Phake phishing: Phundamental or pholly?
Debates over the effectiveness of phishing simulations are widespread. Sophos X-Ops looks at the arguments for and against – and our own phishing philosophy
Similar Posts
Twilio denies breach following leak of alleged Steam 2FA codes
Bys sBill Toulas reports: Twilio has denied in a statement for BleepingComputer that it was breached after a threat actor claimed to be holding over 89 million Steam user records with one-time access codes. The threat actor, using the alias Machine1337 (also known as EnergyWeaponsUser), advertised a trove of data allegedly pulled from Steam, offering to sell it…
Google OAuth Vulnerability Exposes Millions via Failed Startup Domains
Bys sNew research has pulled back the curtain on a “deficiency” in Google’s “Sign in with Google” authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. “Google’s OAuth login doesn’t protect against someone purchasing a failed startup’s domain and using it to re-create email accounts for former employees,” Truffle Security…
Clorox Files $380M Suit Alleging Cognizant Gave Hackers Passwords in Catastrophic 2023 Cyberattack
Bys sRochdi Rais reports: The Clorox Company and its subsidiary, Clorox Services Co., today filed a $380 million lawsuit in California state court against Cognizant Worldwide Ltd. and its New Jersey affiliate, Cognizant Technology Solutions US Corp. The complaint alleges that Cognizant enabled a “catastrophic” cyberattack on Clorox’s corporate network in August 2023 by handing over sensitive…
Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
Bys sThe government’s Rewards for Justice program has announced a $10 million reward for information on Maxim Alexandrovich Rudometov (Максим Александрович Рудомётов), born in 1999 in the Luhansk region of Ukraine. Rudometov allegedly developed and has sold the infostealer malware known as RedLine. “Rudometov has regularly accessed and managed the technical infrastructure of RedLine , is…
From Triage to Threat Hunts: How AI Accelerates SecOps
Bys sIf you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total autonomy. Vendors seized on the idea of the “Autonomous SOC” and suggested a future where algorithms replaced analysts. That future has not arrived. We have not seen mass layoffs or empty security operations centers. We…
Android Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking Trojans
Bys sCybersecurity researchers are calling attention to a new shift in the Android malware landscape where dropper apps, which are typically used to deliver banking trojans, to also distribute simpler malware such as SMS stealers and basic spyware. These campaigns are propagated via dropper apps masquerading as government or banking apps in India and other parts…