack in which management, as well as important people are being impersonated, with users suggested to run a draft that copies a malware variation called OSX.Dummy malware through curl. The malware has a 34Mb size, which must be a warning symbol, even though it is presently not being picked up by any AV creations on VirusTotal, as per safety scientist Remco Verhoef, who later posted regarding the attacks on Read More

Phishing Mentioned by SMBs as Main Attack Threat

July 29, 2018

June 28, 2018   A new analysis of 600 IT decision makers at small-to-midsized businesses (SMBs) found that almost all SMBs are carrying out some type of worker cybersecurity consciousness training, which might be due partly to the dread of phishing. It might seem promising to note that the new global report, Webroot SMB Cybersecurity Preparedness, found nearly 100% of companies train their workers in cybersecurity consciousness. Nonetheless, the report also found that the number considerably declines for ongoing training practices, with just 39% of businesses reporting that they educate workers constantly all through the period of employment. In spite of that, the report found that companies in the US, UK, and Australia are taking cybersecurity seriously. It exposed a change in the attacks companies Read More

Hundreds Report WannaCry Phishing Operation

July 28, 2018

June 27, 2018   Action Fraud is alerting of a new phishing campaign using the notorious WannaCry ransomware attack of May 2017 as a trap. The UK’s national cybercrime reporting center declared on Friday that it had already obtained 300 reports over the preceding two days regarding the cheat electronic mails. “The WannaCry electronic mails are designed to create terror and deceive you into trusting that your computer is infected with WannaCry ransomware,” it said in a warning. “In reality, the electronic mails are just a phishing exercise to attempt and extract money. The electronic mails assert that all of your appliances were hacked and your files will be erased unless you pay a penalty to the impostors in Bitcoin.” It is Read More

ZeroFont Phishing Attack Sidesteps Microsoft Office Safety Feature

July 27, 2018

June 23, 2018   The ZeroFont phishing attack lets phishers to sidestep anti-spam controls and make sure their electronic mails are sent to end users inboxes. ZeroFont Phishing Cybercriminals are continuously creating new methods to sidestep anti-spam technologies, one of which has been found by safety scientists at the cloud safety business Avanan. The method, called ZeroFont phishing, lets phishers to get their messages past Microsoft Office 365 defenses and transferred to end users’ inboxes. One of the difficulties phishers face when trying to mimic big name brands, is several spam sieves look at the subject matter of messages and check for names such as Apple and Microsoft. When the links provided in those electronic mails – and the electronic mails Read More

Florida Organization for People with Infirmities and Black River Medical Center Report Phishing Occurrences

July 27, 2018

June 22, 2018   Two HIPAA-protected units have recently revealed they have been sufferers of phishing attacks that have possibly led to the disclosure of patients’ protected health information (PHI).   Additional Phishing Attack Reported by Florida Organization for People with Infirmities The Florida Agency for Persons with Disabilities (FAPD), which provides support facilities for people with infirmities such as autism, spina bifida, cerebral palsy, and Downs syndrome, has suffered one more phishing attack The phishing attack happened on April 10, 2018 and was restricted to a single electronic mail account; nevertheless, that account had the PHI of 1,951 customers or custodians. While no proof was found to indicate any PHI was seen or copied by the attacker, PHI access Read More

World Cup Wallchart Phishing Cheat Found

July 27, 2018

June 21, 2018   Safety scientists at Check Point have found a World Cup wallchart phishing cheat that is being used to transfer malware to soccer enthusiasts’ appliances. The campaign involves specifically created electronic mail messages with the subject line: World_Cup_2018_Schedule_and_Scoresheet_V1.86_CB-DL-Manager. Electronic mail receivers are persuaded to open and install a malevolent FIFA World Cup timetable and results checker that is attached to the electronic mail. The electronic mail receivers are informed that the attachment will let soccer enthusiasts to easily keep track of the games and the outcomes. Nevertheless, the electronic mail attachment delivers far more than the message indicates. Opening the electronic mail attachment will fix a malware variation known as DownloaderGuide, which in turn will fix a Read More

Email Phishers Using an Easy Method to Sidestep MS Office 365 Protection

July 26, 2018

June 21, 2018   Safety scientists have been alerting regarding an easy method that cyber offenders and electronic mail scammers are using in the wild to sidestep most AI-powered phishing finding ways applied by extensively used electronic mail facilities and web safety scanners. Called ZeroFont, the method involves introducing concealed words with a font size of zero inside the actual subject matter of a phishing electronic mail, preserving its visual appearance same, however at the same time, making it non-malicious in the eyes of electronic mail safety scanners. As per cloud safety business Avanan, Microsoft Office 365 also fails to identify such electronic mails as malevolent created using ZeroFont method. Similar to Microsoft Office 365, several electronic mails and web safety facilities Read More

Phishing Operations Target Sports Fans, Consumers

July 26, 2018

June 20, 2018   Two phishing promotions have been aiming users of both the FIFA World Cup and one of its longtime associates, Adidas. One promotion tries to entice sufferers into clicking on a malevolent link under the guise of downloading a World Cup plan of matches and a result follower, while the second assures a “free” $50-per-month payment for Adidas shoes. Today Check Point declared that it has found a new phishing promotion related to the beginning of the World Cup that targets soccer followers. An identified malware that is regularly used to connect potentially unwanted programs (PUPs) and toolbars, adware or system optimizers known as DownloaderGuide is inserted in the attachment. Scientists found nine different executable files provided in electronic mails with the topic: Read More

