Today, the FBI issued a warning to cryptocurrency companies and individuals holding cryptocurrencies about social engineering attacks attributed to North Korea. The U.S. law enforcement agency advises against storing information about crypto wallets on internet-connected devices. The “malicious cyber actors” pose as recruitment agencies or tech companies and attempt to trick employees of crypto companies […]
On Wednesday, August 14, 2024, Citizen Lab and Access Now issued a warning about spear-phishing attacks that are using ‘encrypted’ and ‘secured’ PDF files to lure victims to phishing sites. These sites aim to steal login credentials for Proton and Google accounts. According to these organizations, the attacks have been carried out by two groups […]
A widespread brand impersonation campaign has been targeting over 100 popular apparel, footwear, and clothing brands since June 2022. The campaign involves approximately 6,000 fake websites across at least 3,000 domains, including inactive ones. Brands such as Nike, Puma, Asics, Vans, Adidas, and many others have been impersonated.The campaign experienced a significant increase in activity […]
2023 Data Breach Investigations Report of which the dataset currentlycontains 953,894 incidents, of which 254,968 are confirmed breaches shows that the use of stolen credentials forms 44.7% of the cases. But what else can we learn? 74% of all breaches include the human element, with people being involved either via Error,Privilege Misuse, Use of stolen […]
Phishers are using a new technique called “file archiver in the browser” to trick victims. They create a phishing landing page that looks like legitimate file archiver software using HTML and CSS. The landing page is hosted on a .ZIP domain, making it appear more legitimate. Victims are redirected to a credential harvesting page when […]
Santander, a UK-based bank, is warning customers about an increase in impersonation scams where fraudsters pretend to be the bank in order to steal money from unsuspecting victims. The bank has identified several tactics used by scammers, including phishing emails and phone calls, fake websites, and even physical letters sent through the post. Santander is […]
Fake recruiters on LinkedIn earn a victim’s trust, and then convinces them to engage on WhatsApp or by email, where they can send a malware dropper according to Mandiant.
Recent SMS phishing attacks company employees show how easy it is to set up a site that looks like the company’s IAM landing page (f.e. Okta) which asks for a user credentails and a one time passcode for access. This would result in gaining the users’ credententials which would be send to the attacker in […]
Twilio, which earlier this month became a sophisticated phishing attack, disclosed last week that the threat actors also managed to gain access to the accounts of 93 individual users of its Authy two-factor authentication (2FA) service.
Cisco confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee’s personal Google account that contained passwords synced from their web browser.“Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account” “The user had enabled password […]
- 1
- 2