News

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Autosummary: The second affected the Ministry of Finance, the Central Bank of Paraguay, and Itaipú, where a file containing over 17,000 records was made public, including sensitive data such as payments to public officials, salaries, full names, and ID numbers.These events, with a “hack-and-leak” narrative, could be interpreted as a landmark in known cybersecurity incidents today, by size and scale, as the entire country was extorted due to a massive data breach. "

44% of mobile users encounter scams every day

Autosummary: No channel is safe Scams and malware now hit through every channel, calls, texts, emails, and even apps. Gen Z hit hardest by extortion scams 74% of mobile users have encountered social engineering scams, and one in three have fallen victim, illustrating how effective scammers are at exploiting human trust. "

WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network

Autosummary: "These scripts redirect site visitors to various scam pages through traffic broker networks associated with VexTrio, one of the largest known cybercriminal affiliate networks that leverages sophisticated DNS techniques, traffic distribution systems, and domain generation algorithms to deliver malware and scams across global networks," GoDaddy noted in a report published in March 2025. "

Smashing Security podcast #421: Toothpick flirts, Google leaks, and ICE ICE scammers

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Episode links: Sponsored by: Drata – The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. "

Five plead guilty to laundering $36 million stolen in investment scams

Autosummary: Accomplices living abroad reached out to targets in the United States via unsolicited social media, phone calls, text messages, and online dating services to gain their trust, promoting fraudulent digital asset investments and falsely claiming that the victims" funds" value increased after they tricked them into investing, when, in fact, their money was stolen. "

44% of people encounter a mobile scam every single day, Malwarebytes finds

Autosummary: With the launch of our free, AI-powered digital safety companion Scam Guard, users can review any concerning text, email, phone number, link, image, or online message and receive on the spot guidance to avert and report scams.By surveying 1,300 people over the age of 18 in the US, UK, Austria, Germany, and Switzerland, Malwarebytes can reveal a mobile reality full of tension: high concern, low action, and increasingly blurred lines between what’s safe and what’s not. "

Texas Department of Transportation (TxDOT) data breach exposes 300,000 crash reports

Autosummary: Compromised personal information in crash reports may include first and last names, mailing and/or physical addresses, driver’s license numbers, license plate numbers, vehicle make and model, car insurance policy numbers and other information such as injuries users may have sustained, and a narrative description of your crash. "

How and where to report an online scam

Autosummary: How to report a scam in the United Kingdom Action Fraud: Report online at actionfraud.police.uk or call 0300 123 2040 (Monday to Friday, 8 am to 8 pm). How to report a scam in Canada Canadian Anti-Fraud Centre (CAFC): Call 1-888-495-8501 or report online. The methods in which to report a scam varies according to the country you’re in, the platforms you’re using, and the outcome of the scam, so here are the most common methods you may need. "

Been scammed online? Here’s what to do

Autosummary: Gather evidence Keep all records related to the scam: emails, texts, receipts, screenshots, and any communication details. If you sent the money via payment apps (e.g. PayPal, Venmo, Cash App), contact the provider to inquire about recovery options. In the UK, for credit reports and monitoring contact Experian, Equifax, and TransUnion UK. "

DOJ moves to seize $7.74M in crypto linked to North Korean IT worker scam

Autosummary: Chapman faces charges of conspiracy to defraud the United States, wire fraud, bank fraud, aggravated identity theft, identity fraud, money laundering, operating an unlicensed money transmitting business, and unlawful employment of aliens. In May 2024, the Justice Department unsealed charges against an Arizona woman, a Ukrainian man, and three unidentified foreign nationals accused of aiding overseas IT workers, pretending to be U.S. citizens, to infiltrate hundreds of firms in remote IT positions.Following receipt of the laptops, and without authorization, Knoot logged on to the laptops, downloaded and installed unauthorized remote desktop applications, and accessed the victim companies’ networks, causing damage to the computers. "

NatWest apologises as banking app goes offline

Autosummary: NatWest has advised customers on social media that it has "no timeframe" for a fix, but said its team is "working hard" to resolve it. "

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam

Autosummary: The cross-sector collaboration, Redmond added, made it possible to identify the broader network behind these operations, which includes pop-up creators, search-engine optimizers, lead generators, logistics and technology providers, payment processors, and talent providers. "

Google survey shows Americans are changing how they fight scams

Autosummary: Kotsovinos said, “Most people, including Generation X, Baby Boomers and many Millennials, still rely on older sign in methods like passwords and 2FA, with about half of all Americans admitting to writing down or memorizing their passwords.” "

MailerLite warns of phishing campaign

Autosummary: "

Cartier disclosed a data breach following a cyber attack

Autosummary: ⚠️ This marks the third cybersecurity incident… pic.twitter.com/k00j8AzmRj — VenariX (@_venarix_) June 3, 2025 Recently, other luxury and fashion brands were victims of cyber attacks, including Adidas, Dior, and Victoria’s Secret. "

FBI warns of NFT airdrop scams targeting Hedera Hashgraph wallets

Autosummary: During the NFT claiming or minting process, it is crucial never to share passwords, seed phrases, or one-time passwords (OTPs), unless you initiated contact. "

Media giant Lee Enterprises says data breach affects 39,000 people

Autosummary: "

Google Exposes Vishing Group UNC6040 Targeting Salesforce with Fake Data Loader App

Autosummary: "The success of campaigns like UNC6040"s, leveraging these refined vishing tactics, demonstrates that this approach remains an effective threat vector for financially motivated groups seeking to breach organizational defenses," Google said. "

Bankers Association’s attack on cybersecurity transparency

Autosummary: A coalition of banking industry associations, including SIFA, the American Bankers Association (ABA), Bank Policy Institute (BPI), and several other lobbying groups have made a disgraceful appeal to the SEC to eliminate the rule requiring public disclosure of material cybersecurity incidents within four days of detection. Business leaders and cybersecurity professionals should see this for what it is: a shady move to protect image and profits at the expense of transparency, fairness, security, and public trust.They’re putting forward weak, recycled arguments in the hopes of shielding their industry from public scrutiny, narrative damage, and financial consequences. "

Scammers are impersonating Interactive Brokers: Here’s what you need to know

Autosummary: How to protect yourself Never share your login credentials Use multi-factor authentication on your account Be cautious of messages that create urgency Always verify who you are dealing with Report any suspicious activity to your local police or regulator If you are ever unsure whether a message is really from IBKR, contact their Client Services team directly through the company’s website. "

Scattered Spider: Understanding Help Desk Scams and How to Defend Your Organization

Autosummary: So, for example, having a process for MFA reset that recognizes the risk associated with resetting a high-privileged account: Require multi-party approval/escalation for admin-level account resets Require in-person verification if the process can"t be followed remotely Freeze self-service resets when suspicious behavior is encountered (this would require some kind of internal process and awareness training to raise the alarm if an attack is suspected) And watch out for these gotchas: If you receive a call, good practice is to terminate the call and dial the number on file for the employee.After MGM refused to pay, the attack eventually resulted in a 36-hour outage, a $100m hit, and a class-action lawsuit settled for $45m. in September 2023, where the hacker used LinkedIn information to impersonate an employee and reset the employee"s credentials, resulting in a 6TB data theft. Social engineering domain registrars to take control of the target organization"s DNS, hijacking their MX records and inbound mail, and using this to take over the company"s business app environments And latterly, using MFA-bypass AiTM phishing kits like Evilginx to steal live user sessions, bypassing all common forms of MFA (with the exception of WebAuthn/FIDO2) Scattered Spider phishing pages running Evilginx. "

Android Trojan Crocodilus Now Active in 8 Countries, Targeting Banks and Crypto Wallets

Autosummary: The malware, according to a new report published by ThreatFabric, has also adopted improved obfuscation techniques to hinder analysis and detection, and includes the ability to create new contacts in the victim"s contacts list. "

Scammers are constantly changing the game, but so are we. Introducing Malwarebytes Scam Guard

Autosummary: Comprehensive scam detection: Scam Guard is trained to recognize various scams, including romance, phishing, financial fraud, text, robocall, and shipping fraud, helping you stay ahead of cybercriminals at all times. "

Malwarebytes Scam Guard spots and avoids potential scams

Autosummary: Scam Guard is trained to recognize various scams, including romance, phishing, financial fraud, text, robocall and shipping fraud, helping users stay ahead of cybercriminals at all times. "

Android banking trojan Crocodilus rapidly evolves and goes global

Autosummary: Meanwhile, smaller campaigns show a broader, global focus, impersonating apps from countries like Argentina, Brazil, the U.S., Indonesia, and India. "

Cartier discloses data breach amid fashion brand cyberattacks

Autosummary: In May, Dior disclosed a data breach after threat actors breached its systems and stole customer contact details, purchase histories, and preferences. "

Using AI to outsmart AI-driven phishing scams

Autosummary: According to Cofense, email-based scams surged 70% year over year, driven by AI’s ability to automate lures, spoof internal conversations, and bypass spam filters with subtle text variations. Privacy concerns: AI systems that detect phishing often analyze emails, messages, attachments, and user behavior. "

U.S. Sanctions Funnull for $200M Romance Baiting Scams Tied to Crypto Fraud

Autosummary: Funnull, also called Fang Neng CDN (funnull[.]io, funnull[.]com, funnull[.]app, and funnull[.]buzz), was first attracted the attention of the cybersecurity community in June 2024 after it was implicated in the supply chain attack of widely-used Polyfill[.]io JavaScript library. "

US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator

Autosummary: “Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams, commonly known as “pig butchering,” along with its administrator, Liu Lizhi.” "

Data broker LexisNexis discloses data breach affecting 364,000 people

Autosummary: "The personal information involved was limited to name, contact information (such as phone number, postal or email address), Social Security number, driver’s license number or date of birth," the spokesperson also told BleepingComputer. "

US sanctions firm linked to cyber scams behind $200 million in losses

Autosummary: " As the FBI revealed last month, cybercriminals have stolen a record $16,6 billion from Americans in 2024, with over $6.5 billion lost to investment scams, marking a massive increase in losses of over 33% compared to the previous year. "

Threat actors abuse Google Apps Script in evasive phishing attacks

Autosummary: Legitimate service abuse Google Apps Script is a JavaScript-based cloud scripting platform from Google that allows users to automate tasks and extend the functionality of Google Workspace products like Google Sheets, Docs, Drive, Gmail, and Calendar. "

New warning issued over toll fee scams

Autosummary: Now the Departments of Motor Vehicles (DMVs) of New York, Florida, and California are warning residents not to fall for the text message scams that try to trick users into clicking a link by telling them they owe a “small amount” in toll fees. "

Adidas warns of data breach after customer service provider hack

Autosummary: "

Hackers Are Calling Your Office: FBI Alerts Law Firms to Luna Moth’s Stealth Phishing Campaign

Autosummary: Luna Moth, also called Chatty Spider, Silent Ransom Group (SRG), Storm-0252, and UNC3753, is known to be active since at least 2022, primarily employing a tactic called callback phishing or telephone-oriented attack delivery (TOAD) to trick unsuspecting users into calling phone numbers listed in benign-looking phishing emails related to invoices and subscription payments. "

Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages

Autosummary: " Active since at least April 2024, the hacking group is linked to espionage operations mainly targeting organizations that are important to Russian government objectives, including those in government, defense, transportation, media, non-governmental organizations (NGOs), and healthcare sectors in Europe and North America. "

Adidas customers’ personal information at risk after data breach

Autosummary: As Bleeping Computer reports, earlier this month Adidas did disclose that customers in Turkey and South Korea who had contacted its customer service centre had had their contact information (including names, email addresses, phone numbers, dates of birth, and postal addresses) stolen. "

Marlboro-Chesterfield Pathology data breach impacted 235,911 individuals

Autosummary: Marlboro-Chesterfield Pathology disclosed that the breach exposed personal details such as names, addresses, birth dates, medical treatment information, and health insurance data, including policy numbers. "

Scammers are using AI to impersonate senior officials, warns FBI

Autosummary: A vishing attack is a type of phishing attack in which a threat actor uses social engineering tactics via voice communication to scam a target—the word “vishing” is a combination of “voice” and “phishing.” "

Stalkerware apps go dark after data breach

Autosummary: Other apps now taken down that the company claimed to have operated include Spyier, Neatspy, Fonemonitor, Spyine, and Minspy.The flaw exposed data from the victim’s devices, rendering their messages, photos, and location data visible to whomever wanted them. "

DOJ charges 12 more in $263 million crypto fraud takedown where money was hidden in squishmallow stuffed animals

Autosummary: For instance, Lam is said to have purchased at least 31 luxury vehicles, including custom Lamborghinis, Ferraris, Porsches, Mercedes G Wagons, a Rolls-Royce, and a McClaren - some of which have been valued at over US $3 million. "

Coinbase says recent data breach impacts 69,461 customers

Autosummary: "

Researchers Expose PWA JavaScript Attack That Redirects Users to Adult Scam Apps

Autosummary: "

How to Detect Phishing Attacks Faster: Tycoon2FA Example

Autosummary: These IOCs can then be used to: Block malicious domains across your infrastructure Update email filters and detection rules Enrich your threat intelligence database Support incident response and SOC workflows IOCs gathered inside ANY.RUN sandbox Finally, ANY.RUN generates a well-structured, shareable report that includes all key details, from behavior logs and network traffic to screenshots and IOCs.Upload the file or paste a URL, pick your OS (Windows, Linux, or Android), tweak your settings if needed, and within seconds, you"re inside a fully interactive virtual machine ready to investigate. Analysis setup inside ANY.RUN sandbox To show how easy it is to detect phishing, let"s walk through a real-world example, a potential phishing email we analyzed using ANY.RUN, is one of the fastest and most intuitive sandboxes available. Step 3: Analyze and Collect IOCs Once the phishing chain is fully detonated, the next step is what matters most to security teams; gathering indicators of compromise (IOCs) that can be used for detection, response, and future prevention. "

Coinbase data breach impacted 69,461 individuals

Autosummary: Name, address, phone, and email; Masked Social Security (last 4 digits only); Masked bank-account numbers and some bank account identifiers; Government‑ID images (e.g., driver’s license, passport); Account data (balance snapshots and transaction history); and Limited corporate data (including documents, training material, and communications available to support agents). "

Smashing Security podcast #418: Grid failures, Instagram scams, and Legal Aid leaks

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Guest: Dinah Davis Episode links: Sponsored by: Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. "

UK’s Legal Aid Agency discloses a data breach following April cyber attack

Autosummary: Downloaded data may have included contact details and addresses of applicants, their dates of birth, national ID numbers, criminal history, employment status and financial data such as contribution amounts, debts and payments. "

Cyber attack threat keeps me awake at night, bank boss says

Autosummary: "

Pwn2Own Berlin 2025: total prize money reached $1,078,750

Autosummary: Pwn2Own Berlin 2025: total prize money reached $1,078,750 Pierluigi Paganini May 19, 2025 May 19, 2025 Pwn2Own Berlin 2025 wrapped up with $383,750 awarded on the final day, pushing the total prize money to $1,078,750 over three days. "

ThreatMark offers protection against social engineering attacks and scams

Autosummary: "

CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide

Autosummary: Commands like “OTP,” “QUESTION,” or “2ND_USER” prompt the user to hand over additional details, scan QR codes, or involve other employees, increasing the potential damage. A persistent threat This campaign reflects an evolution in phishing tactics, where attackers use automation, live control, and targeted filtering to improve their success rate and avoid detection. Researchers observed thousands of redirector domains, hundreds of unique phishing URLs, and targeting activity across North America, the Middle East, and Europe. "

UK Legal Aid Agency confirms applicant data stolen in data breach

Autosummary: "

Deepfake attacks could cost you more than money

Autosummary: In this Help Net Security interview, Camellia Chan, CEO at X-PHY, discusses the dangers of deepfakes in real-world incidents, including their use in financial fraud and political disinformation.Advanced machine learning models, especially multi-modal AI, are becoming increasingly effective at spotting subtle, sophisticated signs of manipulation – from unnatural blinking and facial inconsistencies to mismatched audio-visual cues. This is just one example, but recently I’ve seen an increasing number of reports where companies were tricked into transferring large sums of money based on deepfaked video calls – some of our partners, customers, and even my internal staff have highlighted this as a concern. "

Polymorphic phishing attacks flood inboxes

Autosummary: Industries with the largest increase in reported malicious emails: Education : 341% : 341% Construction : 1,282% : 1,282% Taxes-related campaigns : 340% : 340% Campaigns utilizing legitimate files: 575% Microsoft has been identified as the most frequently spoofed brand in 2024. "

Coinbase data breach exposes customer info and government IDs

Autosummary: Masked Social Security (last four digits only); Masked bank-account numbers and some bank account identifiers; Government‑ID images (e.g., driver"s license, passport); Account data (balance snapshots and transaction history); and Limited corporate data (including documents, training material, and communications available to support agents). "

Coinbase suffers data breach, gets extorted (but won’t pay)

Autosummary: The rogue agents got their hands on customers’ name, address, phone number, emails address, the last 4 digitls of their Social Security number, masked bank account numbers and some bank account identifiers, images of government-issued IDs, and some account data (transaction history, snapshots of customers’ Coinbase account balance). "

Nova Scotia Power discloses data breach after March security incident

Autosummary: “ The impacted personal information varies by customer and could include different types depending on what each customer provided, including name, phone number, email address, mailing and service addresses, Nova Scotia Power program participation information, date of birth, and customer account history (such as power consumption, service requests, customer payment, billing, and credit history, and customer correspondence), driver’s license number, and Social Insurance Number. "

Coinbase disclosed a data breach after an extortion attempt

Autosummary: Compromised data includes: Name, address, phone, and email; Masked Social Security (last 4 digits only); Masked bank-account numbers and some bank account identifiers; Government‑ID images (e.g., driver’s license, passport); Account data (balance snapshots and transaction history); and Limited corporate data (including documents, training material, and communications available to support agents). "

Resilience helps businesses understand their cyber risk in financial terms

Autosummary: Drawing from our unique bird’s-eye-view of the threat landscape, extensive underwriting capabilities, and proprietary Risk Operations Center, we built a tool that bridges this communication gap,” said Dr. Ann Irvine, Chief Data and Analytics Officer at Resilience. "

Fashion giant Dior discloses cyberattack, warns of data breach

Autosummary: According to screenshots of the notices shared online, the incident was discovered on May 7, involving unauthorized personnel access, and exposed the following information: Full name Gender Phone number Email address Postal address Purchase history Notice sent to China customers Source: marketing-interactive.com The notice posted on Dior’s Korean shop also sets the breach date to May 7, 2025, suggesting a common cybersecurity incident that had an international impact. "

McAfee’s Scam Detector identifies scams across text, email, and video

Autosummary: On-demand scam check: Upload a message, screenshot, or link for speedy analysis and context Upload a message, screenshot, or link for speedy analysis and context Deepfake detection: Identifies AI-generated videos with 96% accuracy in seconds Identifies AI-generated videos with 96% accuracy in seconds Built for modern communication: Works across apps, browsers, and devices, including iMessage, WhatsApp, Messenger, Gmail, and more Designed with a mobile-first approach, McAfee’s Scam Detector meets people where scams happen most. "

Horabot Malware Targets 6 Latin American Nations Using Invoice-Themed Phishing Emails

Autosummary: "The malware then proceeds to steal browser-related data from a range of targeted web browsers, including Brave, Yandex, Epic Privacy Browser, Comodo Dragon, Cent Browser, Opera, Microsoft Edge, and Google Chrome," Lin said. "

Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation

Autosummary: To defend against this type of advanced, targeted phishing: Ensure your security stack can detect and block phishing pages even on trusted domains Invest in tools that recognize the impersonation of legitimate business platforms your organization uses (e.g., Microsoft 365, Okta, Google Workspace) Ensure your employees have real-time, browser-level protection, not just email filtering Keeping Up With Ever-Evolving Attacks Phishing continues to evolve—leveraging legitimate infrastructure, precision email validation, and evasive delivery techniques. Precision-Validated Phishing, Server-Side This technique, in which an attacker validates an email address in real-time to ensure only the intended targets or targets of higher value receive the final phishing page, is referred to as “Precision-Validated Phishing”. This pre-population technique implies the phishing emails include target-specific links, such as: compromised.domain.com/file/path?#victim_email@example.com Similar techniques have been seen before, like in a recent write-up, where a malicious SVG attached in a phishing email used JavaScript to append the victim’s email to a malicious URL and redirect the browser. This attack illustrates the abuse of trusted domains, the practice of server-side phishing email validation, and the critical need for browser-based, zero-day phishing protection. "

Xinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

Autosummary: Xinbi Guarantee, per Elliptic, has 233,000 users, with merchants broken down to broad categories related to money laundering, Starlink satellite internet equipment, fake IDs, and databases of stolen personal information used to target potential victims. "

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Autosummary: Cybercriminals cleverly hosted fake pages leveraging trusted cloud platforms like GitHub, Firebase, and Vercel, making it harder to spot the scams. "

