Phishing scam had all the bells and whistles—except for one
A reminder that stuff published on the Internet gets published on the Internet. Enlarge / The query window for username and password on a webpage can be seen on the monitor of a laptop. (credit: Jens Büttner/picture alliance via Getty Images).....»»
Canonical announces Snap Store crackdown after crypto scam apps overload
All incoming Snaps will be manually reviewed, and their developers doxxed, Canonical says.....»»
Apple users targeted by sophisticated phishing attack to reset their ID password
There are many known phishing attacks that target users of Apple devices to gain access to their Apple ID. However, a new “elaborate” attack uses a bug in the Apple ID password reset feature with “push bombing” or “MFA fatigue” techniques.....»»
If you"re getting dozens of password reset notifications, you"re being attacked
Apple users are becoming the target of a new wave of phishing attacks called "MFA Bombing" that relies on user impatience, and a bug in Apple's password reset mechanism.An example of the Apple ID password reset notificationPhishing attacks often rely.....»»
Attackers leverage weaponized iMessages, new phishing-as-a-service platform
Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private.....»»
APT29 hit German political parties with bogus invites and malware
APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containi.....»»
Scammers steal millions from FTX, BlockFi claimants
Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many.....»»
Attackers are targeting financial departments with SmokeLoader malware
Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection.....»»
Alarm bells ring as scientists uncover major flaws in ability to track changes to global conservation areas
In a significant stride towards safeguarding global biodiversity, the Kunming-Montreal Global Biodiversity Framework (GBF) has set a target for nations to preserve 30% of the Earth by 2030......»»
Thrive Incident Response & Remediation helps organizations contain and remove threats
Thrive launched Thrive Incident Response & Remediation, an on-demand cybersecurity response service to contain and remove threats, along with engineering assistance to rebuild and restore critical systems. Phishing, ransomware and other cyberattacks.....»»
Image-based phishing tactics evolve
While 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months, according to IRONSCALES and Osterman Research. IT pros are highly aware of.....»»
Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What organizations need to know about the Digital Operational Resilience Act (DORA) In this Help Net Security interview, Kris Lovejoy, Global Securi.....»»
"Exit scam" - hackers that hit UnitedHealth pull disappearing act
"Exit scam" - hackers that hit UnitedHealth pull disappearing act.....»»
Logitech launches new MX Brio USB-C webcam with 8.5MP sensor and AI image enhancement
Logitech is launching one of the most capable webcams to date today. The new Logitech MX Brio debuts with all the bells and whistles you’d expect while also throwing some buzzwords like AI into the mix for good measure. more….....»»
Phishers target FCC, crypto holders via fake Okta SSO pages
A new phishing campaign is using fake Okta single sign-on (SSO) pages for the Federal Communications Commission (FCC) and for various cryptocurrency platforms to target users and employees, Lookout researchers have discovered. The phishing campaign B.....»»
95% believe LLMs making phishing detection more challenging
More than 95% of responding IT and security professionals believe social engineering attacks have become more sophisticated in the last year, according to LastPass. Recent AI advancements, particularly generative AI, have empowered cybercriminals to.....»»
Crime blotter: Apple Store thefts in New York, California, Las Vegas
In the latest Apple Crime Blotter, Apple Store kicks out a reporter, a tech company exec stole and sold MacBooks, and details of an iPhone scam in Iran.The Apple Store in Nanuet The latest in an occasional AppleInsider series, looking at the world of.....»»
New Study Estimates as Much as $75 Billion in Global Victims’ Losses to Pig-Butchering Scam
“These are large criminal organized networks, and they’re operating largely unscathed,” said the lead author of the study, which tracked the flow of funds through crypto exchanges. Pig-butchering scammers have likely stolen mo.....»»
Airbnb scammers pose as hosts, redirect users to fake Tripadvisor site
Scammers on Airbnb are faking technical issues and citing higher fees to get users to a spoofed Tripadvisor website and steal their money. The Airbnb scam Malwarebytes researchers came across the Airbnb scam when trying to book an apartment through t.....»»
PSA: Don’t trust Amazon’s Choice video doorbells – some allow anyone to spy on you
Consumer Reports found that some Amazon’s Choice video bells have security so bad that a complete stranger can pair their phone to your doorbell simply by holding the exterior button for eight seconds. Bad actors can even access still images fro.....»»
BobTheSmuggler: Open-source tool for undetectable payload delivery
BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration.....»»