HealthEquity Phishing Attack Discloses PHI

July 26, 2018

June 17, 2018   HealthEquity Inc. has been struck by a phishing attack resulting in the disclosure of members’ PHI. The data breach was limited to one electronic mail account, even though an analysis of the messages in the account indicated a variety of PHI was possibly thieved by the attacker. Information probably retrieved in the attack was limited to names, deduction figures, health account type, employer names, employer ID numbers, HealthEquity member ID numbers, electronic mail addresses, and for some Michigan-based employees, Social Security numbers. The breach was found on April 13, 2018 and was found to have happened two days earlier, giving the hacker 48 hours to access messages in the account. Access to the undermined account was Read More

PHI Undermined in HealthEquity Phishing Attack

July 25, 2018

June 15, 2018   A phishing attack on Draper, UT- situated HealthEquity Inc., has led to the disclosure of members’ PHI. The data breach was restricted to one electronic mail account, even though an examination of the messages in the account disclosed a variety of PHI was possibly obtained by the attacker. Information probably undermined in the attack was restricted to names, deduction amounts, health account type, employer names, employer ID numbers, HealthEquity member ID numbers, electronic mail addresses, and for some Michigan-based workers, Social Security numbers. The breach was detected on April 13, 2018 and was found to have happened two days earlier, giving the attacker 48 hours to access messages in the account. Access to the undermined account Read More

Department of Justice Declares Detention of 74 Business Electronic mail Compromise Scammers

July 25, 2018

June 14, 2018   An organized law enforcement endeavor involving the FBI, U.S Divisions of Justice, Homeland Safety, Treasury, the US Postal Examination Facility, and law enforcement organizations in Canada, Malaysia, Indonesia, Poland, Mauritius, and Nigeria has led to 74 business email compromise (BEC) scammers and connected offenders being detained. The combined law enforcement endeavor – known as Operation Wire Wire – was carried out over a duration of 6 months with most of the detentions made in the last two weeks of the operation.  42 detentions were made in the United States, 23 of which were in Florida over the legalizing of at least $10 million amassed through BEC cheats.  Additional 29 detentions were made in Nigeria, and nine Read More

Spammers Use iqy Files to Send Distant Access Trojan

July 25, 2018

June 13, 2018   Macros have long been preferred by cybercriminals as a way of fixing malware. The macros begin VB, JavaScript and PowerShell scripts that download malware. Because of possible danger, safety teams often inactivate macros or at least form endpoints to require commands to be manually allowed by end users. The danger of running commands is also typically covered in safety consciousness programs. It is now tougher for cybercriminals to fix malware using this method. At least one cybercriminal group is now taking a different tactic to get malware fixed. Several campaigns have been recognized that use Excel Query Files – extension .iqy – to fix malware. The campaigns are being used to fix a distant access Trojan Read More

InfoSec Institute Now Has Biggest Library of Security Awareness Training Content

July 25, 2018

June 8, 2018   At the latest Gartner Security & Risk Management Summit meeting 2018, the InfoSec Institute declared that its library of safety consciousness training subject is now the biggest collection of subject matter provided by any safety consciousness training firm. The SecurityIQ AwareEd library comprises of usual CBT training units covering the complete range of electronic mail-based and web-based dangers. CBT training is accompanied by video training content and student appraisals. The AwareEd library consists of over 300 role-based teaching units and 150 strengthening tools including program advertising electronic mails and posters. The latest growth of its training content makes sure its clients have access to in-depth training material to assist them to prepare their workers for an Read More

May Saw Huge Rise in TSB Phishing Cheats

July 24, 2018

June 7, 2018   There has been a huge rise in TSB phishing cheats over the past month. In April, TSB bank switched to a new core banking system. Earlier, TSB data had been on a system supplied by Lloyds, even though after the purchase by Spanish bank Banco Sabadell, data required to be shifted to its banking system. When customer accounts were shifted to the new system, a lot of customers were locked out of their accounts. The outage continued for over 5 days, during which time several customers couldn’t gain access to their accounts or their money. Bank transfers were directed to wrong accounts and money fled from numerous customers’ accounts. TSB expected problems with the changeover and Read More

Unencrypted Hospital Pager Messages Interrupted and Seen by Radio Hobbyist

July 22, 2018

June 28, 2018   A lot of healthcare companies have now transitioned to safeguard messaging systems and have withdrawn their obsolete pager systems. Healthcare companies that have not yet made the change to safeguard text messaging platforms must take note of the latest safety breach that saw pages from several hospitals interrupted by a ‘radio hobbyist’ in Missouri. Interrupting pages using software defined radio (SDR) is not new. There are different websites that describe how the SDR can be utilized and its abilities, including the interruption of secret communications. The danger of PHI being taken by hackers using this method has been well documented.  All that is needed is a few easily obtained hardware that can be purchased for about $30, a computer, Read More

Hackers Possibly Had Access to 42,000 Patients Health Data for a Month After Phishing Attack

July 18, 2018

May 30, 2018   The Ohio Healthcare Supplier Aultman Health Foundation has found a few of its workers have been deceived by a phishing attack that led to the threat actors behind the operation gaining access to numerous electronic mail accounts. A phishing attack was noticed on March 28, prompting a complete inquiry of the breach. The probe exposed some workers had fallen for the phishing cheat in mid-February. More accounts were then undermined, with access to the affected accounts carrying on until late March when a password reset was carried out. The safety breach was restricted to electronic mail accounts and the healthcare supplier’s medical record system was not undermined, although the electronic mail accounts did have a variety Read More

Terros Health Phishing Attack Affects up to 1,600 Patients

July 18, 2018

June 16, 2018   A staff member at Phoenix-situated Terros Health was deceived by a phishing trick and erroneously handed over login identifications to the hacker. That individual retrieved the worker’s electronic mail account and might have seen or obtained a variety of PHI recorded in separate electronic mails in the account. The breach was limited to a single electronic mail account and access to other systems was not gained. Terros Health found the phishing attack on April 12, 2018, and warned the mass media on June 8. All patients affected by the breach have now been made conscious by post. An examination into the attack disclosed the staff member replied to the phishing electronic mail on or around November Read More

