Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave researchers Phil Hay and Rodel Mendrez. “The initial emails are sent from compromised Microsoft 365 accounts […]
Continue ReadingCryptocurrency thieves are targeting users of Chromium-based browsers – Google Chrome, Microsoft Edge, Brave Browser, and Opera – with an extension that steals credentials and can grab multi-factor authentication (MFA) codes. The malicious extension Dubbed Rilide by Trustwave researchers, the extension mimics the legitimate Google Drive extension while, in the background, it disables the Content […]
Continue ReadingTrustwave and Trellix have formed a strategic partnership to bring visibility and more precise detection and response to security teams defending against cyberthreats. Trustwave’s Managed Detection and Response (MDR) provides enterprises across the globe with 24×7 monitoring, detection, and response of their hybrid multi-cloud environments for active threats and anomalies, backed by an elite team […]
Continue ReadingMicrosoft has announced that, starting in April 2023, they will be adding enhanced protection when users open or download a file embedded in a OneNote document – a known high-risk phishing file type. “Users will receive a notification when the files seem dangerous to improve the file protection experience in OneNote on Windows,” the company […]
Continue ReadingChatGPT from OpenAI is a conversational chatbot recently released in preview mode for research purposes. It takes natural language as input and aims to solve problems, provide follow-up questions or even challenge assertions depending on your question. In this Help Net Security video, Karl Sigler, Senior Security Research Manager at Trustwave SpiderLabs, talks about how […]
Continue ReadingDark web marketplaces sell a plethora of tools, stolen data, and forged documents, and some of the things for sale are priced higher than the rest. The most expensive records advertised If we only focus on financial, identification and access data, the black market serves as an emporium for credit cards, bank account information, credentials […]
Continue ReadingTrustwave announced its new Enterprise Pen Testing (EPT) offering, designed to meet the complex testing needs of large organizations with an extensive breadth and depth of vulnerability identification, ability to deliver scaled programs of work, and extremely competitive pricing. The expert Trustwave SpiderLabs team supports EPT clients with a mix of onshore, nearshore, and offshore […]
Continue ReadingTrustwave announced enhanced Co-Managed SOC capabilities designed to maximize the threat detection and response value of SIEM (Security Information and Event Management) deployments, avoid unnecessary costs, and reduce alert noise by up to 90 percent. Trustwave’s offering is a holistic partnership in which Trustwave serves as an extension of its clients’ security operations teams. The […]
Continue ReadingWhile knowing full well that human lives may be at stake, criminal gangs have been increasingly targeting the healthcare sector with high-impact attacks like ransomware. 1. Tighten up email security Healthcare providers should set up numerous layers of defense for a variety of email-borne threats. A good email security solution should be the first layer […]
Continue ReadingWith the continued rise in adoption of cloud services, bad actors are utilizing the InterPlanetary File System (IPFS) as a new playing ground for phishing attacks. In fact, Trustwave SpiderLabs has found that in the past 90 days, more than 3,000 emails contain phishing URLs utilizing IPFS to lead to fake Outlook login and other […]
Continue Reading