Smashing Security podcast #417: Hello, Pervert! – Sextortion scams and Discord disasters

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Episode links: Sponsored by: Drata – The world’s most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before. "

Marks and Spencer confirms data breach after April cyber attack

Autosummary: “The personal data taken could include contact details – such as name, email address, addresses, telephone number – date of birth, online order history, household information and ‘masked’ payment card details used for online purchases. The stolen M&S data may include contact info, birthdate, order history, household data, and masked card details, but not full payment info. "

⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams

Autosummary: This week"s list includes — CVE-2025-32819, CVE-2025-32820, CVE-2025-32821 (SonicWall), CVE-2025-20188 (Cisco IOS XE Wireless Controller), CVE-2025-27007 (OttoKit), CVE-2025-24977 (OpenCTI), CVE-2025-4372 (Google Chrome), CVE-2025-25014 (Elastic Kibana), CVE-2025-4318 (AWS Amplify Studio), CVE-2024-56523, CVE-2024-56524 (Radware Cloud Web Application Firewall), CVE-2025-27533 (Apache ActiveMQ), CVE-2025-26168, CVE-2025-26169 (IXON VPN), CVE-2025-23123 (Ubiquiti UniFi Protect Cameras), CVE-2024-8176 (libexpat), and CVE-2025-47188 (Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones).With support for cloud services (S3, GCS, Firebase), databases (MySQL, PostgreSQL, MongoDB, Redis), messaging apps (Slack), and local file systems, it uses advanced OCR and pattern-matching to uncover sensitive data hidden in documents, images, archives, and even videos.With support for cloud services (S3, GCS, Firebase), databases (MySQL, PostgreSQL, MongoDB, Redis), messaging apps (Slack), and local file systems, it uses advanced OCR and pattern-matching to uncover sensitive data hidden in documents, images, archives, and even videos."Despite vendor customizations in USB stacks, ChoiceJacking attacks gain access to sensitive user files (pictures, documents, app data) on all tested devices from 8 vendors including the top 6 by market share," researchers Florian Draschbacher, Lukas Maar, Mathias Oberhuber, and Stefan Mangard said."Despite vendor customizations in USB stacks, ChoiceJacking attacks gain access to sensitive user files (pictures, documents, app data) on all tested devices from 8 vendors including the top 6 by market share," researchers Florian Draschbacher, Lukas Maar, Mathias Oberhuber, and Stefan Mangard said.The attacks, detected in January, March, and April 2025, targeted current and former advisors to Western governments and militaries, as well as journalists, think tanks, and NGOs, as well as individuals connected to Ukraine.The attacks, detected in January, March, and April 2025, targeted current and former advisors to Western governments and militaries, as well as journalists, think tanks, and NGOs, as well as individuals connected to Ukraine."Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage," the agencies said."Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage," the agencies said.Built for speed and simplicity, it allows investigators to quickly search through Windows Event Logs, MFT files, Shimcache, SRUM, and registry hives using keyword matching, regex, and Sigma detection rules.Built for speed and simplicity, it allows investigators to quickly search through Windows Event Logs, MFT files, Shimcache, SRUM, and registry hives using keyword matching, regex, and Sigma detection rules."By targeting browsers, authentication tokens, and system files, it enables cybercriminals to perform identity theft, corporate espionage, and unauthorized financial transactions," Flashpoint said."By targeting browsers, authentication tokens, and system files, it enables cybercriminals to perform identity theft, corporate espionage, and unauthorized financial transactions," Flashpoint said.The flaws, tracked as CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (CVSS scores: 9.3), and CVE-2025-2778, have been addressed in version 24.4.60 b16 of the software.The flaws, tracked as CVE-2025-2775, CVE-2025-2776, CVE-2025-2777 (CVSS scores: 9.3), and CVE-2025-2778, have been addressed in version 24.4.60 b16 of the software. — The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Environmental Protection Agency (EPA), and Department of Energy (DOE) are urging critical infrastructure entities to review and take steps to bolster their security posture amid "cyber incidents affecting the operational technology (OT) and industrial control systems (ICS) of critical infrastructure entities in the United States." "

Coro SAT module defends against phishing attacks

Autosummary: This approach reduces tool sprawl, friction, and manual overhead while delivering adaptive, automated training within the same platform SMBs use to protect endpoints, data, and users. "

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

Autosummary: The updates also arrive as Google appears to be readying an Advanced Protection feature in Android 16 that, in some ways, mirrors Apple"s approach by turning off JavaScript, disabling 2G connections, and activating a number of security features by default, such as Theft Detection Lock, Offline Device Lock, Android Safe Browsing, spam protection in Messages. "

Ascension says recent data breach affects over 430,000 patients

Autosummary: They could also gain access to personal information, including name, address, phone number(s), email address, date of birth, race, gender, and Social Security numbers (SSNs). "

Google Chrome to use on-device AI to detect tech support scams

Autosummary: Chrome"s new anti-scam system, which is integrated into the browser"s "Enhanced Protection," analyzes web pages in real time to detect scam signals like fake virus alerts or full-screen lockouts, which are hallmarks of tech support scams. "

Google Chrome will use AI to block tech support scam websites

Autosummary: How it works When the user lands on a suspicious page, which is decided by the on-device LLM, based on specific triggers like the Keyboard Lock API, Chrome provides the LLM with the contents of the page that the user is on and queries it to extract security signals, such as the intent of the page. "

Wave of tech layoffs leads to more job scams

Autosummary: AI and job scams With the rise of AI, these scams are about to get more convincing, as emails, job postings, and even video calls with scammers posing as job recruiters will be hard to distinguish. Trust your instincts If something feels off, such as vague job descriptions, unusually high salaries for minimal work, or pressure to act quickly, it’s best to proceed with caution. "

Pay day banking outages hit 1.2m people, banks reveal

Autosummary: Ron van Kemenade, the bank"s group chief operating officer, said around 700,000 people who are customers of Lloyds, Halifax, Bank of Scotland and MBNA were affected as they couldn"t log into their accounts on a first attempt. "

Digital welfare fraud: ALTSRUS syndicate exploits the financially vulnerable

Autosummary: "

FBI issues warning as scammers target victims of crime

Autosummary: Besides other direct payments, called recovery fees, processing fees, tax clearance, or compliance charges, the scammers will typically try to get hold of: Financial information like credit card details, bank account numbers, cryptocurrency wallet addresses, and private keys.Subject: Recovery of Funds – Immediate Action Required Date: April 22, 2025 To: [victim’s email address] “Dear [Full Name], This is to notify you that after a recent audit by the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3), we have identified your case as eligible for full recovery of lost funds stemming from your previous online fraud complaint (Case ID: #IC3-R2471982-Q2). : Scammers may ask for sensitive data, including Social Security numbers, bank account details, or login credentials. "

CoGUI phishing platform sent 580 million emails to steal credentials

Autosummary: The messages impersonate major brands like Amazon, Rakuten, PayPal, Apple, tax agencies, and banks. "

Beware of phone scams demanding money for ‘missed jury duty’

Autosummary: Always contact the authority in question independently (rather than replying to the email/text) Never divulge sensitive persona and financial information online or over the phone Remember that scammers can spoof their Caller ID to appear legitimate Never pay alleged fines by gift cards, crypto or money transfers If threatened while on the phone, stay calm, ask where the person is calling from, hang up and then call that office to check its legitimacy Keep up to date with the latest scam tactics from the FTC and other government sites Use anti-malware on all devices and computers to help filter out phishing messages and emails What to do if you’ve been scammed If you realize you’ve been scammed, don’t panic.Work step by step through the following: If you’re on a call, hang up immediately Make a note of as much information as possible, including the ‘name’ and/or badge number of the scammer, what they said and where they called/emailed from, and payment details Report the incident to the police and FTC.While they may not be able to help you recover any stolen money, it may help others Call your bank and freeze your credit/debit cards Monitor your bank account for any unusual activity Freeze your credit with the three big credit agencies, so scammers can take out credit lines in your name It can be a daunting task when threatened with jail time and steep fines.Yet scammers will do so, often requesting that funds be transferred by crypto, gift cards, wire transfer or an instant payment app like Zelle, Venmo or Cash App. "

Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate

Autosummary: Smishing on a Massive Scale: ‘Panda Shop’ Chinese Carding Syndicate Pierluigi Paganini May 06, 2025 May 06, 2025 Resecurity found a new smishing kit called ‘Panda Shop,’ mimicking Smishing Triad tactics with improved features and new templates. "

New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims

Autosummary: Reckless Rabbit is said to have been creating domains as far back as April 2024, primarily targeting users in Russia, Romania, and Poland, while excluding traffic from Afghanistan, Somalia, Liberia, Madagascar, and others." Some of these forms, besides requesting users" names, phone numbers, and email addresses, offer the ability to auto-generate a password, a key piece of information that"s used to progress to the next phase of the attack -- validation checks. What"s more, the ads contain unrelated images and display a decoy domain (e.g., "amazon[.]pl") that"s different from the actual domain the user will be redirected to once they click on the link (e.g., "tyxarai[.]org"). "

Toll road scams are in overdrive: Here’s how to protect yourself

Autosummary: A small payment amount, designed to make it more likely that you will pay up without asking questions Impersonation of a trusted toll road brand such as E-ZPass, which operates toll roads across 20 states, or even a state authority Request for information such as driver’s license number and license plates A link in the text message, which could covertly install malware or take you to a website to fill in personal and financial information A phishing site also spoofed with the branding of the legitimate toll road operator Sometimes scams are easy to spot, such as when they are sent out to drivers in states with no toll roads, such as Michigan or Wisconsin. Delete any scam texts once read and reported.. What to do if you think you’ve been scammed In the even the worst happens and you think you may have fallen victim to a toll road smishing text, don’t panic and follow these steps: Freeze your bank cards and inform your bank (if you have shared financial details with the scammers) Initiative a credit freeze with the three main credit reporting agencies (Experian, TransUnion, Equifax). "

How OSINT supports financial crime investigations

Autosummary: He outlines its application in areas such as fraud, sanctions evasion, and money laundering, and addresses the legal, ethical, and operational challenges involved.Yet open-source data is often fragmented and is spread across corporate registries, publicly available social media, news archives, the dark web, and more.What’s important to emphasise, however, is that while we can identify certain core typologies – like fraud, sanctions evasion, and money laundering – they must remain fluid. Are there specific financial crime typologies, such as fraud, money laundering, or sanctions evasion, where OSINT has proven particularly valuable?Investigators overlaid leaked names and corporate data with public registries, sanctions databases, and corporate network analysis, exposing global webs of tax evasion and illicit asset concealment by individuals and companies. "

Darcula PhaaS steals 884,000 credit cards via phishing texts

Autosummary: In February 2025, the same researchers reported that Darcula had undergone a significant evolution, now allowing operators to auto-generate phishing kits for any brand, while also implementing new stealth features, a credit card to virtual card converter, and a simplified admin panel. "

Kelly Benefits December data breach impacted over 400,000 individuals

Autosummary: Kelly Benefits is notifying affected individuals on behalf of multiple customers, including CareFirst, Guardian, Beam Benefits, and others impacted by the breach. "

MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks

Autosummary: Communication between GhostWeaver and its command-and-control (C2) server is secured through TLS encryption using an obfuscated, self-signed X.509 certificate embedded directly within the PowerShell script, which is leveraged for client-side authentication to the C2 infrastructure," Recorded Future said. "

Low-tech phishing attacks are gaining ground

Autosummary: This is pertinent because link usage, which accounted for 75% of phishing attempts in Q1 2024, dropped by 42% in Q1 2025, making room for callbacks, which now account for nearly one in five attempts. "

FBI shared a list of phishing domains associated with the LabHost PhaaS platform

Autosummary: FBI shared a list of phishing domains associated with the LabHost PhaaS platform Pierluigi Paganini May 01, 2025 May 01, 2025 The FBI shared 42K phishing domains tied to LabHost, a PhaaS platform shut down in April 2024, to boost awareness and help identify compromises. In April 2024, an international law enforcement operation, codenamed Nebulae and coordinated by Europol, led to the disruption of LabHost, which is one of the world’s largest phishing-as-a-service platforms. "

Property renters targeted in simple BEC scam

Autosummary: Early campaigns often included attached PDFs using logos and statements such as ‘Gestion locative de bien immobilier’ (‘Rental property management’), ‘Garantie des loyers’ (Rent guarantee), and ‘Gestion immobilier comptabilité’ (‘Real estate management accounting’).” "

FBI shares massive list of 42,000 LabHost phishing domains

Autosummary: It featured extensive customization options, advanced 2FA-bypassing mechanisms, automatic SMS-based interactions with victims, and a real-time campaign management panel. "

Ascension discloses new data breach after third-party hacking incident

Autosummary: "

Smashing Security podcast #415: Hacking hijinks at the hospital, and WASPI scams

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Episode links: Sponsored by: Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. "

VeriSource data breach impacted 4M individuals

Autosummary: The review ended on August 12, 2024, revealing personal data like names, addresses, dates of birth, gender, and/or Social Security numbers were compromised. "

Bitwarden Access Intelligence defends against credential risks and phishing

Autosummary: Empower teams to act, remediate, and prevent threats The Risk Insights for Access Intelligence dashboard delivers actionable visibility into credential-related security risks, empowering IT administrators to: Identify weak, reused, or exposed credentials stored across key business applications Prioritize remediation efforts based on application importance Automatically alert end users of compromised credentials Initiate guided remediation workflows Monitor password health improvements across the organization These workflows help close security gaps while reinforcing enterprise access policies. "

WooCommerce Users Targeted by Fake Patch Phishing Campaign Deploying Site Backdoors

Autosummary: "

⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More

Autosummary: This week"s list includes — CVE-2024-58136, CVE-2025-32432 (Craft CMS), CVE-2025-31324 (SAP NetWeaver), CVE-2025-27610 (Rack), CVE-2025-34028 (Commvault Command Center), CVE-2025-2567 (Lantronix Xport), CVE-2025-33028 (WinZip), CVE-2025-21204 (Microsoft Windows), CVE-2025-1021 (Synology DiskStation Manager), CVE-2025-0618 (FireEye EDR Agent), CVE-2025-1763 (GitLab), CVE-2025-32818 (SonicWall SonicOS), CVE-2025-3248 (Langflow), CVE-2025-21605 (Redis), CVE-2025-23249, CVE-2025-23250, and CVE-2025-23251 (NVIDIA NeMo Framework), CVE-2025-22228 (Spring Framework, NetApp), and CVE-2025-3935 (ScreenConnect).Power Parasites Goes After Bangladesh, Nepal, India — An active campaign is targeting individuals across Asian countries, including Bangladesh, Nepal, and India, with job and investment scams via combination of deceptive websites masquerading as energy firms and other major firms, social media groups, Youtube videos, and Telegram channels since September 2024.In recent months, a cyber espionage campaign known as Operation Cobalt Whisper has targeted multiple industries in Hong Kong and Pakistan, including defense, education, environmental engineering, electrotechnical engineering, energy, cybersecurity, aviation and healthcare, with phasing emails that serve as a conduit to deliver Cobalt Strike. — Cybersecurity researchers have outlined two scenarios where releases associated with the PC Manager tool, a software designed to help optimize and manage Windows computers, could have been hijacked by attackers via WinGet repository (ZDI-23-1527), "aka.ms" URLs, and the official "pcmanager.microsoft[.]com" subdomain of Microsoft (ZDI-23-1528), due to overly permissive Shared Access Signature (SAS) tokens.How Windows PC Manager Could Be Hijacked — Cybersecurity researchers have outlined two scenarios where releases associated with the PC Manager tool, a software designed to help optimize and manage Windows computers, could have been hijacked by attackers via WinGet repository (ZDI-23-1527), "aka.ms" URLs, and the official "pcmanager.microsoft[.]com" subdomain of Microsoft (ZDI-23-1528), due to overly permissive Shared Access Signature (SAS) tokens. — An active campaign is targeting individuals across Asian countries, including Bangladesh, Nepal, and India, with job and investment scams via combination of deceptive websites masquerading as energy firms and other major firms, social media groups, Youtube videos, and Telegram channels since September 2024. 📰 Around the Cyber World Lumma Stealer Adopts New Tricks to Evade Detection — The information stealer known as Lumma, which has been advertised as a Malware-as-a-Service (MaaS) starting at $250 a month, is being distributed extensively using various methods such as pirated media, adult content, and cracked software sites, as well as fake Telegram channels for such content to redirect users to fraudulent CAPTCHA verifications that leverage the ClickFix tactic to trick users into downloading and running the malware via PowerShell and MSHTA commands. — The information stealer known as Lumma, which has been advertised as a Malware-as-a-Service (MaaS) starting at $250 a month, is being distributed extensively using various methods such as pirated media, adult content, and cracked software sites, as well as fake Telegram channels for such content to redirect users to fraudulent CAPTCHA verifications that leverage the ClickFix tactic to trick users into downloading and running the malware via PowerShell and MSHTA commands.Also addressed by Kentico are three other vulnerabilities, WT-2025-0006 (authentication bypass), WT-2025-0007 (Post-authentication Remote Code Execution), and WT-2025-0011 (Authentication Bypass), that can achieve Remote Code Execution against fully-patched deployments.Also addressed by Kentico are three other vulnerabilities, WT-2025-0006 (authentication bypass), WT-2025-0007 (Post-authentication Remote Code Execution), and WT-2025-0011 (Authentication Bypass), that can achieve Remote Code Execution against fully-patched deployments." — Fifty-eight suspicious Google Chrome extensions have been discovered containing risky features, such as monitoring browsing behavior, accessing cookies for domains, altering search providers, and potentially executing remote scripts, according to Secure Annex researcher John Tuckner."To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse," Matt Hartman, CISA Acting Executive Assistant Director for Cybersecurity, said."To set the record straight, there was no funding issue, but rather a contract administration issue that was resolved prior to a contract lapse," Matt Hartman, CISA Acting Executive Assistant Director for Cybersecurity, said.Several Extensions Found with Risky Features — Fifty-eight suspicious Google Chrome extensions have been discovered containing risky features, such as monitoring browsing behavior, accessing cookies for domains, altering search providers, and potentially executing remote scripts, according to Secure Annex researcher John Tuckner."The dispersal of these sophisticated criminal networks within areas of weakest governance has attracted new players, benefited from and fueled corruption, and enabled the illicit industry to continue to scale and consolidate, culminating in hundreds of industrial-scale scam centres generating just under US $40 billion in annual profits," the UNODC said.Indian Banks Ordered to Migrate to ".bank[.]in" Domains by October 31 — In Febraury 2025, India"s central bank, the Reserve Bank of India (RBI), introduced an exclusive ".bank[.]in" internet domain for banks in the country to combat digital financial fraud."If an attack had been carried out, cybercriminals could have compromised software supply chains for distribution of malware, allowed them to replace software releases, and alter distributed PC Manager executables," Trend Micro said."If an attack had been carried out, cybercriminals could have compromised software supply chains for distribution of malware, allowed them to replace software releases, and alter distributed PC Manager executables," Trend Micro said.Over 50% of the compromised devices are located in Brazil, followed by Argentina, Russia, Iraq, and Mexico, per Qrator Labs.Over 50% of the compromised devices are located in Brazil, followed by Argentina, Russia, Iraq, and Mexico, per Qrator Labs.Hong Kong, Vietnam, Mexico, the Philippines, India, and China were the main international destinations for fraudulent wire transactions.Hong Kong, Vietnam, Mexico, the Philippines, India, and China were the main international destinations for fraudulent wire transactions." — The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities to facilitate phishing form generation in various languages, form field customization, and translation of phishing forms into local languages.In this session, you"ll learn how to stop identity-based attacks before they start, using real-time verification, access checks, and advanced deepfake detection. "

A large-scale phishing campaign targets WordPress WooCommerce users

Autosummary: Additionally, the compromised site generates outbound HTTP requests to attacker-controlled domains, including woocommerce-services[.]com , woocommerce-api[.]com , and woocommerce-help[.]com . "

VeriSource now says February data breach impacts 4 million people

Autosummary: "

African multinational telco giant MTN Group disclosed a data breach

Autosummary: Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details. "

Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers

Autosummary: The vulnerabilities, flagged by cybersecurity vendor OPSWAT, are listed below - CVE-2025-27610 (CVSS score: 7.5) - A path traversal vulnerability that could be used to gain access to all files under the specified root: directory, assuming an attacker can determine the paths to those files (CVSS score: 7.5) - A path traversal vulnerability that could be used to gain access to all files under the specified root: directory, assuming an attacker can determine the paths to those files CVE-2025-27111 (CVSS score: 6.9) - An improper neutralization of carriage return line feeds (CRLF) sequences and improper output neutralization for logs vulnerability that could be used to manipulate log entries and distort log files (CVSS score: 6.9) - An improper neutralization of carriage return line feeds (CRLF) sequences and improper output neutralization for logs vulnerability that could be used to manipulate log entries and distort log files CVE-2025-25184 (CVSS score: 5.7) - "