HealthEquity Phishing Attack Discloses PHI

July 18, 2018

June 17, 2018   HealthEquity Inc. has been struck by a phishing attack resulting in the disclosure of members’ PHI. The data breach was limited to one electronic mail account, although an examination of the messages in the account indicated a variety of PHI was possibly stolen by the attacker. Information probably accessed in the attack was limited to names, health account type, employer names, employer ID numbers, HealthEquity member ID numbers, deduction figures, email addresses, and for some Michigan-based workers, Social Security numbers. The breach was found on April 13, 2018 and was found to have happened two days earlier, giving the hacker 48 hours to retrieve messages in the account. Access to the undermined account was swiftly turned Read More

Cofense Reporter for Mobile Introduced to Expedite Reporting of Phishing Attacks

June 9, 2018

April 7, 2018   Cofense Reporter, the phishing electronic mail reporting solution used on over 11 million endpoints to report phishing attacks in progress, has now been issued in a mobile-friendly setup. The solution lets workers inform phishing attacks, irrespective of the appliance used to verify work electronic mails. The HIPAA Safety Law needs protected units to provide safety consciousness training to workers to help avoid the theft or exposure of PHI. Training assists workers to recognize phishing dangers before they result in a data breach. As phishing electronic mails are likely to be transmitted to many workers, safety teams must act swiftly when a phishing attack is known. A solution that lets phishing electronic mails to be reported by Read More

Phishing Attack at CareFirst BCBS Affects 6,800 Members

June 9, 2018

April 7, 2018   A targeted phishing attack performed on CareFirst Blue Cross Blue Shield has led to the disclosure of 6,800 plan subscribers’ protected health data. The attack was first found by CareFirst on March 12, 2018, leading to a complete check of their systems, which included a forensic study of the electronic mail system and CareFirst’s systems generally. Together with the internal inquiry by the CareFirst IT safety team, an external information safety company also studied the phishing attack. The studies didn’t find any evidence to indicate electronic mails in the undermined account had been viewed by the attacker; nevertheless, the electronic mails in the account did contain some PHI and data access couldn’t be removed with a Read More

UnityPoint Health Phishing Attack Undermines Many Employee Email Accounts

June 9, 2018

April 25, 2018   It has been found that UnityPoint Health worker accounts have been undermined and accessed by illegal people. The worker electronic mail accounts were initially accessed on November 1, 2017 and went on for a duration of 3 months until February 7, 2018, when the phishing attack was found and access to the compromised electronic mail accounts was disallowed. Upon noticing the phishing attack, UnityPoint Health hired a computer forensics firm to probe the level of the breach and the number of patients that were targeted. The probe found that a wide variety of PHI had possibly been obtained by the hackers, which included names in combination with one or more of the following data elements: Number Read More

GDPR Phishing Scams Pose the Main Threat

June 9, 2018

April 28, 2018   As the General Data Protection Regulation (GDPR) comes into effect on May 25 for all European Union (EU) member states, organizations and companies that gather, use, and store data on any European Union national — anywhere in the world — face a duty to obey. Failure to do so might lead to fines as high as 4% of the organization’s sales or €20m. The new law has sent companies into a panic. It has also led to hateful plans by hackers. As organizations and businesses are sending electronic mails to employees and clients requesting approval to gather and store data, hackers are rubbing their hands in pleasure about the possible breach these requests might present. Those Read More

Class Action Lawsuit Claims UnityPoint Health Misinform Patients over Severity of Phishing Attack

June 9, 2018

May 10, 2018   A class action litigation has been filed in reaction to a data breach at UnityPoint Health that saw the protected health information (PHI) of 16,429 patients disclosed and possibly obtained by illegal persons. As with several other healthcare data breaches, PHI was disclosed as a consequence of workers falling for phishing electronic mails. UnityPoint Health found the security breach on February 15, 2018 and sent breach notification letters to affected patients two months later, on or about April 16, 2018. HIPAA-protected units have up to 60 days after the discovery of a data breach to issue notices to patients. Several healthcare companies wait before issuing breach notices and submitting reports of the event to the Department Read More

GDPR Phishing Scam Targets Airbnb Clients

June 8, 2018

May 18, 2018   A GDPR phishing cheat has been found targeting Airbnb clients. The GDPR-themed cheat requests clients of the home-sharing website should re-enter their contact information as well as credit card particulars in order to comply with the EU’s GDPR that comes into effect on May 25, 2018. The scammers are taking advantage of the high volume of electronic mails presently being sent by businesses as part of their GDPR compliance attempts. Consumers have been receiving electronic mails from a wide variety of businesses requesting they renew their information, re-confirm that they still desire to remain on mailing lists and study new GDPR-compliant privacy policies before the compliance closing date. Over the past few weeks, several businesses have Read More

InfoSec Institute Mentioned in 2018 Gartner Peer Insights Customers’ Choice for Security Consciousness CBT

June 8, 2018

May 19, 2018   The InfoSec Institute has established a big library of training material on cybersecurity and helps safety experts achieve qualifications to improve their career chances. The business has also established a platform for companies to use to upgrade their fortifications against phishing attacks and other dangers that target workers. The company’s SecurityIQ training program combines a big library of teaching material and a phishing replication solution within a single program. After training the staff, companies can use phishing replications to see how effective their training has been. The replications help companies find areas of vulnerability that can be faced with additional teaching. The program now contains over 300 training units and more than 1,000 phishing models based Read More

ADT Now Offering Cofense Phishing Detection and Response Capabilities to Customers

June 8, 2018

May 19, 2018   Cofense has declared a new association with the safety observing and interactive home as well as business automation solution provider ADT. Boca Raton, FL-based ADT is a top provider of security and automation solutions to enterprises and medium-sized companies all over the United States and Canada. The company assists businesses to find and react to cyberthreats in real-time, speeding up the alleviation of attacks to minimize effect on the company. ADT’s cybersecurity platform helps companies manage, organize, and gather cyber intelligence and automate safety analyst workflows. The platform allows companies to greatly decrease the time between a cyberattack and finding and managing the safety breach. Although ADT cybersecurity services allow companies to respond swiftly to a Read More

Lincare Resolves W-2 Phishing Scam Lawsuit for $875,000

June 8, 2018

May 20, 2018   The respiratory treatment provider Lincare Inc., has agreed to resolve a class-action claim filed by workers whose W-2 information was transmitted to cybercriminals when a worker replied to a phishing cheat. On February 3, 2017, a member of Lincare’s human resources division received an electronic mail from a high-level manager demanding copies of W-2 information for all workers of the company. Believing the electronic mail was a valid request, the worker replied and enclosed W-2 information for ‘a specific number of workers of Lincare and its associates.’ After learning the accidental leak of confidential information, Lincare got in touch with affected workers and presented them identity theft insurance, two years of credit monitoring, and remediation facilities Read More

Aultman Health Foundation Phishing Attack Affects up to 42,600 Patients

June 8, 2018

May 30, 2018   Aultman Health Foundation, which manages Aultman Hospital in Canton, OH, is warning about 42,600 patients that some of their protected health information might have been accessed because of a phishing attack. Unknown and unauthorized people succeeded in gaining access to many electronic mail accounts used by staff members of Aultman Hospital, its AultWorks Occupational Medicine department, and some Aultman physician centers. The illegal access was first noticed on March 28, 2018, leading to a thorough inquiry to decide the level of the breach and whether any confidential information might have been accessed. Third-party information safety experts were hired to assist with the inquiry and found that access to the electronic mail accounts occurred on many occasions Read More

Cofense Re-Introduces Reseller Network Program when it Implements a 100% Indirect Sales Style

April 27, 2018

Cofense, previously PhishMe, is shifting away from direct sales as well as intends to convert to a 100% network dedicated firm. The Leesburg, Virginia located company has now taken a stride nearer to that objective with the re-introduction of its reseller network program since the company intends to increase its 300+ network of international sales associates. The Cofense associate program has proven much admired by Managed Service Providers (MSPs) whose customers are appreciating the advantages to be gotten from coaching the staff to be more safety conscious.  Phishing occurrences are now the biggest threat confronted by firms, and although electronic mail safety solutions are used to decrease the danger, malevolent messages are still conveyed to users’ inboxes. An earlier investigation Read More

Microsoft Introduces Complimentary Windows Protector Chrome Plugin

April 27, 2018

Among the main marketing points of the Microsoft Edge browser is its defense against phishing attacks. Microsoft Edge is now the greatest browser to use to obstruct phishing attacks, with tests carried out by NSS Laboratories indicating Edge to be competent of obstructing 99% of phishing as well as social engineering-based malware attacks. Its nearest rival, Google Chrome, just obstructed 87% of attacks, whereas Firefox obstructed only 70%. Both of those browsers influence Google’s Secure Surfing API, which while providing good defense from web-based attacks, is junior to Microsoft’s technology. The plugin, called Windows Defender Browser Protection (WDBP), is offered free to operators of Chrome. The plugin may be utilized on Windows and MacOS and will also shortly be available Read More

Wombat Security Honored at SC Media Awards

April 26, 2018

Wombat Security, currently a branch of Proofpoint, assists companies coach workers to become more safety conscious and know possible phishing electronic mails as well as other electronic mail-based cyber dangers. The firm has established a general teaching library and CBT platform that companies can use as the foundation of their safety consciousness plans, together with a phishing replication plan to put the teaching to the test. The company was lately honored at current year’s SC Mass media Awards, being nominated winner of a Specialist Award in the Best IT Safety-Related Training Program group. Each year, hundreds of creations are taken into consideration for the awards with the group narrowed down to a few of qualifiers. A board of impartial judges Read More

Agari Nominated Best Electronic mail Safety Solution at 2018 SC Media Awards

April 25, 2018

Agari has been admired at current year’s SC Media Awards and has treasured an esteemed Expert Award for its electronic mail safety solution – the Agari Electronic mail Trust Program. The SC Media Awards are the best cybersecurity awards for the cybersecurity trade. Each year, hundreds of creations are evaluated by a board of impartial judges taken from the cybersecurity trade. The selected solutions are finalized to five qualifiers in each group. This year’s qualifiers for the Best Electronic mail Safety Solution group were the Agari FireEye Email Security, Email Trust Platform, Zix for ZixProtect, Proofpoint Email Protection, and Mimecast Advanced Security. Agari was selected group winner at the festival awards ceremonial in San Francisco on April 17, 2018. The Read More

KnowBe4 Releases Warning Concerning Bogus Active Shooter Phishing Electronic mails

April 22, 2018

The latest firings at schools in the United States have stunned the country, with academic institutes these days on high alert for any repetitions. The news bulletin of an active shooter on site needs an instant reaction and is expected to lead to terror. It’s, therefore, no wonder that scammers have taken benefit and have been transmitting bogus active shooter warnings through electronic mail to colleges and schools. KnowBe4 has lately recognized one such cheat that was used to aim a community college in Florida. Numerous subject lines were incorporated in the electronic mails alongside the same subject: There is presently an active shooter on site. Variations of the cheat discovered by KnowBe4 contain the topic lines: “IT Bureau: Safety Read More

Cofense Triage Upgrade Increases Discernibility into Phishing Dangers to Upgrade Reaction Times

