Cybersecurity Starts in the Boardroom
It is common for cyber-criminals to exploit legitimate software and business practices to carry out their attacks. Bad actors are now abusing the comments feature of Google Docs, to send users malicious links via email. Hackers exploit Google Docs in new phishing campaign – TechRepublic Initiating a cyber attack via …
Continue reading “Phishing Campaign aimed at Google Workspace users”
Commercial software has regular updates, of course the bad guys have updates as well. Agent Tesla Updates SMTP Data Exfiltration Technique – SANS Internet Storm Centre
One of the things we advise people to do on our Phishing and Social Engineering training, is to be very aware of the look and feel of any login pages and web sites they are directed to, as bad actors may not get it completely right – so if they …
There is an article on the Sans Internet Storm Diary looking at a phishing attack/exploit that is running on Discord. Phishing Direct Messages via Discord (sans.edu) Now you may not know what Discord is, but your takeaway from this blog post is that phishing is not just something that attacks …
Continue reading “You should know that Phishing is not always done by email”
The SANS Internet Storm Centre is reporting another spam email attack doing the rounds with a new payload. TA551 (Shathak) pushes IcedID (Bokbot) (sans.edu) The important things to take away from this are: In real world situations ransomware has been delivered to companies using these methods Keep your spam filters …
