Virtually every employee of a large company comes across the occasional e-mail aiming to steal their corporate credentials. Its usually in the form of mass phishing, an attack in which e-mails are sent out at random in the hope that at least some recipients will take the bait. However, the stream of phishing e-mails show more ...
may contain one or two more dangerous, targeted messages, the content of which has been customized for employees of specific companies. This is spear-phishing. Spear-phishing messages represent a clear sign that cybercriminals are interested in your company, specifically, and it may not be the only attack in play. That is a major reason infosec officers need to know if any employee has received a spear-phishing e-mail — they need to prepare countermeasures and alert personnel in good time. Thats why we advise IT to check filtered e-mails periodically in search of spear-phishing, and to teach other employees how to spot signs of targeted phishing. What follows are a few of the most common tricks, with examples from some fresh spear-phishing campaigns. Misspelled company name The human brain does not always perceive the whole of a written word — it sees a familiar beginning and completes the rest by itself. Attackers can take advantage of this trait by registering a domain that differs from your companys by just one or two letters. The cybercriminals who own the domain can even set up a DKIM signature so that the e-mail passes all checks — its their domain, after all. Extra words in the company name Another way to fool recipients into thinking a colleague is at the other end is to register a two-word domain, for example, to appear as a sender from a local branch or a particular department. In the latter case, cybercriminals tend to impersonate tech support or security personnel. In reality, employees from every department should have a standard corporate e-mail address. No one ever sets up a separate domain for security personnel. As for local offices, if youre not sure, check the domain in the corporate address book. Specific content A phishing e-mail mentioning your company (or worse, the recipient) by name is a sure sign of spear-phishing and a reason to sound the alarm. Highly specialized topic Strictly speaking, seeing those names doesnt always mean a message is spear-phishing — it might be a variation on a mass-phishing scam. For example, phishers may use a database of conference participants addresses and play on the topic of the conference — thats mass phishing. If they try to attack employees of a particular company in the exact same way, however, thats spear-phishing, and thus security needs to know about it. Finally, to be able to search for potential spear-phishing signs without diminishing the companys actual security, we recommend installing protective antiphishing solutions on mail servers as well as on employee workstations.
President and Chairman of Trusted Computing Group (TCG), Dr. Joerg Borchert, shares the news regarding TCG's first ever CodeGen Developer Challenge. The post Leonardo DRZ wins first ever TCG CodeGen Developer Challenge appeared first on The Security Ledger with Paul F. Roberts. Related StoriesSpotlight: How show more ...
Secrets Sprawl Undermines Software Supply Chain SecuritySpotlight: Automation Beckons as DevOps, IoT Drive PKI ExplosionSpotlight: E-Commerce’s Bot and Mouse Game
There is a wicked attempt by cybercriminals to deploy a largely inactive ransomware family known as TellYouThePass against the recently discovered critical remote code execution flaw, Log4Shell. Hackers are carrying out attacks onWindows and Linux systems. It is highly recommended to apply security patches immediately and conduct a security review.
The challenge is compounded by “disconnects in perception between SOC leadership and staff in terms of organizational effectiveness and capability,” according to a new global survey released by Devo.
Monongalia Health System found hackers accessed several email accounts from May 10 to August 15. These accounts contained sensitive information from patients, providers, employees, and contractors.
The information technology agency that serves Virginia’s legislature is still working to fix problems caused by a ransomware attack earlier this month, a state official said Tuesday.
A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message.
The Department of Homeland Security (DHS) has announced that the 'Hack DHS' program is now also open to bug bounty hunters willing to track down DHS systems impacted by Log4j vulnerabilities.
“After 675 days of presence on the darknet, we have decided to close our door for good,” the ToRReZ administrator, an individual known as MrBlonde, wrote in a message posted on the site’s homepage.
The defendant obtained victim names, dates of birth, driver's license information, and social security numbers (SSNs) on dark web marketplaces and used them to forge counterfeit documents.
The Opera browser team is working on a new clipboard monitoring and protection system called Paste Protection, which aims to prevent content hijacking and snooping by warning users of such activity.