April 21, 2018

The human-handled phishing protection solution supplier Cofense has declared its occurrence reaction program – Cofense Triage – has been upgraded. There have been numerous main improvements to the program that decrease noise and increase visibility into real-time dangers, letting IR groups step up their reaction to existing phishing dangers that have made it cross the boundary. The upgrade makes it simpler for safety groups to react to phishing dangers presently in progress and attack dangers before they bring about a data breach or expensive ransomware or malware infection. Among the main difficulties confronted by security groups are parting the chaff from the wheat. Safety consciousness coaching teaches the staff to be cautious of dangers and phishing informing solutions let doubtful Read More

Safety IQ BEC Defense Group Coaches Companies for Electronic mail Account Compromise Attacks

April 21, 2018

Company electronic mail compromise attacks are on the increase, with one latest report telling 44% of companies have faced an attack. Business Email Compromise (BEC) attacks are now usual. Electronic mail accounts are undermined, and danger actors abuse the accounts to transmit targeted emails to persons in a business. Requests are created to have confidential data transmitted by electronic mail or for electronic transfers to be completed. Stylish social engineering skills are utilized to persuade the electronic mail receiver that the request is authentic. The attacks frequently involve a series of electronic mails with the receiver trusting they are consistent with the account holder. As these emails are sent from authentic accounts, they are seldom jammed by junk fortifications. These cheats Read More

Human Element Cybersecurity Statement Issued by Proofpoint

April 20, 2018

As per the annual human factor cybersecurity account from Proofpoint, the human element carries on to be widely abused by cybercriminals. Although hacks are still routine, cybercriminals are typically depending on some contact from workers to steal cash from bank accounts, acquire login identifications and confidential files, and infect networks and end points with ransomware and malware. The information for the newest report comes from Proofpoint’s 6,000+ clients and was accumulated all through 2017. The report discloses a few of the main cyberattack tendencies, including attacks on cloud apps, electronic mail, and social media networks. The abuse of weaknesses in software is still the modus operandi of numerous main cybercriminal alliances, even though it’s the misuse of human character that was the Read More

Barracuda PhishLine Levelized Plan Presents New Way of Measuring Vulnerability to Phishing Attacks

April 20, 2018

April 17 saw the introduction of Barracuda PhishLine Levelized Plans – A new method created by PhishLine and Barracuda to define and improve user opposition to phishing attacks. Most anti-phishing teaching solutions employ tick rate metrics to decide opposition and vulnerability to phishing attacks. Although this way of testing workers has proven effectual, Barracuda Networks mentions that there are bounds restrictions to this method. It’s all too usual for tick rate exhaustion to take root and existing methods used to measure opposition to phishing attacks concentrate on the negative – unsuccessful phishing imitations – instead of the optimistic – growth that has been achieved. Implementing a more optimistic method inspires users to increase their phishing finding expertise. Throughout Barracuda PhishLine Read More

44% of Companies Targets of Account Seizure Attacks

April 19, 2018

Agari has issued statistics from latest research that indicate account seizure attacks are increasing. These phishing attacks contain the use of an undermined electronic mail account to deceive workers into disclosing confidential information or installing a malevolent program. Agari discloses account seizure attacks have increased twofold in 2018. As messages are supposed to have been transmitted from a known person, several electronic mail receivers let their guard down. The efficiency of this phishing method is exposed by Agari’s statistics from a latest Osterman Research analysis on 140 companies with an average of 16,821 electronic mail users. In the last 12 months, 44% of responders said their business has been a sufferer of an electronic mail account seizure attack. Contrary to Read More

Multiple Staff Electronic mail Accounts Retrieved in UnityPoint Health Phishing Incident

April 19, 2018

It has been found that the electronic mail accounts of numerous workers of UnityPoint Health have been undermined and retrieved by illegal persons. Access to the employees’ electronic mail accounts was first gained on November 1, 2017, and carried on for a duration of 3 months until February 7, 2018, when the phishing occurrence was seen and access to the undermined electronic mail accounts was switched off. When the phishing outbreak was first noted, UnityPoint Health tried to find the services of a computer forensics company to check the range of the breach and the number of patients affected. The analysis indicated a wide range of safeguarded health files had possibly been acquired by the attackers, which contained names together with Read More

Electronic mail Account Breach Affects 4,000 Sick Persons of Texas Health Resources

April 18, 2018

Texas Health Resources is dispatching notices to ‘4,000 patients’ that a few of their PHI might have been seen by unauthorized people. The Arlington-located healthcare supplier, a provider to more than 1.7 million patients in North Texas, states that the data breach might have occurred as early as October 2017, even though they didn’t find it until January 17, 2018, when police warned the health system to it. The breach undermined data that was included in electronic mail accounts that the hacker(s) might have been capable to access to for as long as 3 months. Law organizations requested that there should be a postponement in issuing breach notice letters, which would usually have to be delivered within 60 days of Read More

Alert Over Likely MyFitnessPal Phishing Attacks

April 11, 2018

A lately discovered cyberattack on Under Armour has increased fears concerning an upsurge of MyFitnessPal phishing attacks. On March 25, 2018, Under Armour found an unlawful person had accessed the data of 150 million operators of MyFitnessPal – including operators with website accounts and persons who utilize the MyFitnessPal app. The Under Armour data breach is the biggest to be found this year which had affected the largest number of people, even though contrary to several other breaches found in Q1, the data acquired by the attackers was restricted. Additionally, the stolen information was not simple text. It had been cut up so couldn’t be instantly retrieved. Electronic mail addresses, usernames, and passwords were stolen with the latter encrypted utilizing Read More

Cofense Increases its Industry Leading Safety Consciousness and Worker Conditioning Solutions