Baltimore City Public Schools data breach affects over 31,000 people

Autosummary: During the breach, the threat actors may have stolen folders, files, or records containing social security numbers, driver"s license numbers, or passport numbers belonging to current and former employees, volunteers, and contractors. "

Yale New Haven Health data breach affects 5.5 million patients

Autosummary: "

Darcula Adds GenAI to Phishing Toolkit, Lowering the Barrier for Cybercriminals

Autosummary: "

Frederick Health data breach impacts nearly 1 million patients

Autosummary: "

Zoom attack tricks victims into allowing remote access to install malware and steal money

Autosummary: “While the interview was ongoing @tacticalinvest_ was downloading malware on my computer known as goopdate,” he reports, “which was powerful enough to steal >$100k in digital assets from my Bitcoin and Ethereum wallets, as well as log into my twitter, gmail, and other accounts.”As he describes in a postmortem thread on X earler this month, he also got a media invitation from an X account, this time called @tacticalinvest_, to appear on a podcast. "

Yale New Haven Health (YNHHS) data breach impacted 5.5 million patients

Autosummary: The stolen data varies by patient and includes the following info: Full name Date of birth Home address Telephone number Email address Race/ethnicity Social Security number (SSN) Patient type Medical record number It was clarified that the exposure did not include financial information, medical records, or treatment details. "

The dark side of YouTube: Malicious links, phishing, and deepfakes

Autosummary: But if platforms were held responsible for everything, they might over-censor to avoid potential liability, which could impact the diversity of content users see. But it also helps scan content, find patterns, and flags suspicious behavior.With its sophistication, it floods channels with deepfakes and AI-generated content, making it harder to tell what’s real and what’s fake. "

Phishing emails delivering infostealers surge 84%

Autosummary: As a result of these takedowns, we have seen increased diversification and turnover in the malware activity of actors associated with cybercrime groups such as ITG23, (Wizard Spider, TrickBot Group), ITG25 (Lunar Spider, IcedID), and ITG26 (Qakbot, Pikabot).The most common actions on objective included tool-remote access (17%), malware-backdoor (17%), and server access (13%), signaling attackers’ focus on system control and data exfiltration. "

Phishing detection is broken: Why most attacks feel like a zero day

Autosummary: In any case, while modern email solutions can bring a lot more to the table, neither email or network (proxy) based tools can’t definitively know that a page is malicious unless they can access the page and analyze it… Attackers are preventing their pages from being analyzed Both email and network (proxy) based solutions rely on being able to inspect and analyze a page to identify whether it is malicious or not, after which IoCs are generated that can be enforced when a link is clicked (or received in your email inbox). A key challenge with phishing detection is that based on the indicators that we as an industry use to commonly detect phishing pages, pretty much every phishing attack looks different and uses a unique combination of domain, URL, IPs, page composition, target app, etc. Getting real-time visibility of page/user behavior and malicious toolkits running on the page is key to moving to TTP-based detections, rather than chasing quickly-changing IoCs The future of phishing detection and response is browser based Push Security provides a browser-based identity security solution that intercepts phishing attacks as they happen — in employee browsers.To detect and block a phishing page, it needs to be used in an attack first… Protect and defend your identity attack surface with Push Security Book a demo to see how Push"s browser-based identity security platform prevents account takeover attacks like MFA-bypass phishing, credential stuffing, password spraying, and session hijacking.Book a demo or try it for free Why most phishing attacks are completely novel Attackers know that phishing detection and blocking: Relies on blocklisting IoCs like domains, URLs and IPs Is situated at the email and network layer Requires that a page is accessed and analyzed before it can be blocked These methods have remained practically unchanged for more than a decade. With MFA-bypassing phishing kits the new normal, capable of phishing accounts protected by SMS, OTP, and push-based methods, detection controls are being put under constant pressure as prevention controls fall short. "

2025 Data Breach Investigations Report: Third-party breaches double

Autosummary: In addition to passwords (regardless of hash status), researchers found email addresses (61% of breaches), phone numbers (39%), government-issued IDs (22%) and even the occasional passport (1.8%).However, the context around vulnerabilities – where a given vulnerability exists in your environment, what data or systems are potentially at risk, ease of exploitation, the existence of a proof-of-concept, and so much more – drives informed prioritization and remediation. Although the involvement of the human element in breaches remained roughly the same as last year, hovering around 60%, the percentages of breaches where a third party was involved doubled, going from 15% to 30%. "

Three Reasons Why the Browser is Best for Stopping Phishing Attacks

Autosummary: But you get much better visibility of all this in the browser, with access to: Full decrypted HTTP traffic — not just DNS and TCP/IP metadata Full user interaction tracing — every click, keystroke, or DOM change can be traced Full inspection at every layer of execution, not just initial HTML served Full access to browser APIs, to correlate with browser history, local storage, attached cookies, etc. Being in the browser enables you to build much more effective controls based on TTPs And with this new visibility, because you"re in the browser and seeing the page at the same time as the user is interacting with it, you can… #3: Intercept in real time, not post mortem For non-browser solutions, real-time phishing detection is basically nonexistent. With MFA-bypassing phishing kits the new normal, capable of phishing accounts protected by SMS, OTP, and push-based methods, detection controls are being put under constant pressure as prevention controls fall short. But attackers know this, and are taking steps to avoid these controls, by: Routinely evading IoC driven blocklists by dynamically rotating and updating commonly signatured elements like IPs, domains, and URLs.When endpoint attacks skyrocketed in the late 2000s / early 2010s, they took advantage of the fact that defenders were trying to detect malware with primarily network-based detections, signature-based analysis of files, and running files in sandboxes (which was reliably defeated with sandbox-aware malware and using things as simple as putting an execution delay in the code). "

DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack

Autosummary: A brief description of each of the threat actors is below - UNC1069 (Active since at least April 2018), which targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors from reputable companies on Telegram to gain access to victims" digital assets and cryptocurrency (Active since at least April 2018), which targets diverse industries for financial gain using social engineering ploys by sending fake meeting invites and posing as investors from reputable companies on Telegram to gain access to victims" digital assets and cryptocurrency UNC4899 (Active since 2022), which is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment and has previously staged supply chain compromises for financial gain (Overlaps with Jade Sleet, PUKCHONG, Slow Pisces, TraderTraitor, and UNC4899) (Active since 2022), which is known for orchestrating job-themed campaigns that deliver malware as part of a supposed coding assignment and has previously staged supply chain compromises for financial gain (Overlaps with Jade Sleet, PUKCHONG, Slow Pisces, TraderTraitor, and UNC4899) UNC5342 (Active since January 2024), which is also known for employing job-related lures to trick developers into running malware-laced projects (Overlaps with Contagious Interview, DeceptiveDevelopment, DEV#POPPER, and Famous Chollima) Another North Korean threat actor of note is UNC4736, which has singled out the blockchain industry by trojanizing trading software applications and has been attributed to a cascading supply chain attack on 3CX in early 2023. "

How fraudsters abuse Google Forms to spread scams

Autosummary: It is favored by cybercriminals because it is: Free, meaning threat actors can launch campaigns at scale with a potentially lucrative return on their investment Trusted by users, which increases the chances of victims believing that the Google Form they’re being sent or redirected to is legitimate A legitimate service, meaning that malicious Google Forms and links to malicious forms are often waved through by traditional email security tools Easy to use, which is good for users but also handy for cybercriminals – meaning they can launch convincing phishing campaigns with very little effort or prior knowledge of the tool Cybercriminals also take advantage of the fact that Google Forms communications are encrypted with TLS, which may make it harder for security tools to peer in and check for any malicious activity.Either way, the end goal is usually to: Harvest your log-ins, which can then be used to hijack accounts and commit identity fraud Steal your card details or banking/crypto information in order to take over these accounts and drain them of funds or commit payment fraud Persuade you to click on a link in the malicious Google Form that redirects you to a site which covertly installs malware on your machine Call back phishing Attackers send you a malicious Google Form crafted to trick you into calling a phone number listed on it. Attacks in the wild Among the real-world campaigns security researchers have seen in recent years are: BazarCall A vishing-type threat in which victims received an email containing a malicious Google Form impersonating PayPal, Netflix, or one of several other big-name brands.Here are some of the main techniques to look out for: Phishing-related forms Threat actors create Google Forms designed to spoof legitimate brands, such as log-in pages for social media sites, banks and universities, or even payment pages. "

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Autosummary: The new Android malware, the work of a Chinese-speaking threat actor, has been observed being propagated via three different bogus apps, duping victims into installing them via social engineering techniques like deceptive SMS or WhatsApp messages - Verifica Carta (io.dxpay.remotenfc.supercard11) SuperCard X (io.dxpay.remotenfc.supercard) KingCard NFC (io.dxpay.remotenfc.supercard) The messages impersonate bank security alerts to induce a false sense of urgency by urging recipients to call a specific number to dispute the transaction. "

Entertainment venue management firm Legends International disclosed a data breach

Autosummary: The company offers a 360-degree service platform that includes strategic planning, sales, partnerships, hospitality, merchandise, and technology solutions. "

Entertainment venue management firm Legends International disclosed a data breach

Autosummary: The company offers a 360-degree service platform that includes strategic planning, sales, partnerships, hospitality, merchandise, and technology solutions. "

FBI: Scammers pose as FBI IC3 employees to "help" recover lost funds

Autosummary: "

Text scams grow to steal hundreds of millions of dollars

Autosummary: It also implies that a lot of incidents went unreported since we find it hard to believe that the number of scams might have declined—all it takes is a look at any single week in news coverage on Malwarebytes Labs to find stories on new scams, old scams, repeated scams, and the no-good scammers behind them.The idea is to get the target to tell them they’ve got a wrong number and with that engage them in a conversation, which may lead to romance scams, pig butchering, or other investment scams. "

Chinese Smishing Kit Powers Widespread Toll Fraud Campaign Targeting U.S. Users in 8 States

Autosummary: The phishing campaigns, per the company, impersonate U.S. electronic toll collection systems like E-ZPass, sending SMS messages and Apple iMessages to individuals across Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois, and Kansas about an unpaid toll and clicking on a fake link sent in the chat. "

Inside PlugValley: How this AI vishing-as-a-service group operates

Autosummary: "

"Scammers used fake app to steal from me in person"

Autosummary: "In the coming months, we will set out further details including plans to strengthen international cooperation, introduce better protections against AI-enabled fraud, and increase collaboration between government and the private sector," they added.A spokesperson said the fake banking app scam is "a concern" and they gave the following safety advice: Do not be pressured into accepting payment by bank transfer Never hand over goods unless you are sure you have received the money and check your own bank account to see if the payment has arrived Check if the buyer has a newly registered profile before you meet them as this may mean they are not who they say they are More information about staying safe from scams can be found here."He handed his phone over to me and I typed in my account details, clicked send, and it came up with a successful payment notification," Mr Rudd said. "

CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams

Autosummary: PointyPhish is linked to over 3,000 domains and phishing sites, preying on urgency by claiming expiring reward points to trick customers into fraudulent sites that steal payment details Similarly, TollShark involves over 2,000 domains and phishing sites, exploiting fears of unpaid tolls to capture sensitive information from unsuspecting individuals. Two Different Campaigns, One Common Tactic PointyPhish – Sends fake SMS alerts about expiring reward points to banking, airline, and retail store customers, leading to phishing pages that steal full credit/debit card details. "

Entertainment services giant Legends International discloses data breach

Autosummary: "

Windows NTLM hash leak flaw exploited in phishing attacks on governments

Autosummary: " The malicious archive also contains three more files, namely "xd.url," "xd.website," and "xd.link," which leverage older NTLM hash leak flaws and are most likely included for redundancy in case the "library-ms" method fails. "

Government contractor Conduent disclosed a data breach

Autosummary: Due to the complexity of the files, the Company engaged cybersecurity data mining experts to evaluate the exfiltrated data and was recently informed of its nature, scope and validity, confirming that the data sets contained a significant number of individuals’ personal information associated with our clients’ end-users.” "

Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins

Autosummary: " The disclosure comes as Microsoft, in its latest Cyber Signals report, warned of an increase in AI-driven fraud attacks to generate believable content for attacks at scale using deepfakes, voice cloning, phishing emails, authentic-looking fake websites, and bogus job listings. "

“I sent you an email from your email account,” sextortion scam claims

Autosummary: My Bitcoin address (BTC wallet): 1FJg6nuRLLv4iQLNFPTpGwZfKjHJQnmwFs After payment is received, I will delete the video and you will not hear from me again I’m giving you 48 hours to pay Do not forget that I will see you when you open the message, the counter will start If I see you’ve shared this message with someone else, the video will be posted immediately” If the victim decides to search for “njrat” they’ll find that it’s a remote access trojan (RAT) has capabilities to log keystrokes, access the victim’s camera, steal credentials stored in browsers, upload/download files, view the victim’s desktop, and more. The text of the email roughly looks like this: “As you may have noticed, I sent you an email from your email account This means I have full access to your account I’ve been watching you for a few months The thing is, you got infected with a njrat through an adult site you visited If you don’t know about this, let me explain The njrat gives me full access and control over your device. "

Google blocked over 5 billion ads in 2024 amid rise in AI-powered scams

Autosummary: "

Hertz disclosed a data breach following 2024 Cleo zero-day attack

Autosummary: Hertz disclosed a data breach following 2024 Cleo zero-day attack Pierluigi Paganini April 15, 2025 April 15, 2025 Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. "

Minister"s X account hacked to promote crypto scam

Autosummary: Luke Nolan, a senior research associate at CoinShares, an asset management company specialising in digital assets, said the hack of Powell"s account was an example of "pump and dump". "

Hertz data breach caused by CL0P ransomware attack on vendor

Autosummary: The type of stolen data varies per customer, but could include: Name Contact information Driver’s license Social Security Number (in rare cases according to Hertz) “A very small number of individuals may have had their Social Security or other government identification numbers, passport information, Medicare or Medicaid ID (associated with workers’ compensation claims), or injury-related information associated with vehicle accident claims impacted by the event.”The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver’s license, and—in rare cases—Social Security Number exposed in a data breach. In 2024, CL0P repeated this method using a zero-day exploit against Cleo, a business-to-business (B2B) tech platform provider that specializes in managed file transfer (MFT) solutions, like Cleo Harmony, VLTrader, and LexiCom. "

Hertz data breach: Customers in US, EU, UK, Australia and Canada affected

Autosummary: "

Peru"s ex-President Ollanta Humala guilty of money laundering

Autosummary: "

Midnight Blizzard deploys new GrapeLoader malware in embassy phishing

Autosummary: A pour of malware The phishing campaign started in January 2025 and begins with an email spoofing a Ministry of Foreign Affairs, sent from "bakenhof[.]com" or "silry[.]com," inviting the recipient to a wine-tasting event. "

Landmark Admin data breach impact now reaches 1.6 million people

Autosummary: "

The quiet data breach hiding in AI workflows

Autosummary: Understanding prompt leaks Prompt leaks happen when sensitive data, such as proprietary information, personal records, or internal communications, is unintentionally exposed through interactions with LLMs. Mitigation strategies “The way to avoid leaks is not to avoid training LLMs on company data, but rather making sure that only people with appropriate access and sufficient levels of trust can use such LLMs within the organization,” said Or Eshed, CEO of LayerX. Eshed recommended a tiered approach for enterprises looking to tighten AI security. These kinds of exposures carry real risks: Regulatory fallout: If personally identifiable information (PII) or protected health information (PHI) is exposed through prompts, it could trigger violations under GDPR, HIPAA, or other data protection laws. If personally identifiable information (PII) or protected health information (PHI) is exposed through prompts, it could trigger violations under GDPR, HIPAA, or other data protection laws.Researchers found that many inputs posed some level of data leakage risk, including personal identifiers, financial data, and business-sensitive information. "

Sector by sector: How data breaches are wrecking bottom lines

Autosummary: The action plan proposes, among others, for ENISA, the EU agency for cybersecurity, to establish a pan-European Cybersecurity Support Centre for hospitals and healthcare providers, providing them with tailored guidance, tools, services, and training. Factors contributing to rising costs Several factors are driving up the costs associated with data breaches: Business disruption: Breaches often lead to significant operational downtime, resulting in lost revenue and decreased productivity. Strategies to mitigate data breach costs To reduce the financial impact of data breaches, organizations should: 1.As recent events have shown, this harm extends beyond a loss in patient volume to include financial repercussions, such as downgrades in bond ratings,” Aaron Weismann, CISO at Main Line Health explained. "

Tycoon2FA phishing kit rolled out significant updates

Autosummary: The Phishing-as-a-Service platform uses anti-debugging scripts to block dev tools, detect automation, prevent right-click, and spot paused execution. "

South African telecom provider Cell C disclosed a data breach following a cyberattack

Autosummary: Compromised data includes full names, contact details, ID numbers, banking information, driver’s license numbers, medical records and passport details.South African telecom provider Cell C disclosed a data breach following a cyberattack Pierluigi Paganini April 14, 2025 April 14, 2025 Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. "

ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading

Autosummary: This includes Hindi, Italian, Czech, Turkish, Portuguese, and Indonesian, indicating the threat actor"s attempts to cast a wide net through region-specific targeting and maximize infection rates. "

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Autosummary: Unlike "spray-and-pray" credential harvesting campaigns that typically involve the bulk distribution of spam emails to obtain victims" login information in an indiscriminate fashion, the latest attack tactic takes spear-phishing to the next level by only engaging with email addresses that attackers have verified as active, legitimate, and high-value. "

Hertz confirms customer info, drivers" licenses stolen in data breach

Autosummary: " The company says that the data varies per individual but could contain customers" names, contact information, date of birth, credit card information, driver"s license information, and information related to workers" compensation claims. "

Tycoon2FA phishing kit targets Microsoft 365 with new tricks

Autosummary: SVG lures surging In a separate but related report, Trustwave says it has identified a dramatic increase in phishing attacks using malicious SVG (Scalable Vector Graphics) files, driven by PhaaS platforms like Tycoon2FA, Mamba2FA, and Sneaky2FA. "

iOS devices face twice the phishing attacks of Android

Autosummary: Misconfigurations can compromise mobile devices Mobile device security must now be a priority for security teams, given the increased availability of sophisticated malware, the development of state-sponsored mobile malware, an notable number of iOS zero-day vulnerabilities, and a significant reliance on mobile social engineering. "

Laboratory Services Cooperative data breach impacts 1.6 Million People

Autosummary: The stolen data from the LSC breach may include names, addresses, phone numbers, and emails, as well as medical information (diagnoses, lab results, treatment details), health insurance details (plan info, member IDs), billing and payment data (bank account and card info), and sensitive identifiers like Social Security numbers, driver’s license or passport numbers, dates of birth, and student or government IDs. "

Who"s calling? The threat of AI-powered vishing attacks

Autosummary: This initial access led to a massive data breach, costing MGM Resorts millions in revenue and causing widespread system disruptions, including issues with reservations, electronic payments, and slot machines in casinos. By implementing authentication measures, educating employees, and adopting security best practices, organizations can reduce their exposure to vishing attacks. Vishing, or "voice phishing," is a form of social engineering where scammers use phone calls to deceive victims into revealing sensitive information or making fraudulent payments. Some cybercriminals also offer "Vishing-as-a-Service" (VaaS), where they sell their talents to less-skilled fraudsters. "

Phishing kits now vet victims in real-time before stealing credentials

Autosummary: Unlike traditional mass-targeting phishing, this new method uses real-time email validation to ensure phishing content is shown only to pre-verified, high-value targets. "

Lovable AI Found Most Vulnerable to VibeScamming — Enabling Anyone to Build Live Scam Pages

Autosummary: Guardio Labs" latest analysis takes a step further, uncovering that platforms like Lovable and Anthropic Claude, to a lesser extent, could be weaponized to generate complete scam campaigns, complete with SMS text message templates, Twilio-based SMS delivery of the fake links, content obfuscation, defense evasion, and Telegram integration. "

National Social Security Fund of Morocco Suffers Data Breach

Autosummary: Other benefits: The CNSS also provides benefits for maternity, invalidity, family allowances, death grants, and survivor’s pensions The threat actor has leaked CSV and PDF files containing personal information about 1,996,026 employees from various enterprises operating in Morocco. "

Phishing, fraud, and the financial sector’s crisis of trust

Autosummary: Phishing and fraud erode customer trust, threatening the financial sector’s reputation The financial toll on victims of phishing and fraud is immense, with many losing significant amounts of money, including life savings, in a single scam.Finally, continuous education and awareness programs for employees and consumers are vital in protecting customer data, maintaining trust, and strengthening the human defense layer,” said Sunil Mallik, CISO of Discover Financial Services.These links appear in various sources, including emails, messaging apps, social media, advertisements, and search engine results. "