The US CISA released an advisory offering vendors and affected organizations a detailed guide on dealing with potential risks to IT and cloud services posed by an exploit in Apache Log4j’s library.
The results of the large-scale, long-term experiment was published this week by the Department of Computer Science at ETH Zurich, a public research university based in Switzerland.
Microsoft has quietly started notifying some Azure customers that a serious security vulnerability in the Azure App Service has caused the exposure of hundreds of source code repositories.
?A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices.
The Apache Software Foundation has released an update to address a critical flaw in its hugely popular web server that allows remote attackers to take control of a vulnerable system.
The U.S. Cybersecurity and Infrastructure Security Agency has issued two advisories to inform organizations about these vulnerabilities — one advisory was released in August and one on December 21.
Organizers of the RSA Conference, one of the largest cybersecurity events of the year, announced on Wednesday that they are moving the February gathering to June due to health concerns.
One of the key features of AvosLocker is using the AnyDesk remote IT administration tool and running it Windows Safe Mode. The latter option was also used by REvil, Snatch, and BlackMatter.
For more accountability and better integration, a CISO should report to the chief executive officer (CEO) or another C-suite executive who is not the chief information officer (CIO).
The malware used in the campaign aims to steal credentials from multiple messaging and file-sharing apps, including Discord, Edge, FileZilla, OpenVPN, Outlook and Telegram, as well as crypto wallets.
The attackers are using clean PDF attachments with newly registered domains that seem to be valid Pfizer online spaces. Then, they use spawn email accounts for email distribution to bypass email protection.
With the holiday season here, scammers are making use of their best tactics to phish users, and one such phishing scam, probably the biggest in the year, has come to the notice of researchers.
The Christmas holiday shopping season is around the corner and so are the Magecart attackers. Interestingly, these attackers have become more active than ever, with each attack taking place every 16 minutes.
A study by Arkose Labs has revealed that there were over two billion credential stuffing attacks during the last 12 months, growing exponentially during the period from October 2020 to September 2021.
Popular wrestling t-shirt site Pro Wrestling Tees has disclosed a data breach incident that has resulted in the compromise of the financial details of tens of thousands of its customers.
Using a subdomain takeover, attackers can send phishing emails from the legitimate domain, perform cross-site scripting attacks, or even damage the reputation of the brand associated with the domain.
Albania's prime minister apologized for a big leak of personal records from a government database of state and private employees, which he said seems more like an inside job than a cyberattack.
Charging stations are not the only targets that could be affected by this vulnerability in the automotive industry. Cars’ IVI systems could also be subjected to real threats.
Global buzz around the release of Spider-Man: No Way Home is making tons of online noise – an ideal environment for cybercriminals to spread a Monero cryptominer disguised as a download of the film.
2021 marks the end of another eventful year, filled with more pandemic-related pandemonium, bigger cyberattacks, massive digital transformation, and other incidents. However, with this piece, we'd like to share with you the best of events from the year that shaped cyberspace for the better this year.
Red Hat Security Advisory 2021-5269-03 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include a code execution vulnerability.
A security flaw has been unearthed in Microsoft's Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. The vulnerability, codenamed "NotLegit," was reported to the tech giant by Wiz researchers on October 7, 2021, following which mitigations have been undertaken to fix
Microsoft said it won't be fixing or is pushing patches to a later date for three of the four security flaws uncovered in its Teams business communication platform earlier this March. The disclosure comes from Berlin-based cybersecurity firm Positive Security, which found that the implementation of the link preview feature was susceptible to a number of issues that could "allow accessing
Cybersecurity agencies from Australia, Canada, New Zealand, the U.S., and the U.K. on Wednesday released a joint advisory in response to widespread exploitation of multiple vulnerabilities in Apache's Log4j software library by nefarious adversaries. "These vulnerabilities, especially Log4Shell, are severe," the intelligence agencies said in the new guidance. "Sophisticated cyber threat actors
By the end of 2021, there will be 12 billion connected IoT devices, and by 2025, that number will rise to 27 billion. All these devices will be connected to the internet and will send useful data that will make industries, medicine, and cars more intelligent and more efficient. However, will all these devices be safe? It's worth asking what you can do to prevent (or at least reduce) becoming a