April 11, 2018

Cofense, the prominent supplier of safety consciousness and worker conditioning solutions for companies to assist them to cope phishing danger, has declared it has made a number of key improvements to its human phishing protection plan including the launch of more industry originals. The updates contain improved analytics as well as reporting jobs that let managers produce boardroom-level quality details showing the consequences of the company’s phishing security plan – Currently no other anti-phishing solution supplier offers report production of boardroom rank quality. With boards now taking a more vigorous interest in their company’s cybersecurity plan and safety position, the reports are valuable for showing the effectiveness of safety consciousness teaching and ROI. The update also contains Recipient Management tasks Read More

Lazio Football Club Phishing Cheat Sees €2 Million Paid to Assailants

April 8, 2018

Phishing cheats can prove costly for companies, such as the Italian Serie A football team Lazio is now known to all. The latest phishing cheat might have cost the club €2 million. Lazio Football Club transferred to defender Stefan de Vrij from the Dutch club Feyenoord during the summer of 2014 for about €8 million. That transfer fee was not paid in one lump sum. There was one remaining payment of about €2 million left. It’s that last transfer of funds that was misplaced. Lazio officers replied to an electronic mail that asked the closing payment for the sportsman. That electronic mail was not transmitted by his ex-club or club reps, which is what was claimed in the electronic mail. The Read More

Phishing Incident on CareFirst BCBS Affects 6,800 Plan Associates

April 5, 2018

CareFirst Blue Cross Blue Shield is warning 6,800 of its plan associates that a few of their PHI has possibly been retrieved by illegal persons as a consequence of a successful phishing attack on one of its workers. Phishing attacks are carried out to access confidential information like electronic mail identifications. Those identifications are then used to access sensitive data or carry out more attacks on a business. The CareFirst phishing incident was found on March 12, 2018. A single worker was fooled into leaking electronic mail account identifications and the attackers used those identifications to access the electronic mail account and send spam electronic mails to an electronic mail contact list. The receivers of those emails were not linked Read More

Phishing Mockup Certification Plan Offered by Cofense

April 2, 2018

Cofense, the business previously called PhishMe, has introduced the industry’s first ever phishing mockup certification plan. The program includes all of the skills required to create, perform, and sustain phishing mockup and worker safety consciousness programs. After finishing the training, safety experts will be conferred with Cofense PhishMe accreditation which proves their capability to run phishing mockup programs. As per Cofense, the plan will take roughly 4 hours to finish and consists of 3 training units. Each training unit covers many areas of training and can be finished over any interval of time – whenever partakers have the time to spare. If a training unit requires being halted at any time – due to personal commitments or work– the module Read More

New Insider Danger Teaching Units Issued by Wombat Security

March 30, 2018

Anti-phishing solution supplier Wombat Security – currently a department of Proofpoint – has issued new insider danger teaching units to assist companies to cope with the danger from within. Insider breaches are a top reason for data breaches, particularly in the US healthcare trade where they have top spot with hacks. Insider dangers contain simple errors made by workers, carelessness, and malicious actions taken to cause damage to the business or its clients, customers, or patients. The latter category includes data theft and sabotage. The former contains replies to phishing electronic mails, misconfigurations of software and other cheats. Collectively insiders are accountable for a high proportion of data breaches, in spite of that insider dangers are possibly the toughest deal Read More

European Phishing Reply Tendencies Report Indicates EU Companies Not ready for Phishing Attacks

March 29, 2018

The latest statement from Cofense (previously PhishMe) has exposed the bulk of EU companies don’t feel they are well organized to cope with phishing attacks. Phishing is the main danger to companies of all sizes. SMBs and enterprises should cope with spray and pray crusades and targeted phishing attacks on their business and highly aimed spear phishing attacks on particular groups of workers. The information for the European Phishing Reply Tendencies Report comes from the latest survey carried out on 400 IT experts at European companies in a wide variety of industry sectors. 78% of responders stated that they had already suffered a cyberattack that began with a phishing electronic mail. Although companies in Europe have had practice at coping with the Read More

Cofense Statement Discloses Latest Malware Distribution and Attack Tendencies

March 25, 2018

The 2018 Malware Analysis from anti-phishing solution supplier and safety consciousness Cofense (Previously PhishMe) looks at malware tendencies during the previous 12 months and makes forecasts concerning attack trends and malware delivery in 2018. The 2018 Cofense Malware Analysis, named A Look Backward and a Look Ahead, was composed after evaluating millions of spam and phishing emails collected from several sources throughout the previous year. The statement has a strong concentration on phishing and other electronic mail attacks – The main attack technique used by danger actors to access enterprise and SMB systems. Cofense also investigated the malware being used by cyberpunks and how the malevolent code has advanced during the previous 12 months. The study emphasizes just how compliant hackers Read More

Primary Health Care Faces Many Electronic mail Hacks

March 22, 2018

A non-profit setup of community health facilities in Des Moines, Marshalltown as well as Ames, IA, Primary Health Care Inc. has informed that hackers accessed the electronic mail accounts of four employees and might have downloaded or viewed patients’ PHI. A press announcement released by Primary Health Care and published an alternate breach notification to its internet site on March 16, 2018, summarizing that the breach happened on February 28, 2017. The breach was noticed on March 1, 2017. Primary Health Care is now alerting concerned patients and will be recording an occurrence report to the Division of Health and Human Services’ OCR. No clarification was included regarding why the breach took a complete year to report, even though the way Read More

1,049 Patients of RoxSan Pharmacy Alerted of 2015 Electronic mail Breach

March 22, 2018

1,049 patients of Beverly Hills, CA-located RoxSan Pharmacy have been alerted that a few of their PHI has been shared with a BA via an unencrypted electronic mail. The notice letters were dispatched to affected persons during February, even though the incident occurred on January 20, 2015. Remarking in the latest press announcement, RoxSan stated that affected persons are being contacted in “as timely a way as possible”. The delay in dispatching notices was because of “the safeguarded nature of the forensic inquiry”. It’s not totally clear when RoxSan Pharmacy became conscious of the mistake. The PHI was attached to a data file that was conveyed to a single receiver – A Business Associate of the drugstore – who worked Read More