Ontinue empowers organizations to mitigate phishing threats

Autosummary: Key capabilities of ION for Enhanced Phishing Protection include: Automated analysis of user-reported phishing emails : ION automates the analysis of all incoming phishing alerts, examining user accounts, hosts, mailboxes, IP addresses, files, and URLs. "

Tax deadline threat: QuickBooks phishing scam exploits Google Ads

Autosummary: Malicious QuickBooks domains quicckboocks-accounting[.]com quicckbooks-accounting[.]com quicckrbooks-acccounting[.]com quicfkbooks-accounting[.]com quichkbooks-accounting[.]com quicjkbooks-accounting[.]com quickboorks-acccounting[.]com quickboorks-accountings[.]com quicnkbooks-accounting[.]com quicrkbookrs-accounting[.]com quicrkbooks-acccounting[.]com quicrkbooks-accountting[.]com quicrkboorks-accounnting[.]com quicrkboorks-accounting[.]com quicrkbrooks-online[.]com quicrkrbooks-accounting[.]com quictkbooks-accounting[.]com quicvkbooks-accounting[.]com quicxkbooks-accounting[.]com quirckbooks-accounting[.]com "

PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

Autosummary: In 2025, Scattered Spider has targeted brands including: Audemars Piguet, Chick-fil-A, Credit Karma, Forbes, Instacart, Louis Vuitton, Morningstar, New York Digital Investment Group, News Corporation, Nike, Paxos, Twitter/X, and Vodafone.” concludes the report.PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets Pierluigi Paganini April 07, 2025 April 07, 2025 A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims’ digital wallets. "

Food giant WK Kellogg discloses data breach linked to Clop ransomware

Autosummary: "WK Kellogg learned on February 27, 2025, that a security incident may have occurred involving Cleo," reads the notice. "

Toll fee scams are back and heading your way

Autosummary: Indicators of Compromise (IoCs) Domains involved in toll fee scams: com-roadioe[.]cc uoshxkdhkz[.]top com-zgoupbb[.]top forfeitzm[.]top sunpass-verification[.]top com-tollbilljhy[.]top com-etc-bbzj[.]vip com-tollbilltid[.]vip com-tollbilltwd[.]vip paytollrbzx[.]vip com-ticketvb[.]xin com-emzwepr[.]xin com-ustolls[.]xin com-tollbilaz[.]xin etc-tollad[.]xin roadetctre[.]xin Did you know that Malwarebytes for mobile scans your texts for scams and blocks known malicious sites?These attempts come as an unexpected text message linking to a website pretending to belong to one of the US toll authorities, like E-ZPass, The Toll Roads, SunPass, or TxTag. "

CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks

Autosummary: It can be either a single flux, where a single domain name is linked to numerous IP addresses, or double flux, where in addition to changing the IP addresses, the DNS name servers responsible for resolving the domain are also changed frequently, offering an extra layer of redundancy and anonymity for the rogue domains. "

Six arrested for AI-powered investment scams that stole $20 million

Autosummary: Moreover, 100,000 Euros, mobile phones, computers, hard drives, firearms, and documents were seized during the police raids. "

E-ZPass toll payment texts return in massive phishing wave

Autosummary: The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information including names, email addresses, physical addresses, and credit card information. "

Oracle privately notifies Cloud data breach to customers

Autosummary: Oracle privately notifies Cloud data breach to customers Pierluigi Paganini April 06, 2025 April 06, 2025 Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle is privately notifying customers of a breach affecting usernames, passkeys, and encrypted passwords, with the FBI and CrowdStrike investigating the incident. "

Port of Seattle ‘s August data breach impacted 90,000 people

Autosummary: The Port confirmed that an unauthorized actor accessed and encrypted parts of their computer systems, disrupting key services like baggage handling, check-in kiosks, ticketing, Wi-Fi, and parking. Threat actors stole individuals’ information that included some combination of names, dates of birth, Social Security numbers (or last four digits of Social Security number), driver’s license or other government identification card numbers, and some medical information. "

PoisonSeed phishing campaign behind emails with wallet seed phrases

Autosummary: Coinbase-themed email with seeds for the victim to use Source: SilentPush That is because, when creating a new wallet, the victim isn"t using a secure, pre-generated seed phrase from the company (Coinbase) like they are made to believe, but instead using one for a wallet already under the attackers" control. "

Texas State Bar warns of data breach after INC ransomware claims attack

Autosummary: "

Smashing Security podcast #411: The fall of Troy, and whisky barrel scammers

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Episode links: Sponsored by: Harmonic – Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. "

Generative AI Is reshaping financial fraud. Can security keep up?

Autosummary: For example, a fraud ring conducting large-scale coordinated attacks involving account takeover and mass registration could use different IPs and device IDs, IP addresses traced back to VPN or data centers, the recurrence of specific payee account numbers, etc.In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies.Sophisticated AI technologies and machine learning models can analyze large sets of data and signals in real-time to identify hidden patterns and correlations through usage patterns, device information, location information, network characteristics. "

“Urgent reminder” tax scam wants to phish your Microsoft credentials

Autosummary: Even though scammers can use Artificial Intelligence to create convincing emails that appear to come from the IRS, there are often some tell-tale signs of social engineering attempts: Too good to be true: Huge, unexpected tax returns are usually just an incentive to get you to surrender private information in the hopes of obtaining that sum. Never send sensitive personal information such as your bank account, charge card, or Social Security number by email.Dear receiver, As part of our ongoing efforts to ensure compliance with the latest tax regulations, we are conducting a mandatory review and update of your tax records. "

Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing

Autosummary: The development comes as Barracuda warned of a "massive spike" in PhaaS attacks in early 2025 using Tycoon 2FA, EvilProxy, and Sneaky 2FA, with each service accounting for 89%, 8%, and 3% of all the PhaaS incidents, respectively. "

How to recognize and prevent deepfake scams

Autosummary: At first, people used deepfakes for entertainment and fun, but over time, they have become a dangerous tool in the hands of criminals for fraud, identity theft, blackmail, and spreading misinformation. With the availability of various AI tools, ranging from open-source software (DeepFaceLab, Faceswap) to mobile applications (Zao, Reface), making a deepfake now requires little more than a laptop or smartphone and the right software.In simple terms, they produce videos, images, audio, or text that look and sound real, even though the events depicted never actually happened. "

Morphing Meerkat phishing kits exploit DNS MX records

Autosummary: Infoblox researchers discovered a new phishing-as-a-service (PhaaS) platform that generated multiple phishing kits, called Morphing Meerkat, using DNS mail exchange (MX) records to deliver fake login pages and targeting over 100 brands.Morphing Meerkat phishing kits exploit DNS MX records Pierluigi Paganini March 31, 2025 March 31, 2025 Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. "

Phishing platform "Lucid" behind wave of iOS, Android SMS attacks

Autosummary: Victims clicking on the phishing links are redirected to fake landing pages impersonating state government toll and parking agencies or private entities, such as USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, SunPass, Transport for London, and more. "

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Autosummary: Some of the important features supported by the malware are listed below - Launch specified application Self-remove from the device Post a push notification Send SMS messages to all/select contacts Retrieve contact lists Get a list of installed applications Get SMS messages Request Device Admin privileges Enable black overlay Update C2 server settings Enable/disable sound Enable/disable keylogging Make itself a default SMS manager "The emergence of the Crocodilus mobile banking Trojan marks a significant escalation in the sophistication and threat level posed by modern malware," ThreatFabric said. "

U.S. seized $8.2 million in crypto linked to "Romance Baiting" scams

Autosummary: The worst-case individual loss described in the complaint was that of a victim from Mentor, Ohio, who lost approximately $663,352 in total ($250,000 in initial investment, $174,400 in "release fees," $238,946 in "handling fees"). "

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

Autosummary: RAT Capabilities: Screen Interaction & Control: Performs swipes, clicks, and button presses (Back, Home, Menu). “Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging.” "

Android financial threats: What businesses need to know to protect themselves and their customers

Autosummary: This approach combines something the user knows (e.g., a password), something they have (e.g., a smartphone or security token), and something they are (e.g., biometric data such as fingerprints or facial recognition).This approach combines something the user knows (e.g., a password), something they have (e.g., a smartphone or security token), and something they are (e.g., biometric data such as fingerprints or facial recognition). Once installed, these apps function as fake banking interfaces, obtaining sensitive data, by phishing or other means, and transmit it to attackers.User-friendly security measures, such as biometric authentication or password managers, should be intuitive and easy to use, encouraging businesses and their employees to adopt and maintain these practices long-term. "

Phishing-as-a-service operation uses DNS-over-HTTPS for evasion

Autosummary: The operation can impersonate more than 114 email and service providers, including Gmail, Outlook, Yahoo, DHL, Maersk, and RakBank, delivering messages with subject lines crafted to prompt urgent action like “Action Required: Account Deactivation.” "

Russian authorities arrest three suspects behind Mamont Android banking trojan

Autosummary: Android banking trojan Pierluigi Paganini March 28, 2025 March 28, 2025 Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. "

Crooks are reviving the Grandoreiro banking trojan

Autosummary: Grandoreiro is a modular backdoor that supports the following capabilities: Keylogging Auto-Updation for newer versions and modules Web-Injects and restricting access to specific websites Command execution Manipulating windows Guiding the victim’s browser to a certain URL C2 Domain Generation via DGA (Domain Generation Algorithm) "

NHS software provider fined £3m over data breach after ransomware attack

Autosummary: Last year, the regulator criticised Advanced over the incident, which placed "further strain" on a "sector already under pressure". "

Smashing Security podcast #410: Unleash the AI bot army against the scammers – now!

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Episode links: Sponsored by: Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. "

New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records

Autosummary: "

How PAM Mitigates Insider Threats: Preventing Data Breaches, Privilege Misuse, and More

Autosummary: PAM solutions streamline compliance by providing detailed logs of privileged account activities, simplifying the auditing process, and ensuring adherence to standards, laws, and regulations such as the GDPR, PCI DSS, and NIS2.PAM solutions streamline compliance by providing detailed logs of privileged account activities, simplifying the auditing process, and ensuring adherence to standards, laws, and regulations such as the GDPR, PCI DSS, and NIS2.This efficiency leads to increased productivity, as users can access necessary systems promptly without compromising security.​ Overall, implementing a robust PAM solution not only fortifies your organization"s security against insider threats but also delivers a multitude of benefits that drive operational efficiency, regulatory compliance, and productivity growth.Automating insider threat response With the automation provided by PAM solutions, organizations significantly reduce the time to detect and respond to insider threats, minimizing potential financial, operational, and reputational damage. The consequences of insider threats range from financial losses and reputational damage to severe penalties for non-compliance with critical cybersecurity laws, regulations, and standards like GDPR, NIS2, or HIPAA. "

If you think you’re immune to phishing attempts, you’re wrong!

Autosummary: The email does not address the recipient by name and the email address from which it was sent does not look like it might belong to Mailchimp (hr@group-f.be) but, as he explained: He was jet-lagged and tired Outlook on iOS, which he initially used to read the email, did not render the email address, just the spoofed sender name (“MailChimp Account Services”) "

StreamElements discloses third-party data breach after hacker leaks data

Autosummary: "I attempted to verify the legitimacy of the data breach by requesting my own personal details from orders placed in 2021 or 2022," explained Bussey on X. "Seconds later, they provided that information, including my name, address, postal code, phone number, and email. "

Security expert Troy Hunt hit by phishing attack

Autosummary: The stolen records included email addresses, subscription statuses, and IP addresses, along with latitude and longitude data, which, as Hunt later learned, “do not pinpoint the location of the subscriber.” And, importantly, as the owner of the website Have I Been Pwned (HIBP), which helps people search whether they’ve been involved in a data breach, Hunt had one more data breach to add to the website’s collection: His own. "

Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps

Autosummary: 私密相册 (pBOnCi.cUVNXz) X•GDN (pgkhe9.ckJo4P) 迷城 (pCDhCg.cEOngl) 小宇宙 (p9Z2Ej.cplkQv) X (pDxAtR.c9C6j7) 迷城 (pg92Li.cdbrQ7) 依恋 (pZQA70.cFzO30) 慢夜 (pAQPSN.CcF9N3) indus credit card (indus.credit.card) Indusind Card (com.rewardz.card) There is no evidence that these apps are distributed to Google Play. "

APT and financial attacks on industrial organizations in Q4 2024

Autosummary: According to Trend Micro, Salt Typhoon targeted telecom, government, technology, consulting, chemical and transportation companies in Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, U.S. and Vietnam. Middle East-related activity CISA alert on Iranian cyber actors The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Communications Security Establishment Canada (CSE), Australian Federal Police (AFP) and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released a joint cybersecurity advisory regarding Iranian cyber actors that have been actively targeting organizations across various critical infrastructure sectors, including healthcare, public health, government, IT, engineering and energy, since October 2023.In total, eight modules were discovered, with targets from Bangladesh, Djibouti, Jordan, Malaysia, the Maldives, Myanmar, Nepal, Pakistan, Saudi Arabia, Sri Lanka, Turkey and the United Arab Emirates.Interlock ransomware samples have been spotted in India, Italy, Japan, Germany, Peru, South Korea, Turkey and the U.S., and victims have been found in the education, finance, government, healthcare, and manufacturing sectors.Additionally, the attackers exploited the following vulnerabilities: Atlassian Confluence RCE vulnerabilities (CVE-2023-22515, CVE-2023-22518), Zimbra vulnerability chain (CVE-2019-9670, CVE-2019-9621), MS Exchange vulnerability chain (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) and JetBrains TeamCity RCE vulnerability (CVE-2024-27198). Attacks by Akira/Howling Scorpius targeting medium-size organizations in various sectors, including construction, transportation and logistics, government, telecommunications, technology and pharmaceuticals, bypassed cybersecurity solutions through a mix of well-known techniques, such as Bring You Own Vulnerable Driver, and a new one targeting virtualized infrastructures protected with EDR solutions.The new Interlock ransomware, which has a version tailored for this OS, has been observed targeting industrial enterprises in India, Italy, Japan, Germany, Peru, South Korea, Turkey, and the United States.Initial access is achieved by exploiting vulnerable public endpoints using CVE-2023-46805, CVE-2024-21887 (Ivanti Connect VPN service), CVE-2023-48788 (FortiClient EMS), CVE-2022-3236 (Sophos firewall), CVE-2021-26855, CVE-2021-26857-6858 and CVE-2021-27065 (ProxyLogon). The attacks associated with all four group names (Shadow, Twelve, Comet, DARKSTAR) involved use of the same tools, like Cobint, gpo.ps1, similar strings in Windows tasks created for running malware, and ngrok as one of the backup channels for the access and execution of other malicious actions. Operation Cobalt Whisper SEQRITE Labs’ APT team has revealed an advanced cyber-espionage campaign known as Operation Cobalt Whisper, impacting multiple industries including defense, education, environmental engineering, electrotechnical engineering, energy, cybersecurity, aviation and healthcare in Hong Kong and Pakistan.In addition to GHOSTSPIDER, Salt Typhoon uses a set of proprietary and shared tools for complex multi-stage attacks: SNAPPYBEE (aka Deed RAT), SparrowDoor, CrowDoor and MASOL RAT for Linux, the DEMODEX rootkit, NeoReGeorg, frpc, and Cobalt Strike. According to Kaspersky telemetry, the threat actor has been active in Russia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Slovakia, and Turkey. When targeting defence, energy, governmental, pharmaceutical, insurance and legal sectors in Europe, Ukraine and the U.S. for espionage and cybercrime, RomCom exploited a chain of two zero-day vulnerabilities (one in the browser and one in the OS) that ended up with zero-click remote code execution.Affected industries include education, construction, consulting, transportation and logistics, government, telecommunications, technology and pharmaceuticals, with manufacturing being affected the most. RomCom attacks ESET researchers have linked Russia-aligned threat actor RomCom (aka Storm-0978, Tropical Scorpius, UNC2596), known for its opportunistic and targeted espionage operations, to a campaign exploiting two zero-day vulnerabilities: one in Mozilla Firefox (CVE-2024-9680) and the other in Microsoft Windows (CVE-2024-49039).The malware supports several plugins that can steal login and FTP credentials, email addresses, cookies, and other information from browsers, Outlook, Thunderbird, FileZilla and WinSCP.The Crypt Ghouls’ other toolset consists of common tools such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet tool, Resocks, AnyDesk, PsExec and others. "

Microsoft’s new AI agents take on phishing, patching, alert fatigue

Autosummary: “Purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely—aligned to Microsoft’s Zero Trust framework,” said Vasu Jakkal, Corporate VP, Microsoft Security. "

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Autosummary: Found being sold on the dark web, the data reportedly included “profile and account ID numbers, names, gender, birth year, maternal and paternal genetic markers, ancestral heritage results, and data on whether or not each user has opted into 23AndMe’s health data.”According to the company’s own privacy statement: “If we are involved in a bankruptcy, merger, acquisition, reorganization, or sale of assets, your Personal Information may be accessed, sold or transferred as part of that transaction.” "

DNA testing site 23andMe files for bankruptcy protection

Autosummary: "

23andMe files for bankruptcy, customers advised to delete DNA data

Autosummary: This alert also provides detailed steps on how to file these requests, including logging into your account, going into Settings, clicking "View" next to "23andMe Data" (here you also have the option to download your data first), scrolling to "Delete Data," and clicking "Permanently Delete Data." "

U.S. Treasury Lifts Tornado Cash Sanctions Amid North Korea Money Laundering Probe

Autosummary: "

Scammers cash in on tax season

Autosummary: Here’s what they’re asking for most: Social security number or tax identification number (40%) Back taxes payment demand (27%) Birth date (26%) Home address (25%) Phone number (22%) Email address (21%) Bank account numbers (18%) Credit/debit card information (17%) Fake tax refund offer (15%) To protect yourself, ignore unexpected messages claiming to be from the IRS—official tax communications come by mail, not through texts, emails, or phone calls. "

Semrush impersonation scam hits Google Ads

Autosummary: Malicious Semrush domains adsense-word[.]com auth[.]semrush[.]help sem-russhh[.]com sem-rushhh[.]com sem-rushh[.]com semrush[.]click semrussh[.]sbs semrush[.]tech seemruush[.]com semrush-auth[.]com auth.seem-rush[.]com ads-semrush[.]com semrush-pro[.]co semrush-pro[.]click auth.sem-ruush[.]com semrush[.]works We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline. As part of our investigations, we uncovered a new operation going after Semrush, a visibility management SaaS platform that offers SEO, advertising, and market research, amongst other things.In GSC, the bad actors could see historical data for the past 16 months, including but not limited to search queries, pages, countries, devices, search appearance and dates. "

Pennsylvania State Education Association data breach impacts 500,000 individuals

Autosummary: Compromised personal information includes full names in combination with one or more of the following elements: Date of Birth, Driver’s License or State ID, Social Security Number, Account Number, Account PIN, Security Code, Password and Routing Number, Payment Card Number, Payment Card PIN and Payment Card Expiration Date, Passport Number, Taxpayer ID Number, Username and Password, Health Insurance Information and Medical Information. "

Why it"s time for phishing prevention to move beyond email

Autosummary: Comparing a legitimate page’s DOM structure with an attacker’s cloned page Source: Push Security They’re also randomizing page titles, dynamically decoding text, changing the size and name of image elements, using different favicons, blurring backgrounds, substituting logos, and more… all to defeat common detections. For example, recent examples of Adversary-in-the-Middle phishing kits including Tycoon, Nakedpages, Evilginx were seen to rotate the URLs they resolve to (from a continually refreshed pool of URLs), mask the HTTP Referer header to disguise suspicious redirects, and redirect to benign (legitimate) domains if anyone but the intended victims attempted to visit the page. If you’re using an email security solution, you’re relying on the following core capabilities when it comes to detecting malicious phishing pages: Known-bad blocklists: Block users from accessing known-bad or unapproved domains/URLs, and block traffic from known-bad malicious IPs, using Threat Intelligence (TI) feeds. This also applies to other solutions that rely on these capabilities, such as web-based content filtering (e.g. Google Safe Browsing), CASB, SASE, SWG, etc. However, because the attacker is sitting in the middle of this connection, they are able to observe all interactions, intercept authentication material like credentials, MFA codes, and session tokens to take control of the authenticated session and gain control of the user account. A better solution to the problem would therefore be able to follow the user across the sites they use, and see the actual phishing pages as the user sees them, as opposed to a sandbox (which, as we’ve discussed, attackers are well prepared for). "

The “free money” trap: How scammers exploit financial anxiety

Autosummary: IOCs 34[.]123[.]196[.]68 34[.]132[.]227[.]60 34[.]31[.]92[.]173 aidforhealthcare[.]org americansubsidy[.]com assistanceadvocate[.]org assistanceadvocates[.]org communitycareaid[.]org grabsubsidy[.]com healthaidhub[.]org healthaidnetwork[.]org improveourcredit[.]com justhealthbenefits[.]com local-subsidy[.]com localaid[.]co nationaid[.]org nationwidesubsidy[.]com qualifyaca[.]com subsidyacrossnation[.]com subsidyaid[.]com subsidysupport[.]org subsidysupportnetwork[.]org timeforacahelp[.]com us-debtassistance[.]org wellnesssubsidyhub[.]org Whether it’s a so-called “subsidy program,” a “government grant,” or a “relief card,” these scams all share the same underlying goal—to manipulate people into giving away their personal information, or—worse—their hard-earned cash. Common free money scams Too-good-to-be-true claims: “Get a $6,400 Subsidy to Pay for Groceries, Rent, and Gas!” "

Sperm bank breach deposits data into hands of cybercriminals

Autosummary: The Breach Notification Rule requires the provision of a notification to affected individuals, the Secretary of Health and Human Services, and, in certain circumstances, to the media, in the event of a breach of unsecured PHI. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. The handling, storage, and sharing of protected health information (PHI) within sperm banks falls under the Health Insurance Portability and Accountability Act (HIPAA): The Privacy Rule requires sperm banks to implement safeguards to protect the privacy of PHI and sets limits and conditions on the uses and disclosures that can be made without patient consent. "

Click Profit blocked by the FTC over alleged e-commerce scams

Autosummary: "The complaint highlights actual statistics on Click Profit"s stores, which are mainly on Amazon, showing that after Amazon"s fees, more than one-fifth of the company"s stores on the platform earn no money at all and another third earns less than $2,500 in gross lifetime sales," reads FTC"s announcement. "

California Cryobank, the largest US sperm bank, disclosed a data breach

Autosummary: California Cryobank, the largest US sperm bank, disclosed a data breach Pierluigi Paganini March 19, 2025 March 19, 2025 California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. "

Pennsylvania education union data breach hit 500,000 people

Autosummary: " PSEA says the stolen information varies by individual and consists of personal, financial, and health data, including driver"s license or state IDs, social security numbers, account PINs, security codes, payment card information, passport information, taxpayer ID numbers, credentials, health insurance and medical information. "

Ukrainian military targeted in new Signal spear-phishing attacks

Autosummary: "

How financial institutions can minimize their attack surface

Autosummary: For example, I’m involved with the National Cybersecurity Alliance, American Transaction Processors Coalition and Financial Services Information Sharing and Analysis Center (FS-ISAC), which helps me stay connected with industry standards and best practices, ensuring we remain agile and compliant.Proactive measures, such as threat hunting, regular vulnerability assessments, and security awareness training, help prevent attacks before they occur.To counter these threats, financial services organizations should implement advanced threat detection systems, conduct regular security assessments, and educate customers about potential scams. "

Mandatory Coinbase wallet migration? It’s a phishing scam!

