A newly surfaced extortion brand called “Pink” is using voice phishing and fake IT support calls to breach organizations, the Register reports. The threat actor may be a rebrand of prior ...
Google recently released Device-Bound Session Credentials (DBSC) for Google Chrome and Google Workspace. It is a long-awaited new security enhancement to fight back against local cookie ...
The US Federal Bureau of Investigation (FBI) has warned that a new phishing-as-a-service (PhaaS) platform called “Kali365” is targeting OAuth tokens to gain direct access to users’ ...
Google’s Threat Intelligence Group (GTIG) is tracking phishing-as-a-service offerings in the rapidly expanding Chinese cybercriminal ecosystem, noting that at least a dozen of these ...
The Tycoon 2FA phishing-as-a-service platform is now using OAuth device code phishing to compromise devices that are protected by multifactor authentication, according to eSentire’s ...
Prior to my further research into AI and quantum for my latest book, How AI and Quantum Impact Cyber Threats and Defenses, I had pretty solid password policy recommendations:
Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke KnowBe4 Threat Labs has detected a sophisticated phishing campaign targeting North American businesses and ...
Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, ...
Cybereason warns that the Tycoon 2FA phishing kit continues to receive upgrades, allowing unskilled cybercriminals to launch sophisticated social engineering attacks. The platform is ...
In essence, that is the disclosure and notification message that the open-source developer "qix" sent to the world when he was social engineered to give up access credentials to his ...