Infosec Institute Training Library Currently Contains Over 1,200 Training Sources

March 18, 2018

The Infosec Institute, the creator of the SecurityIQ phishing consciousness teaching platform, has been gradually increasing its teaching units to help educational institutions, non-profits, and businesses, improve the safety consciousness of workers and coach workforce on cybersecurity as well as compliance. The latest update to the teaching collection sees five new units included covering the Criminal Justice Information System (CJIS). The five new teaching units contain four CJIS policy units: Dissemination/Destruction, Media Protection, Physical Security, and Handling CJI, and one CJIS Safety Policy unit. The latest additions have been made available in English, Polish, Russian and Romanian. The teaching material must be utilized to improve policy and safety consciousness of all workers who need to manage criminal justice information (CJI). Read More

Two-Thirds of Indian Businesses Have been Beleaguered with Ransomware

March 17, 2018

Sophos has announced the latest State of Enterprise Safety Report that offers insight into the key dangers confronted by companies all over the world. The statement was based on a survey carried out on 2,700 IT administrators located in 10 countries (USA, Mexico, Japan, South Africa, India, Germany, France, Canada, Australia, and the UK). Among the main points from the statement is the level to which Indian companies are being affected and just how susceptible Indian businesses are to ransomware and malware attacks. The statement discloses over two-thirds of Indian businesses have suffered a ransomware attack – considerably more than companies based in other countries. Additionally, instead of shoring up fortifications to safeguard against future attacks, several Indian companies have Read More

KnowBe4 Acquired Popcorn Training

March 11, 2018

Security consciousness training and phishing replication platform provider KnowBe4 has declared it has acquired the South African coaching company Popcorn Training. The purchase will see the South African business’s 52 training units incorporated into the KnowBe4 teaching library. Popcorn Training is a prize-winning training company with a worldwide customer base. The firm is recognized for developing engaging training material and has developed a wide collection of training material that is now used by businesses around the world to develop their workers as well as help them acquire latest skills. Popcorn Training was incorporated in Gartner’s Challengers Magic Quadrant for Safety Education Awareness Computer-Centered Training in 2014 and was placed in the Visionaries quadrant in 2016. Even though Popcorn Training units Read More

Proofpoint’s Purchase of Wombat Safety Technologies has now been Finished

March 3, 2018

Proofpoint announced, in early February that it was to purchase the safety consciousness and phishing imitation platform supplier Wombat Safety Technologies for $225 million. Two days ago, Proofpoint has verified that the purchase has now been finished. The purchase will see Wombat Safety’s phishing imitation platform, its safety consciousness computer-based teaching content, as well as its phishing recording tool integrated into the Proofpoint Link system offering a more detailed variety of anti-phishing resolutions for Proofpoint clients. Proofpoint has accepted that although technology is vital to defend against phishing attacks, the ever-changing strategies of cybercriminals implies technological solutions can’t provide perfect safety. As phishers and scammers create new methods for targeting workers, some hateful electronic mails are sure to slide through Read More

Phishing Attack on Sutter Health Business Partner Affects Patients

February 28, 2018

Sutter Health is getting in touch with certain patients to inform them that their PHI might have been exposed to a phishing attack on the legal company Salem and Green, one of its BAs. It’s supposed that the attack happened on or around October 11, 2017, a phishing electronic mail was gotten by an employee at Salem and Green. The employee replied and, in doing this, let the assailants access to their electronic mail account. Upon discovering that the attack has taken place, a forensics company was hired to perform a check of the affected computer as well as network to decide the type of the attack and whether any confidential information had been stolen. The analysis showed that the safety Read More

PhishLabs Research Exposes Level of Cybercriminals’ Misuse of HTTPS

February 25, 2018

The phishing Activity Tendencies Statement for Q3 2017 from the Anti Phishing Working Consortium has exposed the level to which cybercriminals are misusing the Hypertext Transfer Protocol Secure (HTTPS) procedure in phishing attacks. Websites utilizing HTTPS encode the link between the browser and website to avoid man-in-the-middle attacks. There has been the main change from HTTP to HTTPS by online traders as well as other companies to offer an additional degree of safety and make sure buyers can submit confidential information like credit card details and passwords safely on their websites. During the last 2 years, there have been main coverages in the general press of the requirement to make sure that sites begin with HTTPS and contain a green Read More

Ironscales Phishing Danger Technology Known for Spear Phishing Safety Features

February 24, 2018

Ironscales, a supplier of an automatic phishing detection, protection, and reply platform has had its improved spear phishing danger technology known as an important invention in the spear phishing marketplace by the international market research as well as consulting company Markets&Market in its latest spear phishing marketplace report. The firm’s technology was improved explicitly to block and identify unconventional spear phishing dangers that frequently pass through safe electronic mail gateways and junk sieving solutions hidden. In a few years, the firm has announced an advanced range of goods to better defend companies from progressively stylish electronic mail-based dangers. “We are grateful to the Markets&Markets experts for knowing and certifying our multi-phased tactic to phishing alleviation that blends human acumen with Read More

PhishMe Assured 2018 Stevie Prize for Customer Service and Sales

February 1, 2018

The Stevie Sales and Customer Service Rewards system was established to appreciate the accomplishments of business development, contact center, customer service, and sales specialists as well as reward brilliance. The awards system is in its 12th year, and the qualifiers for this year’s honors have just been declared. The qualifiers were chosen from a list of over 2,500 contenders from companies of all sizes all over the world, based on the mean grades given by over 150 experts in 7 specific judging boards. Altogether there are 89 groups for contact centers and customer service and 60 groups for business development and sales. PhishMe has declared that it has been selected a finalist in the Customer Service Division of the Year group Read More