Autosummary: Ingeniously, the intent of the email is not to steal the user"s recovery seed (and thus gain access to their Coinbase wallet) but rather trick the user into setting up and transferring their funds into a new wallet, for which the scammer already knows the recovery phrase. "

New Ad Fraud Campaign Exploits 331 Apps with 60M+ Downloads for Phishing and Intrusive Ads

Autosummary: "The investigated applications bypass Android security restrictions to start activities even if they are not running in the foreground and, without required permissions to do so, spam the users with continuous, full-screen ads," the company added. "

Western Alliance Bank notifies 21,899 customers of data breach

Autosummary: " An analysis of the stolen files concluded on February 21, 2025, and found they contained customer personal information, including your name and Social Security number, as well as their dates of birth, financial account numbers, driver"s license numbers, tax identification numbers, and/or passport information if it was provided to Western Alliance. "

Sperm donation giant California Cryobank warns of a data breach

Autosummary: "

Free file converter malware scam “rampant” claims FBI

Autosummary: "

Attackers use CSS to create evasive phishing messages

Autosummary: Attackers use CSS to create evasive phishing messages Pierluigi Paganini March 17, 2025 March 17, 2025 Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences.Note that this preheader text is kept hidden by relying on multiple CSS properties, including color, height, max-height, and max-width. "

Coinbase phishing email tricks users with fake wallet migration

Autosummary: As the email appears to have been sent directly through SendGrid and what appears to be Akamai"s account, it passes the SPF, DMARC, and DKIM email security checks, bypassing spam filters on many accounts. "Reminder: Beware of recovery phrase scams," Coinbase posted on X. "We"re aware of new phishing emails going around pretending to be Coinbase and Coinbase Wallet. "

Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails

Autosummary: "This phishing attack specifically targets individuals in hospitality organizations in North America, Oceania, South and Southeast Asia, and Northern, Southern, Eastern, and Western Europe, that are most likely to work with Booking.com, sending fake emails purporting to be coming from the agency," Microsoft said in a report shared with The Hacker News." The command, in a nutshell, uses the legitimate mshta.exe binary to drop the next-stage payload, which comprises various commodity malware families like XWorm, Lumma stealer, VenomRAT, AsyncRAT, Danabot, and NetSupport RAT. "

The dark side of sports betting: How mirror sites help gambling scams thrive

Autosummary: IOCs MostBet – 2d593xv[.]com 3p4hdpmb[.]com 3z9sbhba58mst[.]com 4jls7l19[.]com 4rayasmb[.]com 560rp67[.]com 6q4mhfo[.]com 7tr85sq[.]com 9389z7h[.]com 9mnekb9[.]com ad2s0rs[.]com casinomstwins[.]com cdwxjlz[.]com jtw2fgmb[.]com llhrd3wu6vmb[.]com mfviz8eunkmb[.]com mkvw5jomb[.]com mostbet-in33[.]com mostbet-in34[.]com mostbet-in36[.]com mostbet-in37[.]com mostbet-in46[.]com mostbet-in56[.]com mostbet-in62[.]com mostbethu1[.]com mostbetru-44[.]com nfc5wbnalsmb[.]com ozvfgemb[.]com rw7e3v5gsumb[.]com sdma8tw[.]com sez67b24o7mb[.]com siosckmb[.]com sj13ywp[.]com szakt9s[.]com tqmdpkthxengz3g1[.]com v2izr0q9drmb[.]com vb7awyus6kmb[.]com w53hy6afrpmb[.]com winnerzonecasino[.]com ww16[.]mostbetru-44[.]com ww38[.]mostbetru-44[.]com x2cy2g8[.]com y16uyxu[.]com y2iqdt2[.]com ze59byq[.]com 22bet – 20-bet[.]ar 20-bet[.]at 20-bet[.]ca 20-bet[.]cz 20-bet[.]es 20-bet[.]in 20-bet[.]org 20-bet[.]pt 20-betbet[.]com 20-winbet[.]com 20bet-bet[.]com 20bet-bg[.]com 20bet-br[.]com 20bet-casino[.]org 20bet-co[.]org 20bet-dk[.]org 20bet-dk[.]site 20bet-es[.]com 20bet-fi[.]org 20bet-hr[.]org 20bet-hu[.]org 20bet-italia[.]com 20bet-jp[.]com 20bet-portuguese[.]com 20bet-s[.]com 20bet-win[.]com 20bet[.]asia 20bet[.]be 20bet[.]ch 20bet[.]cl 20bet[.]co[.]nz 20bet[.]com 20bet[.]com[.]de 20bet[.]com[.]in 20bet[.]com[.]pl 20bet[.]com[.]se 20bet[.]hu 20bet[.]icu 20bet[.]life 20bet[.]me 20bet[.]nz 20bet[.]org[.]in 20bet[.]vip 20bet[.]win 20bet1[.]com 20bet1[.]net 20bet1[.]org 20bet2[.]com 20bet3[.]com 20bet4[.]com 20bet5[.]com 20beta[.]com 20betapk[.]com 20betapp[.]com 20betb[.]com 20betbet[.]com 20betbr[.]com[.]br 20betbrasil[.]com 20betcasino[.]lat 20betcasino[.]mx 20betcasino[.]net 20betcasino[.]si 20betcasinoromania[.]org 20betcasinos[.]net 20betcassino[.]com 20betentrar[.]com 20betforum[.]com 20betgame[.]net 20betkasyno[.]pl 20betlogin[.]it 20betluck[.]com 20betlucks[.]com 20betmirror[.]com 20beto[.]com 20betpartners[.]com 20betportugues[.]com 20bets[.]cc 20bets[.]com[.]br 20bets[.]in 20bets[.]org 20bets[.]pe 20bets[.]pl 20betsite[.]com 20bett[.]com 20bett[.]org 20bettin[.]com 20betting[.]com 20betzone[.]com 20bplay[.]com 20bwin[.]com 20bwin[.]pt 20bwins[.]com 20glob[.]com 20luckbet[.]com 20media[.]world 20win88[.]com 20winluck[.]com aposta20bet[.]com apostas20[.]com bet-20[.]it bet-20[.]pl bet20[.]com[.]br bet20[.]com[.]pl bet20[.]com[.]pt bet20[.]gr bet20[.]online bet20[.]pt bet20brasil[.]com bet20brazil[.]com bet20italia[.]com bet20portugal[.]com bet20pt[.]com bonus-20bet[.]com bookie20[.]com es20bet[.]com esbet20[.]com forum20bet[.]com free-bookie[.]com free20bet[.]com links20[.]world mail20media[.]com pt-20bet[.]com svkzjv[.]com twentybet[.]net xxbet[.]it xxbetportugal[.]com How gambling companies exploit mirror domains A mirror site is essentially a clone of an existing betting website, hosted on a different domain. How to protect yourself from betting scams With the rise of mirror sites, it’s more important than ever to be cautious when engaging in online sports betting. "

PowerSchool previously hacked in August, months before data breach

Autosummary: PowerSchool is a cloud-based K-12 software provider serving over 60 million students and 18,000 customers worldwide, offering enrollment, communication, attendance, staff management, learning, analytics, and finance solutions. "

How to spot and avoid AI-generated scams

Autosummary: GenAI has made it easier for cybercriminals to create convincing deepfakes, phishing campaigns, and investment scams, enhancing their efficiency, but the good news is that adversaries’ use of GenAI has not yet matched the hype. Tips to protect against AI-generated scams Whether it’s an email, phone call, or message on social media, always approach unsolicited contact with caution. "

FTC will send $25.5 million to victims of tech support scams

Autosummary: Even though devices used to test the purchased services had no performance or security issues and were running antivirus software, scanning them using the two companies" software "revealed" hundreds of issues requiring repair, including "PC Privacy issues," "Crashed Programs," "Junk files," and "Broken Registry issues. "

Pondurance Platform 2.0 identifies data breach risks

Autosummary: The core of this new platform is the technology that integrates with EDR tools and feeds from network, identity, cloud, and applications sources in order to analyze this telemetry information, bubble up the highest-risk threats that have been detected, and triage and take action, if necessary.The core of this new platform is the technology that integrates with EDR tools and feeds from network, identity, cloud, and applications sources in order to analyze this telemetry information, bubble up the highest-risk threats that have been detected, and triage and take action, if necessary. “Our newly released Pondurance Platform 2.0 represents the culmination of a yearslong effort to reinvent a cloud-native, AI-enabled platform in order to use risk-based algorithms and methodologies for cybersecurity threat detection, response, and automated disruption,” said Enzo Arefi, CTO at Pondurance.With a single click, it can ingest logs from a selection of hundreds of network, identity, cloud, and application devices and software and will access world-class threat intelligence, bubble up the ones most likely to create data breach risks, and take remediation action.With a single click, it can ingest logs from a selection of hundreds of network, identity, cloud, and application devices and software and will access world-class threat intelligence, bubble up the ones most likely to create data breach risks, and take remediation action. "

US cities warn of wave of unpaid parking phishing texts

Autosummary: While parking scams have been around for years, a massive wave of phishing text messages has caused numerous cities throughout the US to issue warnings, including from Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, San Francisco, and many others. "

Japanese telecom giant NTT suffered a data breach that impacted 18,000 companies

Autosummary: Potentially exposed information includes contract number, customer name (contract name), name of customer contact, telephone number, email address, address, information related to service use. "

Pope Francis responding well to treatment, Vatican says

Autosummary: "

US charges Garantex admins with money laundering, sanctions violations

Autosummary: " ​The Russian exchange was previously sanctioned by the Treasury Department"s Office of Foreign Assets Control (OFAC) in April 2022 after over $100 million in Garantex transactions were linked to darknet markets and cybercrime actors, including the notorious Conti Ransomware-as-a-service (RaaS) operation and the Hydra dark web market. "

Data breach at Japanese telecom giant NTT hits 18,000 companies

Autosummary: "

Month of bank IT failures in the last two years, MPs say

Autosummary: The Treasury Committee - which has been investigating the impact of banking IT failures - compelled Barclays, HSBC, Lloyds, Nationwide, Santander, NatWest, Danske Bank, Bank of Ireland and Allied Irish Bank to provide the data. "

EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing

Autosummary: " These changes underscore active tweaks to EncryptHub"s kill chain, with the threat actor also developing new components like EncryptRAT, a command-and-control (C2) panel to manage active infections, issue remote commands, and access stolen data. "

Fake BianLian ransom notes mailed to US CEOs in postal mail scam

Autosummary: "I regret to inform you that we have gained access to [REDACTED] systems and over the past several weeks have exported thousands of data files, including customer order and contact information, employee information with IDs, SSNs, payroll reports, and other sensitive HR documents, company financial documents, legal documents, investor and shareholder information, invoices, and tax documents," reads a fake BianLian ransom note. "

Scammers take over social media

Autosummary: "

YouTube warns of AI-generated video of its CEO used in phishing attacks

Autosummary: Phishing landing page (BleepingComputer) The scammers also create a sense of urgency by threatening that their accounts will be restricted for seven days if they fail to confirm compliance with the new rules (these restrictions would allegedly include uploading new videos, editing old videos, receiving monetization, and receiving earned monetization funds). "

I spoke to a task scammer. Here’s how it went

Autosummary: Do not respond to unsolicited job offers via text messages or messaging apps Never pay to get paid Verify the legitimacy of the employer through official channels Don’t trust anyone who offers to pay you for something illegal such as rating or liking things online It’s also important to keep in mind that legitimate employers do not ask employees to pay for the opportunity to work. Task scammers prey on people looking for remote jobs by offering them simple repetitive tasks such as liking videos, optimizing apps, boosting product interest, or rating product images. How to avoid task scams As I pointed out, all the task scam invitations I received came to me in the form of Message requests on X. So, that’s a good place to be very cautious. Invitation to a Telegram conversation The Telegram invitation was a bit more limited (European and American female users only) but extended to a larger group of 150 accounts on X. What the ones that reached out to me had in common was that they all found my profile on X. Mind you, my profile is not some honeytrap, it clearly says I blog for Malwarebytes. "

Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud

Autosummary: "If you turn on Enhanced Protection, much of the additional protection you receive comes from advanced AI and machine learning models designed to spot dangerous URLs engaging in known phishing, social engineering, and scam techniques," the company said. "

Building cyber resilience in banking: Expert insights on strategy, risk, and regulation

Autosummary: Thinking about supply chain and third-party risks, contractual safeguards are key, including right to audit clauses, SLAs, shared responsibilities, etc., as well as having a joint understanding of all the foundational/core pillars we talked about earlier (data protection, strong access, risk management practices etc.,). My general view is that an effective cyber resilience and defense in-depth strategy relies on a fair amount of foundational pillars including, but not limited to, having a solid traditional GRC program and executing strong risk management practices, robust and fault-tolerant security infrastructure, strong incident response capabilities, regularly tested disaster recovery/resilience plans, strong vulnerability management practices, awareness and training campaigns, and a comprehensive third-party risk management program. "

Google expands Android AI scam detection to more Pixel devices

Autosummary: The new Scam Detection features in action Source: Google This feature was first announced in November 2024 and has been tested on a small set of Pixel 6+ devices, but it is now being rolled out to all English-speaking Pixel 9 users in the U.S.. Pixel 9 users will get the feature through Gemini Nano, while Pixel 6 to 8 series devices enrolled in Phone by Google beta will be restricted to less powerful Google AI models. "

PayPal scam abuses Docusign API to spread phishy emails

Autosummary: We’ve identified an unauthorized transaction made from your PayPal account to Coinbase: Amount: $755.38 Transaction ID: PP-5284440 To safeguard your account and process an immediate refund, you must contact our Fraud Prevention Team at: +1 (866) 379-5160 Our representatives are available 24/7 to assist you in resolving this issue and preventing any additional unauthorized activity. I’ve you’ve received an email like this and want to verify if it’s genuine, go directly to Docusign.com, click ‘Access Documents’ (upper right-hand corner), and enter the security code displayed in the email. "

U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

Autosummary: U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist Pierluigi Paganini March 03, 2025 March 03, 2025 U.S. authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. "

Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail

Autosummary: "JavaGhost obtained exposed long-term access keys associated with identity and access management (IAM) users that allowed them to gain initial access to an AWS environment via the command-line interface (CLI)," Kelley explained. "

U.S. recovers $31 million stolen in 2021 Uranium Finance hack

Autosummary: "

PayPal’s “no-code checkout” abused by scammers

Autosummary: Indicators of Compromise Archived example: https://urlscan.io/result/3ea0654e-b446-4947-b926-b549624aa8b0 Malicious pay links: hxxps[://]www[.]paypal[.]com/ncp/payment/8X7JHDGLK9Z46 hxxps[://]www[.]paypal[.]com/ncp/payment/7QUEXNXR84X3L hxxps[://]www[.]paypal[.]com/ncp/payment/BHR4AMJAPWNZW hxxps[://]www[.]paypal[.]com/ncp/payment/FTJBPVUQFEJM6 hxxps[://]www[.]paypal[.]com/ncp/payment/2X92RZVSG8MUJ hxxps[://]www[.]paypal[.]com/ncp/payment/D8X74WYAM3NJJ Scammers’ phone numbers: 1-802[-]309-1950 1-855[-]659-2102 1-844[-]439-5160 1-800[-]782-3849 "

Lloyds Bank says app issues fixed after payday IT issue

Autosummary: "This proves that now more than ever a strong bank branch network, as when outages happen, we need face to face banking," he told the BBC. "

5,000 Phishing PDFs on 260 Domains Distribute Lumma Stealer via Fake CAPTCHAs

Autosummary: "The attacks were highly personalized, including non-public information, and the initial JavaScript would try to invoke a debugger breakpoint if it were being analyzed, detect a delay, and then abort the attack by redirecting to a benign website," Juniper Threat Labs said. "

2024 phishing trends tell us what to expect in 2025

Autosummary: Organizations should also: Use email security tools that can detect and block open redirect links in emails and QR code phishing Implement phishing-resistant authentication methods Reduce their attack surface by using creative conditional access control policies (e.g., limit the number of allowed MFA devices per user, or require extra authentication factors when authorizing MFA devices) Update IT help-desk policies and exception-handling procedures to prevent social engineering attacks aimed at enrolling or disabling MFA and unauthorized devices. "

New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades

Autosummary: Then in November 2024, Italian online fraud prevention firm Cleafy detailed an updated variant with wide-ranging data-gathering features, while also expanding its operational scope to include Italy, Portugal, Hong Kong, Spain, and Peru. "

Pump.fun X account hacked to promote scam governance token

Autosummary: "

Singapore"s biggest bank cuts roles as it embraces AI

Autosummary: "We today deploy over 800 AI models across 350 use cases, and expect the measured economic impact of these to exceed S$1bn ($745m; £592m) in 2025," he added. "

FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services

Autosummary: " The activity has singled out government agencies and industrial organizations, particularly manufacturing, construction, information technology, telecommunications, healthcare, power and energy, and large-scale logistics and transportation, in Taiwan, Malaysia, China, Japan, Thailand, South Korea, Singapore, the Philippines, Vietnam, and Hong Kong. "

Russia warns financial sector organizations of IT service provider LANIT compromise

Autosummary: Founded in 1989, LANIT offers a wide range of IT solutions, including system integration, software development, cybersecurity, cloud services, and IT consulting. "

Background check provider data breach affects 3 million people who may not have heard of the company

Autosummary: Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. SSN Breached: yes DISA states that it’s not aware of any attempts to abuse the stolen information: “While we are unaware of any attempted or actual misuse of any information involved in this incident, we are providing you with information about the incident and steps you can take to protect yourself, should you feel it necessary.”Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. "

US drug testing firm DISA says data breach impacts 3.3 million people

Autosummary: "

Background check, drug testing provider DISA suffers data breach

Autosummary: "

SpyLend Android malware found on Google Play enabled financial cyber crime and extortion

Autosummary: Initially presented as a harmless Finance management application, it downloads a fraud loan app from an external download URL, which once installed, gains extensive permissions to access sensitive data, including files, contacts, call logs, SMS, clipboard content, and even the camera.” concludes the report. "

Russia warns financial sector of major IT service provider hack

Autosummary: "

Beware: PayPal "New Address" feature abused to send phishing emails

Autosummary: An ongoing PayPal email scam exploits the platform"s address settings to send fake purchase notifications, tricking users into granting remote access to scammers For the past month, BleepingComputer and others [1, 2] have received emails from PayPal stating, "You added a new address. When they add the scam address to PayPal, the payment platform will email a confirmation to the threat actor"s email, which will then forward it to the Microsoft 365 account, which then forwards it to everyone on the mailing list, as shown in the flow chart below. "

Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Episode links: Sponsored by: 1Password – Secure every app, device, and identity – even the unmanaged ones at 1password.com/smashing. "

Norton’s AI-powered features defend against scams and social engineering threats

Autosummary: In addition to Genie Scam Protection, Norton 360 with LifeLock customers also have Genie Scam Protection Pro, which includes: Safe call: Uses AI to automatically block scam calls, or labels incoming calls as scam, junk, or as a business, so people know if they should answer. Available starting today in the US across the Norton Cyber Safety product lineup, Genie Scam Protection and Genie Scam Protection Pro provide AI protection in all the usual hotbeds for scams: texts, phone calls, emails, and web. "

Darcula PhaaS can now auto-generate phishing kits for any brand

Autosummary: In addition to this new feature, the upcoming release, named "Darcula Suite," also lifts technical skills requirements, a new user-friendly admin dashboard, IP and bot filtering, campaign performance measurement, and automated credit card theft/digital wallet loading. "

Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand

Autosummary: Citing SecAlliance security researcher Ford Merrill, Krebs further described how criminals then used those cards/wallets to steal money by: Setting up fake e-commerce businesses on Stripe or Zelle and making transactions through them Performing “Tap-to-pay” on point-of-sale (PoS) terminals they’ve obtained Using an Android app that can relay valid NFC-enabled tap-to-pay transactions from phones located across the globe, either to pay via a PoS terminal or take money out of ATMs "

North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware

Autosummary: InvisibleFerret is a modular Python malware that retrieves and executes three additional components - pay , which collects information and acts as a backdoor that"s capable of accepting remote commands from an attacker-controlled server to log keystrokes, capture clipboard content, run shell commands, exfiltrate files and data from mounted drives, as well as install the AnyDesk and browser module, and gather information from browser extensions and password managers , which collects information and acts as a backdoor that"s capable of accepting remote commands from an attacker-controlled server to log keystrokes, capture clipboard content, run shell commands, exfiltrate files and data from mounted drives, as well as install the AnyDesk and browser module, and gather information from browser extensions and password managers bow , which is responsible for stealing login data, autofill data, and payment information stored in Chromium-based browsers like Chrome, Brave, Opera, Yandex, and Edge , which is responsible for stealing login data, autofill data, and payment information stored in Chromium-based browsers like Chrome, Brave, Opera, Yandex, and Edge adc, which functions as a persistence mechanism by installing the AnyDesk remote desktop software ESET said the primary targets of the campaign are software developers working in cryptocurrency and decentralized finance projects across the world, with significant concentrations reported in Finland, India, Italy, Pakistan, Spain, South Africa, Russia, Ukraine, and the U.S. "The attackers don"t distinguish based on geographical location and aim to compromise as many victims as possible to increase the likelihood of successfully extracting funds and information. "

Russian phishing campaigns exploit Signal"s device-linking feature

Autosummary: “In these operations, UNC5792 has hosted modified Signal group invitations on actor-controlled infrastructure designed to appear identical to a legitimate Signal group invite” - Google Threat Intelligence Group The fake invitations had the legitimate redirect JavaScript code replaced with a malicious block that included Signal’s URI (Uniform Resource Identifier) for linking a new device (“sgnl://linkdevice uuid”) instead of the one for joining the group (“sgnl://signal.group/”). "

Phishing attack hides JavaScript using invisible Unicode trick

Autosummary: "

Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks

Autosummary: The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. "

Unit21 empowers financial institutions to detect and stop scams

Autosummary: Shut down fraudulent logins in real-time : IP data enrichment flags VPNs, proxies, Tor, and bots to prevent fraudulent access. "

No, you’re not fired – but beware of job termination scams

Autosummary: And also consider the following: Use strong, unique passwords for every account, ideally stored in a password manager Be sure to switch on two-factor authentication (2FA) for an extra layer of access security Make sure all of your work and personal devices are regularly patched and up to date If your IT department offers, join regular phishing simulation exercises to understand what to look out for If you receive a suspect message, never click on embedded links or open the attachment Contact the sender through other channels if you’re concerned – but not by replying to the email or using the contact details listed on it Report any suspect emails to your employer’s IT department Check whether colleagues have received the same message Employment termination scams have been around for some time.It may be something completely different, or it could be an attempt to mimic the impersonated company’s domain, using typos and other characters (e.g., m1crosoft.com, @microsfot.com) A generic greeting (e.g., “dear employee/user”), which is certainly not the tone a legitimate termination letter would take. At their simplest, job termination scams are a type of phishing attack designed to trick you into handing over your personal and financial information, or on clicking on a malicious link which could trigger a malware download. "

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

Autosummary: This week"s list includes — CVE-2025-1094 (PostgreSQL), CVE-2025-0108 (Palo Alto Networks PAN-OS), CVE-2025-23359 (NVIDIA Container Toolkit), CVE-2025-21391 (Microsoft Windows Storage), CVE-2025-21418 (Microsoft Windows Ancillary Function Driver for WinSock), CVE-2024-38657, CVE-2025-22467, CVE-2024-10644 (Ivanti Connect Secure), CVE-2024-47908 (Ivanti Cloud Services Application), CVE-2024-56131, CVE-2024-56132, CVE-2024-56133, CVE-2024-56134, CVE-2024-56135 (Progress Kemp LoadMaster), CVE-2025-24200 (Apple iOS and iPadOS), CVE-2024-12797 (OpenSSL), CVE-2025-21298 (Microsoft Windows OLE), CVE-2025-1240 (WinZip), CVE-2024-32838 (Apache Fineract), CVE-2024-52577 (Apache Ignite), CVE-2025-26793 (Hirsch Enterphone MESH), CVE-2024-12562 (s2Member Pro plugin), CVE-2024-13513 (Oliver POS – A WooCommerce Point of Sale (POS) plugin), CVE-2025-26506 (HP LaserJet), CVE-2025-22896, CVE-2025-25067, CVE-2025-24865 (mySCADA myPRO Manager), CVE-2024-13182 (WP Directorybox Manager plugin), CVE-2024-10763 (Campress theme), CVE-2024-7102 (GitLab CE/EE), CVE-2024-12213 (WP Job Board Pro plugin), CVE-2024-13365 (Security & Malware scan by CleanTalk plugin), CVE-2024-13421 (Real Estate 7 theme), and CVE-2025-1126 (Lexmark Print Management Client). — Threat actors are attempting to actively exploit two known security vulnerabilities impacting ThinkPHP (CVE-2022-47945, CVSS score: 9.8) and OwnCloud (CVE-2023-49103, CVSS score: 10.0) over the past few days, with attacks originating from hundreds of unique IP addresses, most of which are based in Germany, China, the U.S., Singapore, Hong Kong, the Netherlands, the U.K., and Canada.Critical ThinkPHP and OwnCloud Flaws Under Active Exploitation — Threat actors are attempting to actively exploit two known security vulnerabilities impacting ThinkPHP (CVE-2022-47945, CVSS score: 9.8) and OwnCloud (CVE-2023-49103, CVSS score: 10.0) over the past few days, with attacks originating from hundreds of unique IP addresses, most of which are based in Germany, China, the U.S., Singapore, Hong Kong, the Netherlands, the U.K., and Canada.Datadog, which detailed the attack, said roughly 1% of organizations monitored by the company were affected by the whoAMI, and that it found public examples of code written in Python, Go, Java, Terraform, Pulumi, and Bash shell using the vulnerable criteria.Datadog, which detailed the attack, said roughly 1% of organizations monitored by the company were affected by the whoAMI, and that it found public examples of code written in Python, Go, Java, Terraform, Pulumi, and Bash shell using the vulnerable criteria.The individual, one of the officials of the SSU Counterterrorism Center, is alleged to have been recruited by Russia"s Federal Security Service (FSB) in Vienna in 2018, and actively began engaging in espionage at the end of December last year, transmitting documents containing state secrets, to the intelligence agency via a "special mobile phone."The individual, one of the officials of the SSU Counterterrorism Center, is alleged to have been recruited by Russia"s Federal Security Service (FSB) in Vienna in 2018, and actively began engaging in espionage at the end of December last year, transmitting documents containing state secrets, to the intelligence agency via a "special mobile phone.""These vulnerabilities can lead to data corruption, sensitive data exposure, program crashes, and unauthorized code execution," the agencies said, labeling them as unforgivable defects."These vulnerabilities can lead to data corruption, sensitive data exposure, program crashes, and unauthorized code execution," the agencies said, labeling them as unforgivable defects. — The RansomHub ransomware operation has targeted over 600 organizations across the world, spanning sectors such as healthcare, finance, government, and critical infrastructure, making it one of the most active cybercrime groups in 2024.RansomHub Targets Over 600 Orgs Globally — The RansomHub ransomware operation has targeted over 600 organizations across the world, spanning sectors such as healthcare, finance, government, and critical infrastructure, making it one of the most active cybercrime groups in 2024.Separately, the Justice Department has also charged Canadian national Andean Medjedovic, 22, for exploiting smart contract vulnerabilities in two decentralized finance crypto platforms, KyberSwap and Indexed Finance, to fraudulently obtain about $65 million from the protocols" investors between 2021 and 2023.Separately, the Justice Department has also charged Canadian national Andean Medjedovic, 22, for exploiting smart contract vulnerabilities in two decentralized finance crypto platforms, KyberSwap and Indexed Finance, to fraudulently obtain about $65 million from the protocols" investors between 2021 and 2023. — A new report from the Alliance for Securing Democracy (ASD) has found that foreign nation-state actors from Russia, China, and Iran are running influence operations that exploit trust in local sources and impact state and local communities in the U.S. with an aim to manipulate public opinion, stoke discord, and undermine democratic institutions.Foreign Adversaries Target Local Communities in the U.S. for Influence Ops — A new report from the Alliance for Securing Democracy (ASD) has found that foreign nation-state actors from Russia, China, and Iran are running influence operations that exploit trust in local sources and impact state and local communities in the U.S. with an aim to manipulate public opinion, stoke discord, and undermine democratic institutions. "

Fintech giant Finastra notifies victims of October data breach

Autosummary: " While Finastra has yet to share the number of individuals affected by the data breach and the nature of the exposed data (besides victims" names), the company started sending breach notification letters last week to at least 65 people in the state whose financial account information was stolen (according to filings with the Attorney General"s office in Massachusetts). "

Storm-2372 used the device code phishing technique since August 2024

Autosummary: Storm-2372’s targets during this time have included government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas in Europe, North America, Africa, and the Middle East.” "

Microsoft: Hackers steal emails in device code phishing attacks

Autosummary: The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. "

Pig butchering scams are exploding

Autosummary: Pig butchering scams surge in 2024 Interestingly, despite pulling in half of all scam revenue in 2024, high-yield investment scam inflows declined by 36% YoY. On the other hand, pig butchering revenue increased by almost 40% YoY, and the number of deposits to pig butchering scams grew nearly 210% YoY, potentially indicating an expansion of the victim pool. "

Microsoft: Russian-Linked Hackers Using "Device Code Phishing" to Hijack Accounts

Autosummary: "

How AI was used in an advanced phishing campaign targeting Gmail users

Autosummary: Use multi-factor authentication (MFA) for all accounts Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device. At the time, FBI Special Agent in Charge Robert Tripp said: “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. "

Fake Etsy invoice scam tricks sellers into sharing credit card information

Autosummary: com-etsy-verify[.]cfd etsy-car[.]switchero[.]cfd etsy[.]1562587027[.]cfd etsy[.]3841246[.]cfd etsy[.]39849329[.]cfd etsy[.]447385638[.]cfd etsy[.]57434[.]cfd etsy[.]5847325245[.]cfd etsy[.]6562587027[.]cfd etsy[.]6841246[.]cfd etsy[.]72871[.]cfd etsy[.]7562587027[.]cfd etsy[.]8841246[.]cfd etsy[.]92875[.]cfd etsy[.]9438632572[.]cfd etsy[.]948292[.]cfd etsy[.]97434[.]cfd etsy[.]984323[.]cfd etsy[.]checkid1573[.]cfd etsy[.]chekup-out[.]cfd etsy[.]coinbox[.]cfd etsy[.]fastpay[.]cfd etsy[.]offer584732[.]cfd etsy[.]offer62785[.]cfd etsy[.]offer684732[.]cfd etsy[.]paylink[.]cfd etsy[.]paymint[.]cfd etsy[.]paywave[.]cfd etsy[.]requlred-verlfication[.]cfd etsy[.]requstlon-verflcation[.]cfd etsy[.]web-proff-point[.]cfd verlflcation-etsy[.]cfd We don’t just report on threats – we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headline. Despite this, there are still some red flags to look for: The email uses language like “Dear Seller” or “Hello Etsy Member”, instead of addressing you by your Etsy shop name or username The sender’s email address doesn’t end in @etsy.com, or has suspicious variations (extra numbers or letters) "

Arvest Bank CISO on building a strong cybersecurity culture in banking

Autosummary: Based on their chosen topic, such as cybersecurity, social engineering, fraud, money laundering, physical security, etc., the reporting mechanism auto-routes the submission to the correct team. Additionally, our human risk management (HRM) team does a great job keeping cybersecurity front and center with the associates through internal news articles, intranet banners, and internal chat spaces for cybersecurity collaboration.The awareness, shared by all associates in the bank, that protecting the organization is everyone’s responsibility, not just the Security and IT teams, is becoming the norm. "

Phishing evolves beyond email to become latest Android app threat

Autosummary: Over time, phishing emails have advanced—cybercriminals have stolen credit card details by posing as charities—but so, too, have phishing protections from major email providers, sending many cybercriminal efforts into people’s “spam” inboxes, where the emails are, thankfully, never retrieved.Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accounts—testing whether, say, an email account password is the same one used for a victim’s online banking system, their mortgage payment platform, or their Social Security portal. Use multifactor authentication on your most sensitive accounts, including your financial, email, social media, healthcare, and government platforms (such as any accounts you use to file taxes). "

Toll booth bandits continue to scam via SMS messages

Autosummary: For instance, Texas-based audience producer Gwen Howerton described on Bluesky how she had been duped by an unpaid toll scam after she had driven a rental car on the Dallas North Tollway - and, not being aware of the correct way to pay a toll, had believed the overdue payment demand she received to be genuine. "

Data breaches at UK law firms are on the rise, research reveals

Autosummary: External data breaches, meanwhile, are initiated by people outside the organisation - malicious hackers, cybercriminals, or business rivals seeking a competitive advantage. "

India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud

Autosummary: "

Cloudflare outage caused by botched blocking of phishing URL

Autosummary: There were also indirectly impacted services that experienced partial failures like Durable Objects, which had a 0.09% error rate increase due to reconnections after recovery, Cache Purge, which saw a 1.8% increase in errors (HTTP 5xx) and 10x latency spike, and Workers & Pages, that had a 0.002% deployment failures, affecting only projects with R2 bindings. "

HPE notifies employees of data breach after Russian Office 365 hack

Autosummary: " The group behind the attack, Cozy Bear (also known as Midnight Blizzard, APT29, and Nobelium), is believed to be part of Russia"s Foreign Intelligence Service (SVR) and has also been linked to other high-profile breaches, including the infamous 2020 SolarWinds supply chain attack. "

Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

Autosummary: Last month is state-run newspaper, the Global New Light of Myanmar, described how the country"s military government had repatriated more than 55,000 foreigners, mostly Chinese, back to their home countries after being forced to work in scam compounds. "

New scams could abuse brief USPS suspension of inbound packages from China, Hong Kong

Autosummary: Malicious messages could claim to arrive from the shipper, the e-commerce platform, or Customs, asking for additional information to get a package released. "

Online food ordering and delivery platform GrubHub discloses a data breach

Autosummary: Online food ordering and delivery platform GrubHub discloses a data breach Pierluigi Paganini February 05, 2025 February 05, 2025 Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. "

More destructive cyberattacks target financial institutions

Autosummary: Over two-thirds experienced attacks focused on stealing non-public market information, with cybercriminals using it for insider trading, digital front running, and shorting stock before they dox the stolen, confidential data to the regulators. "

Atrinet URL Scanner helps comabat SMS phishing

Autosummary: The solution combines Google Web Risk’s technology scanning capabilities with Atrinet’s telecom security expertise, enabling Communication Service Providers (CSPs) to safeguard subscribers, protect revenues, and build customer trust. "

Man sentenced to 7 years in prison for role in $50m internet scam

Autosummary: " In reality, the stolen funds were moved to bank accounts around the world, including in Russia, Georgia, Hong Kong, and Turkey. "

8 steps to secure GenAI integration in financial services

Autosummary: Obsessively protect your customers’ data Security techniques including differential privacy, encryption in transit and at rest, data sanitization, and sandboxing should be leveraged to maintain the confidentiality, integrity, and availability of sensitive information. "

GrubHub data breach impacts customers, drivers, and merchants

Autosummary: "

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

Autosummary: Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites Pierluigi Paganini February 04, 2025 February 04, 2025 Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. "

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

Autosummary: "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. "

Crazy Evil gang runs over 10 highly specialized social media scams

Autosummary: The gang targets high-value victims, also called “mammoths,” for digital asset theft, including cryptocurrencies, payment cards, online banking accounts, and non-fungible tokens (NFTs). Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles. "

Amazon Redshift gets new default settings to prevent data breaches

Autosummary: Strengthening Redshift security Last week, AWS announced that it is implementing three security defaults for newly created provisioned clusters to significantly upgrade the platform"s data safety and minimize the likelihood of catastrophic data leaks. "

Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers

Autosummary: Infosec products of the month: January 2025 Here’s a look at the most interesting products from the past month, featuring releases from: Absolute Security, Atsign, authID, BackBox, BioConnect, BitSight, BreachLock, Cisco, Commvault, Compliance Scorecard, DataDome, Hiya, IT-Harvest, Lookout, McAfee, Netgear, Oasis Security, and Swimlane. 74% of CISOs are increasing crisis simulation budgets In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their organisation’s readiness to manage a potential “chaos” of a full-scale cyber crisis, according to Hack The Box. "

Malvertising Scam Uses Fake Google Ads to Hijack Microsoft Advertising Accounts

Autosummary: "These malicious ads, appearing on Google Search, are designed to steal the login information of users trying to access Microsoft"s advertising platform," Jérôme Segura, senior director of research at Malwarebytes, said in a Thursday report. "

Globe Life data breach may impact an additional 850,000 clients

Autosummary: "

US healthcare provider data breach impacts 1 million patients

Autosummary: Depending on the affected patient, the attackers stole a combination of: personal (names, dates of birth, addresses, phone numbers, emails, Social Security numbers) or health information (medical diagnoses, treatment details, test results, and health insurance. "

Community Health Center data breach impacted over 1 million patients

Autosummary: The exposed data may include patient name, birth date, contact info, diagnoses, treatments, test results, Social Security number, and health insurance details. "

Preparing financial institutions for the next generation of cyber threats

Autosummary: In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial sectors and government agencies in countering cybercrime.In fact, Visa regularly works alongside law enforcement, including the US Department of Justice, FBI, Secret Service and Europol, to help identify and apprehend fraudsters and other criminals. "

DeepSeek’s popularity exploited by malware peddlers, scammers

Autosummary: We should expect DeepSeek to be misused by criminals to create materials used in phishing and BEC campaigns (e.g., emails in different languages, without typos, replicating the tone and writing style of the impersonated sender), set up fraudulent sites mimicking legitimate publishers or fake, fraudulent online stores, innundate legitimate stores with AI-generated product reviews, and so on. "

PowerSchool starts notifying victims of massive data breach

Autosummary: The PowerSchool cyberattack PowerSchool is a cloud-based K-12 software provider serving over 60 million students and 18,000 customers worldwide, offering enrollment, communication, attendance, staff management, learning, analytics, and finance solutions. "

Microsoft tests Edge Scareware Blocker to block tech support scams

Autosummary: " Scareware blocker settings (Microsoft) When the scareware blocker spots a potentially malicious page, Edge gives control back to the user, exiting full-screen mode, halting loud audio, displaying a warning, and showing a thumbnail of the page. "

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Autosummary: Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Health information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment. Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. "

Microsoft Teams phishing attack alerts coming to everyone next month

Autosummary: Microsoft impersonated by Midnight Blizzard-controlled account (Microsoft) "If your organization enables Teams external access, we will check for potential impersonation activity when your user receives a message from an external sender for the first time," Microsoft added. "

TalkTalk confirms data breach involving a third-party platform

Autosummary: A threat actor named “b0nd” claimed the theft of data of over 18.8 million TalkTalk subscribers’ data, including names, email addresses, IP addresses, phone numbers, and PINs. "

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams

Autosummary: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation. "

UnitedHealth now says 190 million impacted by 2024 data breach

Autosummary: This stolen data includes patients" health insurance information, medical records, billing and payment information, and sensitive personal information, such as phone numbers, addresses, and, in some cases, Social Security Numbers and government ID numbers. "

Change Healthcare data breach exposed the private data of over half the U.S.

