Security news aggregator

Latest coverage for Phishing

Phishing uses deceptive messages to steal credentials or deliver malware, while user verification, MFA, and email filtering reduce the risk.

14 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Phishing is deceptive communication—by email, text, phone, or a fake website—that impersonates a trusted person or service to make someone disclose credentials, approve a transaction, reveal sensitive information, or run harmful software. Attackers use it to bypass technical controls by persuading a legitimate user to perform an action, and may target employees, customers, administrators, or suppliers.

Its impact can include account takeover, unauthorized payments, exposure of personal or business data, and access to internal systems. The most effective control for stolen-password phishing is phishing-resistant multi-factor authentication, such as hardware-backed passkeys or security keys, which binds authentication to the legitimate site. Organizations should also filter and authenticate messaging where possible, use password managers, restrict risky actions, train users to verify unusual requests through a separate channel, and provide rapid reporting so suspected credentials or sessions can be revoked.

Showing 14 most recent headlines Filtered view

The WINELOADER backdoor used in recent cyber attacks targeting diplomatic entities with wine-tasting phishing lures has been attributed as the handiwork of a hacking group with links to Russia's Foreign Intelligence Service (SVR), which was responsible for breaching SolarWinds and Microsoft

Bank Info Security 2 years, 3 months ago

Iranian TA450 Group Tries Out New Tactics on Israelis

Proofpoint Researchers Say Beware of Phishing Emails, Embedded Links in PDFsIran-aligned threat actor TA450, also called MuddyWater, is using fake salary, compensation and financial incentive emails to trick Israeli employees at multi-national organizations into clicking malicious links, according to researchers at security firm Proofpoint.

Bank Info Security 2 years, 3 months ago

Breach Roundup: Flipper Pushes Back on Proposed Canada Ban

Also: UnitedHealth Group, Nemesis Market, Phishing Tricks and AceCryptorThis week, Flipper Devices petitioned Canada, UnitedHealth Group dealt with its attack, Nemesis Market was seized, phishers fooled ML, AceCryptor returned to Europe, Brazil and Ukraine made arrests, another Ivanti flaw, London rebuked for possible data exposure, and Fujitsu reported malware attack.

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends