Cybersecurity Center

Cybersecurity News

  • BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool (Friday April 19, 2024)
    Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced successor referred to as Deuterbear. "Waterbear is known for its complexity, as it (HackerNews)
  • How Attackers Can Own a Business Without Touching the Endpoint (Friday April 19, 2024)
    Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services.  Before getting into the details of the attack techniques being used, let’s discuss why (HackerNews)
  • Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers (Friday April 19, 2024)
    Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities in North America, Europe, and Australia," cybersecurity agencies from the Netherlands and the U.S., (HackerNews)
  • Hackers Target Middle East Governments with Evasive "CR4T" Backdoor (Friday April 19, 2024)
    Government entities in the Middle East have been targeted as part of a previously undocumented campaign to deliver a new backdoor dubbed CR4T. Russian cybersecurity company Kaspersky said it discovered the activity in February 2024, with evidence suggesting that it may have been active since at least a year prior. The campaign has been codenamed  (HackerNews)
  • OfflRouter Malware Evades Detection in Ukraine for Almost a Decade (Thursday April 18, 2024)
    Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform since 2018. More than 20 such documents have been uploaded since 2022. "The documents contained VBA (HackerNews)
  • FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor (Thursday April 18, 2024)
    The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights," the BlackBerry research and intelligence team said in a new write-up. "They (HackerNews)
  • Recover from Ransomware in 5 Minutes—We will Teach You How! (Thursday April 18, 2024)
    Super Low RPO with Continuous Data Protection:Dial Back to Just Seconds Before an Attack Zerto, a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use (HackerNews)
  • How to Conduct Advanced Static Analysis in a Malware Sandbox (Thursday April 18, 2024)
    Sandboxes are synonymous with dynamic malware analysis. They help to execute malicious files in a safe virtual environment and observe their behavior. However, they also offer plenty of value in terms of static analysis. See these five scenarios where a sandbox can prove to be a useful tool in your investigations. Detecting Threats in PDFs PDF files are frequently exploited by threat actors to (HackerNews)
  • New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks (Thursday April 18, 2024)
    A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android manifest," Kaspersky researcher Dmitry Kalinin said in a technical analysis. (HackerNews)
  • Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide (Thursday April 18, 2024)
    As many as 37 individuals have been arrested as part of an international crackdown on a cybercrime service called LabHost that has been used by criminal actors to steal personal credentials from victims around the world. Described as one of the largest Phishing-as-a-Service (PhaaS) providers, LabHost offered phishing pages targeting banks, high-profile organizations, and other service (HackerNews)
  • Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes (Thursday April 18, 2024)
    Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024. OpenMetadata is an open-source platform that operates as a (HackerNews)
  • Malicious Google Ads Pushing Fake IP Scanner Software with Hidden Backdoor (Thursday April 18, 2024)
    A new Google malvertising campaign is leveraging a cluster of domains mimicking a legitimate IP scanner software to deliver a previously unknown backdoor dubbed MadMxShell. "The threat actor registered multiple look-alike domains using a typosquatting technique and leveraged Google Ads to push these domains to the top of search engine results targeting specific search keywords, thereby (HackerNews)
  • Russian APT Deploys New 'Kapeka' Backdoor in Eastern European Attacks (Wednesday April 17, 2024)
    A previously undocumented "flexible" backdoor called Kapeka has been "sporadically" observed in cyber attacks targeting Eastern Europe, including Estonia and Ukraine, since at least mid-2022. The findings come from Finnish cybersecurity firm WithSecure, which attributed the malware to the Russia-linked advanced persistent threat (APT) group tracked as Sandworm (aka APT44 or (HackerNews)
  • GenAI: A New Headache for SaaS Security Teams (Wednesday April 17, 2024)
    The introduction of Open AI’s ChatGPT was a defining moment for the software industry, touching off a GenAI race with its November 2022 release. SaaS vendors are now rushing to upgrade tools with enhanced productivity capabilities that are driven by generative AI. Among a wide range of uses, GenAI tools make it easier for developers to build software, assist sales teams in mundane email writing, (HackerNews)
  • Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (Wednesday April 17, 2024)
    Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a (HackerNews)
  • Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign (Wednesday April 17, 2024)
    Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or (HackerNews)
  • Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services (Wednesday April 17, 2024)
    Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could (HackerNews)
  • OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt (Tuesday April 16, 2024)
    Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source XZ Utils project. "The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS (HackerNews)
  • TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (Tuesday April 16, 2024)
    The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside (HackerNews)
  • AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs (Tuesday April 16, 2024)
    New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations. The vulnerability has been codenamed LeakyCLI by cloud security firm Orca. "Some commands on Azure CLI, AWS CLI, and Google Cloud CLI can expose sensitive information in (HackerNews)
  • Who Stole 3.6M Tax Records from South Carolina? (Tuesday April 16, 2024)
    For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state's revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card records from big box retailers like Home Depot and Target in the years that followed. (KrebsOnSecurity)
  • Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack (Tuesday April 16, 2024)
    The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus (HackerNews)
  • Identity in the Shadows: Shedding Light on Cybersecurity's Unseen Threats (Tuesday April 16, 2024)
    In today's rapidly evolving digital landscape, organizations face an increasingly complex array of cybersecurity threats. The proliferation of cloud services and remote work arrangements has heightened the vulnerability of digital identities to exploitation, making it imperative for businesses to fortify their identity security measures. Our recent research report, The Identity Underground (HackerNews)
  • FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations (Tuesday April 16, 2024)
    The U.S. Federal Trade Commission (FTC) has ordered mental telehealth company Cerebral from using or disclosing personal medical data for advertising purposes. It has also been fined more than $7 million over charges that it revealed users' sensitive personal health information and other data to third-parties for advertising purposes and failed to honor its easy cancellation policies. "Cerebral (HackerNews)
  • Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown (Tuesday April 16, 2024)
    Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird). The U.S. Justice Department (DoJ) said the malware "gave the malware purchasers control over victim computers and enabled them to access victims' private communications, their login credentials, and (HackerNews)
  • Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw (Monday April 15, 2024)
    A security flaw impacting the Lighttpd web server used in baseboard management controllers (BMCs) has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in August 2018 with version 1.4.51, the lack of a CVE identifier or an advisory meant that (HackerNews)
  • Crickets from Chirp Systems in Smart Lock Key Leak (Monday April 15, 2024)
    The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. (KrebsOnSecurity)
  • AI Copilot: Launching Innovation Rockets, But Beware of the Darkness Ahead (Monday April 15, 2024)
    Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on (HackerNews)
  • Muddled Libra Shifts Focus to SaaS and Cloud for Extortion and Data Theft Attacks (Monday April 15, 2024)
    The threat actor known as Muddled Libra has been observed actively targeting software-as-a-service (SaaS) applications and cloud service provider (CSP) environments in a bid to exfiltrate sensitive data. "Organizations often store a variety of data in SaaS applications and use services from CSPs," Palo Alto Networks Unit 42 said in a report published last week. "The threat (HackerNews)
  • Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution (Monday April 15, 2024)
    To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to privileged identity management aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with (HackerNews)
  • Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users (Monday April 15, 2024)
    Cybersecurity researchers have discovered a "renewed" cyber espionage campaign targeting users in South Asia with the aim of delivering an Apple iOS spyware implant called LightSpy. "The latest iteration of LightSpy, dubbed 'F_Warehouse,' boasts a modular framework with extensive spying features," the BlackBerry Threat Research and Intelligence Team said in a report published last (HackerNews)
  • Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability (Monday April 15, 2024)
    Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild. Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root (HackerNews)
  • Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts (Saturday April 13, 2024)
    A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in December 2023 following his arrest in July. "At the time of both attacks, (HackerNews)
  • U.S. Treasury Hamas Spokesperson for Cyber Influence Operations (Saturday April 13, 2024)
    The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Friday announced sanctions against an official associated with Hamas for his involvement in cyber influence operations. Hudhayfa Samir ‘Abdallah al-Kahlut, 39, also known as Abu Ubaida, has served as the public spokesperson of Izz al-Din al-Qassam Brigades, the military wing of Hamas, since at least 2007. "He publicly (HackerNews)
  • Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (Saturday April 13, 2024)
    Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light yesterday. The network security company's Unit 42 division is tracking the activity under the name Operation MidnightEclipse, attributing it as the work of a single threat actor of (HackerNews)
  • Popular Rust Crate liblzma-sys Compromised with XZ Utils Backdoor Files (Friday April 12, 2024)
    "Test files" associated with the XZ Utils backdoor have made their way to a Rust crate known as liblzma-sys, new findings from Phylum reveal. liblzma-sys, which has been downloaded over 21,000 times to date, provides Rust developers with bindings to the liblzma implementation, an underlying library that is part of the XZ Utils data compression software. The (HackerNews)
  • Code Keepers: Mastering Non-Human Identity Management (Friday April 12, 2024)
    Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard (HackerNews)
  • Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (Friday April 12, 2024)
    The Iranian threat actor known as MuddyWater has been attributed to a new command-and-control (C2) infrastructure called DarkBeatC2, becoming the latest such tool in its arsenal after SimpleHarm, MuddyC3, PhonyC2, and MuddyC2Go. "While occasionally switching to a new remote administration tool or changing their C2 framework, MuddyWater’s methods remain constant," Deep (HackerNews)
  • Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (Friday April 12, 2024)
    Palo Alto Networks is warning that a critical flaw impacting PAN-OS software used in its GlobalProtect gateways is being actively exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct (HackerNews)
  • Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker (Friday April 12, 2024)
    Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. " (HackerNews)
  • U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks (Friday April 12, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email correspondence with the company. The attack, which came to light earlier this year, has been (HackerNews)
  • Why CISA is Warning CISOs About a Breach at Sisense (Thursday April 11, 2024)
    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. (KrebsOnSecurity)
  • Python's PyPI Reveals Its Secrets (Thursday April 11, 2024)
    GitGuardian is famous for its annual State of Secrets Sprawl report. In their 2023 report, they found over 10 million exposed passwords, API keys, and other credentials exposed in public GitHub commits. The takeaways in their 2024 report did not just highlight 12.8 million new exposed secrets in GitHub, but a number in the popular Python package repository PyPI. PyPI, (HackerNews)
  • TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (Thursday April 11, 2024)
    A threat actor tracked as TA547 has targeted dozens of German organizations with an information stealer called Rhadamanthys as part of an invoice-themed phishing campaign. "This is the first time researchers observed TA547 use Rhadamanthys, an information stealer that is used by multiple cybercriminal threat actors," Proofpoint said. "Additionally, the actor appeared to (HackerNews)
  • Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks (Thursday April 11, 2024)
    Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks. It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted (HackerNews)
  • Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability (Thursday April 11, 2024)
    Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to (HackerNews)
  • Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers (Wednesday April 10, 2024)
    On April 9, Twitter/X began automatically modifying links that mention "twitter.com" to redirect to "x.com" instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links -- such as fedetwitter[.]com, which is currently rendered as fedex.com in tweets. (KrebsOnSecurity)
  • 'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan (Wednesday April 10, 2024)
    An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It's tracking the group behind the operation under the (HackerNews)
  • Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files (Wednesday April 10, 2024)
    Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick (HackerNews)
  • Beware: GitHub's Fake Popularity Scam Tricking Developers into Downloading Malware (Wednesday April 10, 2024)
    Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL, (HackerNews)
  • Hands-on Review: Cynomi AI-powered vCISO Platform (Wednesday April 10, 2024)
    The need for vCISO services is growing. SMBs and SMEs are dealing with more third-party risks, tightening regulatory demands and stringent cyber insurance requirements than ever before. However, they often lack the resources and expertise to hire an in-house security executive team. By outsourcing security and compliance leadership to a vCISO, these organizations can more easily obtain (HackerNews)
  • Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel (Wednesday April 10, 2024)
    Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the memory. The exploit, called Native Branch History Injection (BHI), can be used to leak arbitrary kernel memory at 3.5 kB/sec by bypassing existing Spectre v2/BHI mitigations, researchers from Systems and (HackerNews)
  • Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses (Wednesday April 10, 2024)
    We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers (HackerNews)
  • Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (Wednesday April 10, 2024)
    Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated Critical, 142 are rated Important, three are rated Moderate, and one is rated Low in severity. The update is aside from 21 vulnerabilities that the company addressed in its (HackerNews)
  • April’s Patch Tuesday Brings Record Number of Fixes (Tuesday April 09, 2024)
    If only Patch Tuesdays came around infrequently -- like total solar eclipse rare -- instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month's patch batch -- a record 147 flaws in Windows and related software. (KrebsOnSecurity)
  • Fake Lawsuit Threat Exposes Privnote Phishing Sites (Thursday April 04, 2024)
    A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. (KrebsOnSecurity)
  • ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec (Wednesday April 03, 2024)
    Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities. (KrebsOnSecurity)
  • Thread Hijacking: Phishes That Prey on Your Curiosity (Thursday March 28, 2024)
    Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop. (KrebsOnSecurity)
  • Recent ‘MFA Bombing’ Attacks Targeting Apple Users (Tuesday March 26, 2024)
    Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code. (KrebsOnSecurity)
  • Mozilla Drops Onerep After CEO Admits to Running People-Search Networks (Friday March 22, 2024)
    The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years. (KrebsOnSecurity)

Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.