Be cautious of W2 Phishing Cheats This Tax Period

January 25, 2018

Companies are being alerted to be cautious of W2 phishing cheats this tax period. The last 2 years have seen many companies cheated into disclosing the W2 documents of their workers. The identifications on the documents were then used to file away wrong tax returns. The current year is likely to be the same. The previous year, accounts division and payroll workforce were aimed at with W2 phishing cheats, using an attack method known as business electronic mail compromise or BEC. The BEC cheats involve the impression of the Chief Executive Officer or a different C-suite executive, with electronic mail appeals sent to accounts division and payroll workforce requesting for duplicates of W2 documents for workers who worked for the Read More

Phishing Electronic mails Boosting Bogus Meltdown as well as Spectre Spots

January 20, 2018

The lately revealed microprocessor weaknesses – Spectre and Meltdown– have had hardware and software companies working fast to develop patches. Cybercriminals have also been occupied evolving phishing promotions that boost bogus Spectre and Meltdown spots. It should not be a shock that cybercriminals are exploiting the haste to safeguard computers and spot the weaknesses. The weaknesses can possibly be abused to gain access to highly confidential information, the defects have been extensively exposed, and several operators are dreadful that the defects will be abused. A lot of software businesses have been developing as well as announcing software upgrades, including Microsoft, Google, and Firefox. With so numerous upgrades to apply, and worry that the weaknesses might be abused if systems aren’t Read More

Florida Organization for Health Care Management Hit by Phishing Attack

January 13, 2018

An illegal person has accessed a single electronic mail account of an employee at the Organization for Health Care Management in Florida utilizing a phishing cheat. The employee was sent, and replied to, a malevolent phishing electronic message on November 15, 2017, and disclosed login particulars that allowed the assailant to distantly access her/his electronic mail account and, possibly, the PHI of as many as 30,000 Healthcare recruiters. The organization identified the safety breach on November 20 and performed a password change to avoid additional access. The phishing case was also informed to the organization’s inspector general, who started an inquiry into the phishing attack. Initial reports from that inquiry were circulated to the general public late previous week. An organization press Read More

Bronson Healthcare Company Phishing Attack Affects 8,256 Patients

January 8, 2018

A latest Bronson Healthcare Company phishing attack has led to a hacker gaining access to the protected health information (PHI) of 8,256 patients. The attack allowed the cyberpunk to access to the health system’s electronic mail arrangement, which had the names, treatment information of patients, and medications. No patients’ financial information or Social Security numbers were undermined, and its electronic health documentation system wasn’t undermined. Altogether, the electronic mail accounts of 5 workers were undermined over a period of two weeks. Although patients’ PHI was possibly undermined in the attack, Bronson Healthcare Company informs that the goal of the assailants wasn’t to get patient information, in its place, the main focus of the attack seems to have been to access Read More

Contacts Stolen and Spear Phishing Electronic mails Transmitted by Ursnif Trojan

January 3, 2018

The financial division lending Trojan Ursnif, among the most usually experienced lending Trojans, has before been utilized to attack lending organizations. Nevertheless, it appears the people behind the malevolent program have extended their limits, with cyberattacks now being conducted on a wide range of groups across several different subdivisions, including healthcare. The latest type of the Ursnif Trojan was discovered by scientists at safety company Barkly. The malevolent program was transmitted in a phishing electronic mail that appeared to have been transmitted in reply to a message transmitted to another company. The spear phishing electronic mail contained the message thread from earlier chats, signifying the electronic mail information of the receiver had been edited. The electronic mail had a Word Read More

Increase in HTTPS Phishing Sites Discovered

December 9, 2017

The previous few years have viewed several businesses change from HTTP to HTTPS websites, however, HTTPS phishing sites have likewise enhanced. A green lock next to the URL shows the site is safe and movement between the website and browser is encrypted, however, it doesn’t imply the website is genuine. All HTTPS implies is the link between the website and the user is safe and any information transmitted between the two can’t be interrupted and studied.  A survey carried out by PhishLabs previous month proposed 80% of customers think that if a site has a green lock and begins with HTTPS, it’s safe and/or genuine. PhishLabs also notices that cybercriminals are adopting HTTPS. A latest PhishLabs report indicated HTTPS phishing Read More

IronScales Amasses $6.5 Million into Series A Financing

December 8, 2017

Tel Aviv-centered anti-phishing firm IronScales has amassed $6.5 million in Series A financing, getting total equity financing to over $8 million. IronScales has relished sustained double-digit progress during the last 3 years and has financed profoundly in its threat discovery, occurrence reaction, and threat information distribution know-how. The organization has lately been ranked as among the top 10 organizations to observe through Momentum Partners as well as is presently increasing its activities and increasing international vending of anti-phishing resolutions through it. The recent financing round will assist to increase that growth more. The recent financing round was steered through K1 Investment Management, a personal equity company centered in L.A. Rafael Advanced Defense Systems Ltd., as well as Elron Electronic Industries Read More

DMARC Adoption Research Discloses Healthcare Trade Trails After Other Industry Areas

December 5, 2017

A latest DMARC adoption analysis by Agari has exposed the healthcare trade lags after most other industry areas on electronic mail validation. The majority of the top healthcare companies in the United States are not succeeding to safeguard their clients and partners from phishing dangers. Domain-centered message authentication, reporting, and conformance (DMARC) safeguards domains as well as stops domain misuse by phishers. Although DMARC is extremely effective at validating mails and avoiding fooling, 98% of best healthcare operators haven’t yet applied DMARC. In the UK, nearly no one of the domains utilized by NHS Custodies is safeguarded by DMARC, causing them subject to phishing attacks. 99% of National Health Service Trust domains aren’t safeguarded by DMARC. For the research, Agari examined domains Read More

1 2