Researchers at My Online Security and the SANS Internet Storm Center have analyzed spam campaigns utilizing plausible imitations of legitimate banking domains to spread the Trickbot banking malware.

A phishing site seeking Apple credentials and victim payment card information is encrypted with AES, researchers at Ring 0 Labs said.

Microsoft is warning of a wave of phishing campaigns pushing tech support scams via malicious links to phony Amazon, Alibaba and LinkedIn web pages.

At Black Hat, Facebook CSO Alex Stamos’ keynote message was one of bringing empathy and inclusion to security, and that it’s time to stop being insular.

Senator Ron Wyden is pushing to mandate government-wide use of the email authentication protocol DMARC “to ensure that hackers cannot send emails that impersonate federal agencies.”

University officials said users likely kicked off a ransomware attack that infected a dozen personal and shared drives by visiting a compromised website.

How EternalBlue was ported to Windows 10, a Facebook phishing study, QakBot, and this week’s Apple security announcements are all discussed.

The results of an academic experiment reveal that recipients of Facebook messages are much more likely to click on suspicious links.

The news of the week is discussed, including the Gmail/Google Docs phishing attack, the Intel AMT vulnerability, IBM’s malware-laden USB drives, and drone security.

Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.