Autosummary: “Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network, on this attack against Change Healthcare’s systems” Compromised data includes names, addresses, dates of birth, phone numbers, driver’s license or state ID numbers, Social Security numbers, diagnosis and treatment information, medical record numbers, billing codes, insurance member IDs, and other types of information. "

PayPal to pay $2 million settlement over 2022 data breach

Autosummary: "

Scam Yourself attacks: How social engineering is evolving

Autosummary: The psychology behind the scam These scams are purposefully designed around deeply ingrained psychological tendencies: Default bias: We often stick to the default action such as just clicking “OK” or accepting pre-filled options, without questioning it.Often, the most effective defenses lie in returning to foundationally sound practices, leveraging security principles, disciplined processes, and fostering a culture of healthy skepticism. Additionally, adopting checklists for critical tasks, much like in engineering disciplines, helps reduce impulsive decisions and ensures systematic verification. "

CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

Autosummary: "In 2024, the most active cyber threat clusters were UAC-0010, UAC-0050, and UAC-0006, specializing in cyber espionage, financial theft, and information-psychological operations," the SSSCIP said. "

Ransomware attackers are “vishing” organizations via Microsoft Teams

Autosummary: Their advice for cybersecurity defenders includes: Preventing or limiting which outside organizations can reached out to employees via M365 (i.e., Teams) Setting up policies to make sure that remote access applications can only be installed by the organization’s tech support team Setting up monitoring of potentially malicious inbound Teams or Outlook traffic Raisong employee awareness of the outlined tactics. "

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Autosummary: Error. "

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Autosummary: "

New "Sneaky 2FA" Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

Autosummary: " "While User-Agent transitions occasionally happen in legitimate situations (e.g., authentication initiated in desktop applications that launch a web browser or WebView to handle MFA), the specific sequence of User-Agents used by Sneaky 2FA does not correspond to a realistic scenario, and offers a high-fidelity detection of the kit." "

WhatsApp spear phishing campaign uses QR codes to add device

Autosummary: With that access the group can read the messages in their WhatsApp account and use existing browser plugins, particularly those designed for exporting WhatsApp messages from an account accessed via WhatsApp Web. How to stay safe These spear phishing campaigns are highly targeted and you’ll probably never see an invite to this group. "

Otelier data breach exposes info, hotel reservations of millions

Autosummary: " Otelier, previously known as MyDigitalOffice, is a cloud-based hotel management solution used by over 10,000 hotels worldwide to manage reservations, transactions, nightly reports, and invoicing. "Once we were made aware of this incident involving Otelier, we immediately contacted the vendor, which works with numerous hotel companies, and confirmed that they were working with cyber security experts to investigate a security incident that impacted their systems," a Marriott spokesperson told BleepingComputer. "

Wolf Haldenstein law firm says 3.5 million impacted by data breach

Autosummary: Although the law firm says it has no evidence the exposed data has been misused, it warns impacted individuals that hackers may be holding the following information about them: Full name Social Security number (SSN) Employee Identification number Medical diagnosis Medical claim information Exposure of this data steeply increases the risk of phishing, scams, social engineering, and other targeted attacks on impacted individuals. "

Russian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential Harvesting

Autosummary: Active since at least 2012, it"s also tracked under the monikers Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), COLDRIVER, Dancing Salome, Gossamer Bear, Iron Frontier, TA446, and UNC4057. "

Prominent US law firm Wolf Haldenstein disclosed a data breach

Autosummary: Its expertise spans securities litigation, addressing corporate fraud and misrepresentation; antitrust law, targeting anti-competitive practices; consumer protection, focusing on deceptive practices and product liability; data privacy and cybersecurity, dealing with breaches and unauthorized data collection; and shareholder derivative actions, advocating for shareholders against corporate mismanagement. "

Prominent US law firm Wolf Haldenstein disclosed a data breach

Autosummary: Its expertise spans securities litigation, addressing corporate fraud and misrepresentation; antitrust law, targeting anti-competitive practices; consumer protection, focusing on deceptive practices and product liability; data privacy and cybersecurity, dealing with breaches and unauthorized data collection; and shareholder derivative actions, advocating for shareholders against corporate mismanagement. "

North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains

Autosummary: "The advanced persistent threat groups affiliated with the DPRK, including the Lazarus Group, [...] continue to demonstrate a pattern of malicious behavior in cyberspace by conducting numerous cybercrime campaigns to steal cryptocurrency and targeting exchanges, digital asset custodians, and individual users," the governments said. "

Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes

Autosummary: " The disclosure comes as Trend Micro revealed that attackers are using platforms such as YouTube and SoundCloud to distribute links to fake installers for pirated versions of popular software that ultimately lead to the deployment of various malware families such as Amadey, Lumma Stealer, Mars Stealer, Penguish, PrivateLoader, and Vidar Stealer. "

How AI and ML are transforming digital banking security

Autosummary: Traditional passwords are being replaced with more secure and user-friendly methods, such as biometrics (fingerprints, facial recognition), hardware tokens or behavioral authentication leveraging unique user characteristics or devices to verify identity, reducing reliance on passwords, which are prone to theft, reuse, and phishing attacks.For example, low-risk activities like balance checks might require only basic authentication, while high-risk actions, such as large transfers, prompt multi-factor authentication. By combining advanced technologies, proactive monitoring, and user education, banks can significantly reduce risks and ensure the safety of their mobile banking platforms, maintaining trust in an increasingly digital-first world. Last but not least, banks should also invest in AI-driven fraud driven capabilities in the end user’s devices to allow safe and frictionless online customer journeys by integrating industry-leading threat intel, behavioral analytics, advanced device fingerprinting with adaptive fraud indicators to monitor for anomalies in real-time and promptly address threats. "

iMessage text gets recipient to disable phishing protection so they can be phished

Autosummary: The text of the messages comes in all the variations that phishers love to use: Undeliverable packages from USPS, EVRI, Royal Mail, DHL, Fedex, etc. Unpaid road toll. It’s also important to know that there are similar instructions for the Chrome browser: “Reply with 1, exit the SMS message, and reopen the SMS activation link, or copy the link to Google Chrome to open it.)” "

EU law enforcement training agency data breach: Data of 97,000 individuals compromised

Autosummary: "

Pastor’s “dream” crypto scheme alleged to be a multi-million dollar scam

Autosummary: Francier Obando Pinillo, of Miami, Florida, is alleged to have exploited his position at a Spanish-language church in Pasco, Washington, to persuade members of his congregation and others to invest in a cryptocurrency venture called "Solano Fi." Pinillo is alleged to have falsely claimed that his Solano Fi cryptocurrency scheme was risk-free, and promised a 34.9% monthly return. "

Phishing texts trick Apple iMessage users into disabling protection

Autosummary: SMS phishing attacks with disabled links Source: BleepingComputer While neither of these phishing lures is new, we noticed that these smishing texts, and others seen recently, ask users to reply with "Y" to enable the link. "

A novel PayPal phishing campaign hijacks accounts

Autosummary: “This money request is then distributed to the targeted victims, and the Microsoft365 SRS (Sender Rewrite Scheme) rewrites the sender to, e.g., bounces+SRS=onDJv=S6[@]5ln7g7.onmicrosoft.com, which will pass the SPF/DKIM/DMARC check.” continues the report. "

U.S. cannabis dispensary STIIIZY disclosed a data breach

Autosummary: The categories of information compromised include name, address, date of birth, age, drivers’ license number, passport number, photograph, the signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information. "

Scammers file first — Get your IRS Identity Protection PIN now

Autosummary: As this PIN is only known to you, your accountant (if not self-filing), and the IRS, it prevents scammers from filing a tax return using your Social Security Number and personal information. "

The SBI fake banking app shows that SMS authentication has had its day

Autosummary: The app spoofs the SBI bank login page to collect data from the end user (e.g., account number, card number, password, etc.) and send it to the attacker, who will subsequently use it to log into the legitimate site. "

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Autosummary: " The malicious GitHub repository in question – github[.]com/YoonJae-rep/CVE-2024-49113 (now taken down) – is said to be a fork of the original repository from SafeBreach Labs hosting the legitimate PoC. The counterfeit repository, however, replaces the exploit-related files with a binary named "poc.exe" that, when run, drops a PowerShell script to create a scheduled task to execute a Base64-encoded script. "

Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you

Autosummary: My advice is to enable 2FA on any accounts which offer it - your bank accounts, your email accounts, your social media accounts, your cryptocurrency accounts, and more... "

STIIIZY data breach exposes cannabis buyers’ IDs and purchases

Autosummary: "The categories of information compromised include name, address, date of birth, age, drivers" license number, passport number, photograph, the signatures appearing on a government ID card, medical cannabis cards, transaction histories, and other personal information. "

Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook

Autosummary: AI SPERA’s "Criminal IP" has recently entered the marketplace of major US data warehousing platforms, including Amazon Web Services (AWS), Microsoft Azure, and Snowflake, expanding its global reach for threat data. "

Largest US addiction treatment provider notifies patients of data breach

Autosummary: " Documents exposed during the incident contained various types of data for each affected patient, including their names and: Social Security number, driver"s license number, date of birth, services received and dates of service, insurance information, treating provider and treatment and/or diagnostic information. "

The top target for phishing campaigns

Autosummary: Sensitive data being leaked through personal apps is top of mind for most organizations, with the most common type of data policy violation being for regulated data (60%), which included personal, financial, or healthcare data being uploaded to personal apps. In 2024, 88% of all employees used personal cloud apps each month, with 26% uploading, posting, or otherwise sending data to personal apps. "

McAfee Scam Detector spots scams across text, email, and video

Autosummary: That’s where McAfee Scam Detector comes in, giving control back to consumers and stopping scammers in their tracks with proactive, real-time protection against suspicious texts, fake emails, and deepfake videos that look incredibly real — all cleverly designed by scammers to steal people’s money and personal information. Every day, scammers trick people with fake texts, emails, and videos, and the results can be devastating.Simple notifications: Alerts come in the form of unobtrusive notifications, whether via your mobile app, email inbox, or video platform, to ensure you know what’s suspicious and why. "

UN aviation agency investigating possible data breach

Autosummary: "

Washington state sues T-Mobile over 2021 data breach security failures

Autosummary: BleepingComputer has contacted T-Mobile requesting a statement on the Washington AG lawsuit, and a spokesperson sent us the following comment: "We have had multiple conversations about this incident from 2021 with the Washington AG"s office over the last several years and even reached out in late November to continue discussions, so the office"s decision to file a lawsuit yesterday came as a surprise," T-Mobile told BleepingComputer. "

AI-supported spear phishing fools more than 50% of targets

Autosummary: The study, titled Evaluating Large Language Models’ Capability to Launch Fully Automated Spear Phishing Campaigns: Validated on Human Subjects, evaluates the capability of large language models (LLMs) to conduct personalized phishing attacks and compares their performance with human experts and AI models from last year. "

Users receive at least one advanced phishing link every week

Autosummary: AI-generated attacks becoming more sophisticated Looking ahead to 2025, we expect this evolution to accelerate, with AI-generated attacks becoming more sophisticated and harder to detect, while attackers increasingly target messaging platforms beyond email, including business collaboration tools, SMS, and social media. "

FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices

Autosummary: Once installed, the dropper acts as a delivery vehicle for the main payload, which is responsible for exfiltrating sensitive data, including notifications, messages, and other app data, to a Firebase Realtime Database endpoint. "

Dental group lied through teeth about data breach, fined $350,000

Autosummary: The Indiana Office of Inspector General (OIG) later uncovered evidence that Westend Dental had experienced a ransomware attack on or around October 20, 2020, involving state residents’ protected health information, but Westend Dental still denied there had been a data breach. "

PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps

Autosummary: It also comes with capabilities to drop more payloads, block mouse and keyboard input, clear Windows event logs, wipe clipboard data, perform file operations, delete caches and profiles associated with web browsers like Sogou, QQ, 360 Safety, Firefox, and Google Chrome, and erase profiles and local storage for messaging applications such as Skype, Telegram, and QQ. "

New FireScam Android malware poses as RuStore app to steal data

Autosummary: Next, it extracts and installs the main malware payload, ‘Telegram Premium.apk’, which requests permissions to monitor notifications, clipboard data, SMS, and telephony services, among others. "

New FireScam Android data-theft malware poses as Telegram Premium app

Autosummary: Next, it extracts and installs the main malware payload, ‘Telegram Premium.apk’, which requests permissions to monitor notifications, clipboard data, SMS, and telephony services, among others. "

Every minute, 4,080 records are compromised in data breaches

Autosummary: “In the year ahead, we’ll be watching how this shift changes our broad range of digital activity, impacts the competitive landscape, and accelerates corporate investment in AI-ready data and tech,” according to James. "

Richmond University Medical Center data breach impacted 674,033 individuals

Autosummary: RUMC disclosed a data breach that potentially involved sensitive files containing personal and health information, including names, Social Security numbers, dates of birth, driver’s license numbers or state identification numbers, other government identification numbers, financial account information, credit or debit card information, biometric information, user credentials, medical treatment/diagnosis information, and/or health insurance policy information. "

FireScam Android info-stealing malware supports spyware capabilities

Autosummary: “The exfiltrated data is temporarily stored in the Firebase Realtime Database at the URL “https[:]//androidscamru-default-rtdb[.]firebaseio[.]com” and is later removed after potentially filtering and storing the important content in another private storage location” The dropper requests extensive permissions, such as app management, storage access, and updating or deleting apps without user consent. "

The real cost of data breaches for businesses

Autosummary: On average, enterprises already have 53 security solutions in use across their organization, however, despite large security stacks, 51% of enterprises reported a breach over the past 24 months. "

Data breaches in 2024: Could it get any worse?

Autosummary: Medical information was leaked by the earlier mentioned Change Healthcare breach, but we saw several smaller incidents at providers in the healthcare industry like Australia’s leading medical imaging provider I-MED Radiology, US and UK based healthcare provider DocGo that offers mobile health services, ambulance services, and remote monitoring for patients, nonprofit, outpatient provider of treatment for Opioid Use Disorder (OUD) To support this nomination, I will remind you of several high-profile breaches, some of a size almost beyond imagination, some that really left us worried because of the type of data that was stolen, and a few duds. "

ZAGG disclosed a data breach that exposed its customers’ credit card data

Autosummary: ZAGG disclosed a data breach that exposed its customers’ credit card data Pierluigi Paganini December 30, 2024 December 30, 2024 ZAGG Inc. notifies customers of credit card data breach, after threat actors hacked a third-party app from its e-commerce provider. "

Overwhelmed by fraud? Here’s how financial pros fight back

Autosummary: From an organizational perspective, leaders can always lean on external partners to provide guidance on deploying verifiable credentials, biometric systems, and layered intelligence to build a resilient zero trust architecture, tailored to the specific needs of their business. AI technology continues to become more sophisticated, so organizations’ understanding of their systems’ vulnerabilities, awareness of these threats, and technology in place to combat them need to be taken extremely seriously. "

iOS devices more exposed to phishing than Android

Autosummary: With the commoditization of advanced malware, evolution of nation-state mobile malware capabilities, and a heavy reliance on mobile-focused social engineering, organizations today must have advanced mobile threat defense as part of their security strategy. "

APT and financial attacks on industrial organizations in Q3 2024

Autosummary: Chinese-speaking activity APT41 attacks According to Mandiant researchers, the threat actor APT41 (aka Barium, Wicked Panda, Wicked Spider, Earth Baku, Axiom, Blackfly, Brass Typhoon, Barium, Bronze Atlas, HOODOO, Red Kelpie, TA415 and Winnti) launched data exfiltration attacks against global shipping and logistics, media, technology and automotive sectors, primarily in Italy, Spain, Taiwan, Thailand, Turkey and the UK.Since its inception in February 2024, RansomHub has encrypted and exfiltrated data from at least 210 victims from sectors including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, commercial facilities, critical manufacturing, transportation, communications, and critical infrastructure.They believe Unit 29155 is responsible for targeting the Ukrainian government, critical infrastructure organizations, and key resource sectors, including the government services, financial services, transportation systems, energy, and healthcare sectors of NATO members, the EU, as well as Central American and Asian countries.The group has been active since at least 2018 and targets organizations and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American countries, focusing on various sectors, including government, finance, energy, oil and gas. SloppyLemming attacks According to Cloudflare, the threat actor SloppyLemming (aka Outrider Tiger) has been targeting organizations in the government, law enforcement, energy, education, telecoms and technology sectors in Pakistan, Bangladesh, Sri Lanka, Nepal and China.In addition, it has the functionality to steal credentials from Outlook, browsers, crypto wallets, Telegram and Steam sessions, Discord tokens, password managers, data from Windows Credential Manager and Windows Vault, as well as read the list of active processes and installed applications. Southeast Asia and Korean Peninsula Andariel attacks The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and other authoring partners published a Cybersecurity Advisory on July 25 focusing on the state-sponsored cybergroup known publicly as Andariel, Onyx Sleet (formerly PLUTONIUM), DarkSeoul, Silent Chollima, and Stonefly/Clasiopa.CLNTEND, first detected in April 2024, is a remote access tool (RAT) that supports a wider range of network protocols for communication, including TCP, HTTP, HTTPS, TLS, and SMB (port 445).Using these tools, the group managed to carry out a number of new attacks against various Russian facilities: an instrumentation manufacturer, a polymer materials plant, a mechanical plant, a technology park, a leasing company, an oil and gas company, and an IT company.Nevertheless, some network activity from the botnet has been detected over the last four years targeting critical sectors in the USA and Taiwan, including military, government, higher education, telecoms, defense industrial base, and IT.The affiliates then moved laterally inside the network using methods such as RDP, PsExec, AnyDesk, Connectwise, N-Able, Cobalt Strike, Metasploit, and others.Data exfiltration has been observed through the use of tools such as PuTTY, Amazon AWS S3 buckets/tools, HTTP POST requests, WinSCP, Rclone, Cobalt Strike, Metasploit, and other methods. The CMoon worm, which spread through a compromised the website of a Russian energy company, and the TIDRONE/Operation WordDrone attacks, which appear to be either supply chain attacks or exploiting a vulnerability in an ERP product to gain initial access to the victim’s systems, reiterate the point that these widely discussed attack vectors, when a third-party service is compromised by the attacker to infect other systems, should by no means be excluded from the threat models of modern industrial enterprises.Organizations in the USA, UK, Netherlands, Cyprus, Sweden, Germany, Singapore, Hong Kong and Australia have been targeted.For other tasks, Head Mare primarily uses publicly available software in its attacks, such as Sliver (the main C2 framework for attackers), ngrok, rsockstun (both used for pivoting), XenAllPasswordPro, and Mimikatz.This service enables a full range of activities, including scalable bot exploitation, vulnerability and exploit management, remote management of C2 infrastructure, file uploads and downloads, remote command execution, and the ability to tailor IoT-based DDoS attacks at scale.The authoring agencies identified the threat actor as primarily targeting defense, aerospace, nuclear, and engineering organizations in the USA, Japan, South Korea, and India.The APT group is known for using spear phishing to impersonate government agencies or banking institutions to distribute various publicly available Trojans, such as AsyncRAT, BitRAT, Lime RAT, NjRAT, Quasar RAT, and Remcos RAT.Files containing saved passwords, cookies, bookmarks, browsing history, and information for autofilling forms, including credit card information, could be collected from web browsers. RansomHub attacks The US Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS) issued a joint Cybersecurity Advisory (CSA) on August 29 containing information relevant to the RansomHub ransomware-as-a-service (RaaS) group (formerly known as Cyclops and Knight). Middle East-related activity Peach Sandstorm attacks Between April and July, Microsoft researchers observed the Peach Sandstorm threat actor (aka APT33, Elfin and Refined Kitten) deploy a new custom multi‑stage backdoor dubbed Tickler in attacks against the satellite, communications equipment and oil and gas sectors, as well as federal and state government sectors in the USA and UAE. "

AI-driven scams are about to get a lot more convincing

Autosummary: As cryptocurrency values climb and hype around the alternative currency increases, scammers are zeroing in on consumers’ digital wallets with fake investment schemes, phishing attacks, and malware designed to steal wallet keys, sell bogus crypto investments, or “pump and dump” – when scammers trick others into buying a cryptocurrency by hyping it up to inflate its price and then sell their shares for a profit when the price is high – causing the value to crash and leaving other investors with worthless assets. “As AI continues to mature and become increasingly accessible, cybercriminals are using it to create scams that are more convincing, personalized, and harder to detect,” said Abhishek Karnik, Head of Threat Research, McAfee. "

NFT scammers charged for stealing $22 million through “rug pulls”

Autosummary: Hay, Mayo, and others allegedly used these tactics with a variety of digital asset projects, including Vault of Gems, Faceless, Sinful Souls, Clout Coin, Dirty Dogs, Uncovered, MoonPortal, Squiggles, and Roost Coin. "

Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service

Autosummary: The most frequently targeted countries using FlowerStorm include the United States, Canada, the United Kingdom, Australia, Italy, Switzerland, Puerto Rico, Germany, Singapore, and India. "

New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA

Autosummary: To protect against phishing attacks, use multi-factor authentication (MFA) with AiTM-resistant FIDO2 tokens, deploy email filtering solutions, and use DNS filtering to block access to suspicious domains like .ru, .moscow, and .dev. "

46% of financial institutions had a data breach in the past 24 months

Autosummary: “In addition to the complexity that mergers and acquisitions introduce to their identity landscape, the influx of machine and third-party identities with access privileges that require protection, and the increased amounts of unmanaged sensitive data have brought to light new areas of risk that, if left ungoverned and unprotected, will result in a growing number of data breaches targeting this sector of the enterprise market.” "

Google says new scam protection feature in Chrome uses AI

Autosummary: For example, if you visit a fake Microsoft tech support page claiming your computer is infected and urging you to call a number, Chrome’s AI could analyze the language, detect the scam tactics like fake urgency or suspicious domains, and display a warning alerting you to avoid interacting with the page or sharing personal information. "

Google Chrome uses AI to analyze pages in new scam detection feature

Autosummary: Chrome"s AI-powered scam detection feature Source: BleepingComputer This feature is believed to help the scam detection service detect the brand and purpose (intent) of a webpage, making it easier to identify potential scams. "

Consumers wrongly attribute all data breaches to cybercriminals

Autosummary: Survey respondents believe that the top four causes of breaches are: Bad actors hacking into a company’s system – 36% (with 67% of Generation Z holding this belief) A company having extremely poor security measures – 33% Bad actors breaking into physical offices – 8% Insider threats – 5% While insider threats ranked last on this list, in reality, human error is the cause of most sensitive data loss. "

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Autosummary: The fines are pursuant to the violation of four different clauses under the GDPR data privacy laws, namely Article 33(3), Article 33(5), Article 25(1), and Article 25(2) - Failing to include in its breach notification all the information that it could and should have included Failing to document the facts relating to each breach, the steps taken to remedy them, and to do so in a way that allows the Supervisory Authority to verify compliance Failing to ensure that data protection principles were protected in the design of processing systems Failing in its obligations as a controller to ensure that only personal data that are necessary for specific purposes are processed "This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms, including a risk to the fundamental rights and freedoms of individuals," DPC Deputy Commissioner Graham Doyle said. "

European companies hit with effective DocuSign-themed phishing emails

Autosummary: "

INTERPOL Pushes for "Romance Baiting" to Replace "Pig Butchering" in Scam Discourse

Autosummary: "

Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach

Autosummary: Attackers accessed the names, phone numbers and email addresses of 15 million users, while for another 14 million users hackers also accessed usernames, profile details (i.e. gender, relationship status, hometown, birthdate, city, and devices), and their 15 most recent searches. The hackers did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps or advertising or developer accounts, the company said. "

Pallet liquidation scams and how to recognize them

Autosummary: In social media groups that specialize in pallet liquidation, you’ll find advertisements that promise valuable merchandise at significantly discounted prices, such as electronics, tools, or other high-demand items. Groups that engage in pallet liquidation sales are rampant on social media and it’s hard to discern the scammers from the legitimate ones (to be honest, I’ve always thought they were all scams, until someone told me there are legitimate ones), let alone the grey area in between. Depending on the reason of sale and the origin, the pallets may include a large quantity of one product or a mix of products, such as overstock or discontinued items, customer returns, or refurbished goods. "

HubSpot phishing targets 20,000 Microsoft Azure accounts

Autosummary: However, the phishing emails associated with this campaign failed Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) checks. "

Ongoing phishing attack abuses Google Calendar to bypass spam filters

Autosummary: "

Ireland fines Meta $264 million over 2018 Facebook data breach

Autosummary: Specifically, the Irish DPC says the following GDPR violations are related to the incident: Article 33(3) : Incomplete breach notification details → €8M fine : Incomplete breach notification details → €8M fine Article 33(5) : Poor documentation of breach facts/remedies → €3M fine : Poor documentation of breach facts/remedies → €3M fine Article 25(1) : "

New fake Ledger data breach emails try to steal crypto wallets

Autosummary: " Phishing email about a fake Ledger data breach Source: BleepingComputer Clicking the "Verify My Recovery Phrase" button brings you to an Amazon AWS website at "https://product-ledg.s3.us-west-1.amazonaws[.]com/recover.html" that then redirects users to a phishing page at "ledger-recovery[.]info". Fake Ledger site Source: BleepingComputer Clicking the "Verify your Ledger now" brings up another page asking you to enter your 12, 18, or 24-word Ledger recovery phrase. "

Texas Tech University data breach impacted 1.4 million individuals

Autosummary: "

With DORA approaching, financial institutions must strengthen their cyber resilience

Autosummary: To meet DORA’s standards, organizations must strengthen their operations across five critical areas: ICT risk management, incident reporting, resilience testing, third-party risk management, and information sharing. For DORA compliance, institutions must ensure their testing is comprehensive, encompassing internal systems, third-party integrations and the latest threat intelligence. "

New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide

Autosummary: Similar to major scam operations like Telekopye, it"s suspected that there are different groups who are in charge of managing each and every aspect of the attack chain: Theft, creation, and abuse of Meta accounts and ads, building the phishing infrastructure, and running the call centers. "

Rhode Island confirms data breach after Brain Cipher ransomware attack

Autosummary: "On December 13, 2024, the State was informed by its vendor, Deloitte, that there was a major security threat to the RIBridges system," reads the announcement published by the Rhode Island authorities on Saturday. "

Task scams surge by 400%, but what are they?

Autosummary: In these scams, online criminals prey on people looking for remote jobs by offering them simple repetitive tasks such as liking videos, optimizing apps, boosting product interest, or rating product images. "

Texas Tech University System data breach impacts 1.4 million patients

Autosummary: "

ConnectOnCall data breach impacted over 900,000 individuals

Autosummary: "

FTC warns of online task job scams hooking victims like gambling

Autosummary: These scams impersonate legitimate companies, such as Deloitte, Amazon, McKinsey and Company, and Airbnb, and the victims are given tasks in sets, usually of forty items. "

Spain busts voice phishing ring for defrauding 10,000 bank customers

Autosummary: "

Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

Autosummary: The notice underlines that no user funds or digital assets were compromised from this breach, but the attackers accessed the following sensitive information: Full name Date of birth Physical address Phone number Email address Government-issued ID Social Security number (SSN) Transaction activity User photographs The above information is particularly sensitive and very revealing for cryptocurrency holders, potentially putting them at risk of SIM swap attacks, account takeovers, or other targeted phishing attacks. "

US Bitcoin ATM operator Byte Federal suffered a data breach

Autosummary: Potentially compromised customer personal information includes name, birthdate, address, phone number, email address, government-issued ID, social security number, transaction activity, and photographs of users. "

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Autosummary: Previously, Resecurity described multiple episodes of Smishing Triad activity targeting online banking, e-commerce and payment systems customers in other geographies including USA, EU, UK, Pakistan, India, UAE and KSA. According to a recent Strategic Analysis Report released by the UAE Financial Intelligence Unit (UAEFIU), fraud, particularly in the UAE, remains a major risk, contributing to money laundering activities, with an estimated financial loss of AED 1.2 billion (equal to USD 326 million) between 2021 and 2023. "

Phone Phishing Gang Busted: Eight Arrested in Belgium and Netherlands

Autosummary: "

Ongoing Phishing and Malware Campaigns in December 2024

Autosummary: In one of the latest attacks, criminals utilize scripts to facilitate the execution chain that involves the following steps: LNK file initiates Forfiles Forfiles locates HelpPane PowerShell launches Mshta with the AES-encrypted first-stage payload Mshta decrypts and executes the downloaded payload PowerShell runs an AES-encrypted command to decrypt Emmenhtal Entire execution chain demonstrated by ANY.RUN"s Interactive sandbox The Emmenhtal loader, which is the final PowerShell script, executes a payload — often Updater.exe — by using a binary file with a generated name as an argument. Identify threats in < 40 seconds Save resources on setup and maintenance Log and examine all malicious activities Work in private mode with your team Get a 14-day free trial of ANY.RUN to test all the features it offers → "

CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force

Autosummary: "

Inside the incident: Uncovering an advanced phishing attack

Autosummary: Initially, our only indicators of compromise were the recipient’s email address and the source IP of the deletion rule creation event, which turned out to be a general Microsoft IP and, therefore, not very useful in that case. Fortunately, our customer’s security team acted swiftly, disabling the account, ending the session, and resetting the user’s credentials within 30 minutes. To develop part of the attack, the threat actor used the public platform Render, a unified cloud platform that allows developers to build, deploy, and scale applications and websites easily. IoCs 138.199.52[.]3 siffinance[.]com login.siffinance[.]com www.siffinance[.]com ywnjb.siffinance[.]com atoantibot.onrender[.]com file365-cloud.s3.eu-west-2.amazonaws[.]com How Varonis can help Varonis monitors real-time email and browsing activities and user and data activities, providing a comprehensive tool for cyber forensics investigations. Circling back to the “hacker humor” mentioned above, the attacker has disabled (or deactivated) the malicious domain, but if you try to access it today, it redirects to a popular internet prank known as Rickrolling. "

Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam

Autosummary: " The newest version of Antidot is packed in support for new commands that allow the operators to launch "Keyboard & Input" settings, interact with the lock screen based on the set value (i.e., PIN, pattern, or password), wake up the device, reduce screen brightness to the lowest level, launch overlays to steal Google account credentials, and even prevent it from being uninstalled. "

2023 Anna Jaques Hospital data breach impacted over 310,000 people

Autosummary: Exposed information varies per individual, however, it may include demographic information, medical information, health insurance information, Social Security number, driver’s license number, financial information, and other personal or health information that patients provided Anna Jacques. "

RSA expands phishing-resistant, passwordless capabilities

Autosummary: "

GenAI makes phishing attacks more believable and cost-effective

Autosummary: GenAI is a powerful tool that can be used by security teams to protect organizations, however, it can also be used by malicious actors, making phishing-related attacks a growing and concerning threat vector, according to Ivanti. "

New Atrium Health data breach impacts 585,000 individuals

Autosummary: Additionally, if users filled out forms, data such as name, email, phone number, address, and gender may have been shared with third-party vendors. "

Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests

Autosummary: Led by the National Crime Agency working with Border Force, Op Destabilise has exposed Russian kleptocrats, drug gangs, and cyber criminals - all of whom relied on the flow of dirty money," said Security Minister Dan Jarvis. "

This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

Autosummary: Campaigns leveraging DroidBot have been primarily observed in Austria, Belgium, France, Italy, Portugal, Spain, Turkey, and the United Kingdom. "

Operation Destabilise dismantled Russian money laundering networks

Autosummary: “Through the TGR Group, Russian elites sought to exploit digital assets—in particular U.S. dollar-backed stablecoins—to evade U.S. and international sanctions, further enriching themselves and the Kremlin,” said Acting Under Secretary for Terrorism and Financial Intelligence Bradley T. Smith, “The United States, alongside our allies and partners, remains committed to disrupting any effort by Russia to use digital assets or other illicit financial schemes to accrue, store, and transfer their ill-gotten gains.” “Through key facilitators like Zhdanova, Russian elites, ransomware groups, and other illicit actors sought to evade U.S. and international sanctions, particularly through the abuse of virtual currency,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson. "

Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users

Autosummary: And, according to Jérôme Segura, senior director of research at security firm Malwarebytes, the most common type of malicious Google search ads encountered are those which pose as the customer support teams of major internet brands like PayPal, eBay, Apple, and Netflix. "

Crypto&#8217;s rising value likely to bring new wave of scams

Autosummary: By siphoning your money out of your accounts, and by sometimes even fabricating false “returns” on your investments, the cybercriminals are slowly building trust from you, only to yank away all your money at a later date.Remember, if a celebrity or public figure is suddenly making large promises on specific, individual cryptocurrencies, be cautious about their claims. "

Ransomware-hit vodka maker Stoli files for bankruptcy in the United States

Autosummary: "

UK disrupts Russian money laundering networks used by ransomware

Autosummary: As part of this Operation Destabilise, U.K. law enforcement has collaborated with many international partners, including the U.S. Department of the Treasury"s Office of Foreign Assets Control (OFAC), the FBI, the Drug Enforcement Agency, the French Direction Centrale de la Police Judiciaire, and Ireland"s national police and security service, An Garda Síochána (AGS). "

New DroidBot Android banking malware spreads across Europe

Autosummary: Among the 77 apps DroidBot attempts to steal credentials, some standouts include Binance, KuCoin, BBVA, Unicredit, Santander, Metamask, BNP Paribas, Credit Agricole, Kraken, and Garanti BBVA. "

New DroidBot Android malware targets 77 banking, crypto apps

Autosummary: Among the 77 apps DroidBot attempts to steal credentials, some standouts include Binance, KuCoin, BBVA, Unicredit, Santander, Metamask, BNP Paribas, Credit Agricole, Kraken, and Garanti BBVA. "

Repeat offenders drive bulk of tech support scams via Google Ads

Autosummary: Search for help, find a scam Search engines, and Google’s in particular, are our gateway to the web. Somewhere far in Asia, someone in a call centre is waiting to welcome the next victim by starting with “Hi, welcome to PayPal support, my name is John, how can I help you? "

Vodka maker Stoli files for bankruptcy in US after ransomware attack

Autosummary: "

Novel phishing campaign uses corrupted Word documents to evade security

Autosummary: Phishing email S​​​​​ource: BleepingComputer These attachments use a wide range of themes, all revolving around employee benefits and bonuses, including: Annual_Benefits_&_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw__.docx Annual_Q4_Benefits_&_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw__.docx.bin Benefits_&_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw__.docx.bin Due_&_Payment_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw__.docx.bin Q4_Benefits_&_Bonus_for_[name]_IyNURVhUTlVNUkFORE9NNDUjIw__.docx.bin The documents in this campaign all include the base64 encoded string "IyNURVhUTlVNUkFORE9NNDUjIw," which decodes to "##TEXTNUMRANDOM45##". "

Hackers stole millions of dollars from Uganda Central Bank

Autosummary: Hackers stole millions of dollars from Uganda Central Bank Pierluigi Paganini December 01, 2024 December 01, 2024 Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. "

Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks

Autosummary: Some of the promoted features of Rockstar 2FA include two-factor authentication (2FA) bypass, 2FA cookie harvesting, antibot protection, login page themes mimicking popular services, fully undetectable (FUD) links, and Telegram bot integration. "

New Rockstar 2FA phishing service targets Microsoft 365 accounts

Autosummary: Trustwave The service is promoted on Telegram, among other places, boasting a long list of features like: Support for Microsoft 365, Hotmail, Godaddy, SSO Randomized source code and links to evade detection Cloudflare Turnstile Captcha integration for victim screening Automated FUD attachments and links User-friendly admin panel with real-time logs and backup options Multiple login page themes with automatic organization branding (logo, background) The service has set up over 5,000 phishing domains since May 2024, facilitating various phishing operations. "

Bologna FC confirms data breach after RansomHub ransomware attack

Autosummary: Complete financial data of the club"s history Personal and confidential player data Transfer strategies for new and young players Confidential data of fans and employees Data on young athletes Medical records Information on structures and stadiums Commercial strategies and business plans Previously, the threat actors attempted to blackmail the Italian football team by listing examples of how leaked documents caused other teams to pay huge fines over various violations and used GDPR as leverage. "

Phishing-as-a-Service Rockstar 2FA continues to be prevalent

Autosummary: Phishing-as-a-Service Rockstar 2FA continues to be prevalent Pierluigi Paganini November 29, 2024 November 29, 2024 Phishing tool Rockstar 2FA targets Microsoft 365 credentials, it uses adversary-in-the-middle (AitM) attacks to bypass multi-factor authentication. "

FlipaClip animation app data breach exposes details of almost 900,000 users

Autosummary: However, names, dates of birth, email addresses, and countries of residence were breached and it is easy to imagine how a fraudster could exploit such information (for instance, in a phishing campaign) to trick FlipaClip animators into handing over their login credentials and other sensitive information. "

Meta removes over 2 million accounts pushing pig butchering scams

Autosummary: What Meta is doing about it Meta says it employs a range of measures to try to detect and stop these scams on its platforms, including Facebook, Instagram, WhatsApp, and Messenger, before they have the opportunity to bait users and victimize them. "

Bangkok busts SMS Blaster sending 1 million scam texts from a van

Autosummary: "

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Autosummary: " Redmond has also characterized North Korea"s dispatching of thousands of IT workers abroad as a triple threat that makes money for the regime through "legitimate" work, allows them to abuse their access to get hold of intellectual property, and facilitates data theft in exchange for a ransom. "

Microsoft seized 240 sites used by the ONNX phishing service

Autosummary: Microsoft seized 240 sites used by the ONNX phishing service Pierluigi Paganini November 23, 2024 November 23, 2024 Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. "

Smashing Security podcast #394: Digital arrest scams and stream-jacking

Autosummary: Hosts: Graham Cluley: @grahamcluley.com @[email protected] Carole Theriault: @caroletheriault Guest: Maria Varmazis: @varmaz.is @[email protected] Episode links: Sponsored by: 1Password Extended Access Management – Secure every sign-in for every app on every device. "

Now BlueSky hit with crypto scams as it crosses 20 million users

Autosummary: A crypto scam on BlueSky featuring Meta branding (BleepingComputer) The MetaChain[.]cash website mentioned in the post also appears to carefully impersonate Meta branding, typeface, and messaging: MetaChain domain impersonates Meta branding (BleepingComputer) Another post titled "You"ve won FREE Satoshi Bitcoin of $900k" was seen leading users to a GitHub Pages website, cryptos-satoshi.github[.]io which is no longer accessible. A BlueSky post from last week featured an AI-generated image of Mark Zuckerberg and promoted crypto assets like "MetaChain" and "MetaCoin." As evident from the messaging and graphics, the post misleads viewers into associating the advertised products with tech giant Meta and its concept "Metaverse". "

Microsoft disrupts ONNX phishing-as-a-service infrastructure

Autosummary: The attacks, also controlled via Telegram bots, came with built-in two-factor authentication (2FA) bypass mechanisms and most recently targeted financial firms" employees (at banks, credit union service providers, and private funding firms) using QR code phishing (also known as quashing) tactics. "

750,000 patients’ medical records exposed after data breach at French hospital

Autosummary: "

AI Granny Daisy takes up scammers’ time so they can’t bother you

Autosummary: We asked Tammy Stewart, one of Malwarebytes’ researchers, who has made it a hobby to waste the time of phishers herself, and she was enthusiastic about the idea of having a “Daisy.” "

New Ghost Tap attack abuses NFC mobile payments to steal money

Autosummary: "The new tactic for cash-outs poses a challenge for financial organisations: the ability of cybercriminals to scale the fraudulent offline purchases, making multiple small payments in different places, might not trigger the anti-fraud mechanisms and might allow cybercriminals to successfully buy goods that can be further re-sold (like gift cards)," explains ThreatFabric. "

“Sad announcement” email leads to tech support scam

Autosummary: Here are some examples: “When you open them you will see why I actually wanted to share them with you today” “Never thought I would want to share these images with you, anyways here they are” “I’m presuming you should remember these two ladies, in that photo” “When I was looking through some old folders I found these 3 pics” “it wasn’t initially my plan, but I had to change my mind about it” “Two pictures that I wanted to share with you. If in doubt, contact your friend via another, trusted method If your browser or mobile device “locks up”, meaning you’re no longer able to navigate away from a virus warning, you’re likely looking at a tech support scam. To close the emails off, the scammers end with a quote in the format: “You do not find the happy life. How to avoid the “sad announcement” scam Always compare the actual sender address with the email address this person would normally use to send you an email. "

Fintech giant Finastra investigates data breach after SFTP hack

Autosummary: The firm"s software services include lending solutions, payment processing, cloud-enabled retail and banking platforms, and trading risk management tools. "

Ford data breach involved a third-party supplier

Autosummary: "

Hornetsecurity DMARC Manager protects against fraud and phishing attacks

Autosummary: To help prevent fraud, impersonation and phishing attacks, DMARC Manager also identifies suspicious activities, such as unauthorised email traffic being sent in the name of the user’s domains. "

QuickBooks popup scam still being delivered via Google ads

Autosummary: The application that creates it is a program written in Microsoft .NET, which contains two important methods that control when and how the popup appears: MonitorAndShowForm(), which calls CalculateNextDisplayDate and is incremented on week days CheckTimeWindow() to make sure it is a weekday and within a certain time window The text content (fake instructions) can also be seen here, encoded in Base64 presumably to avoid detection from antivirus software: Conclusion This clever scheme has been going for some time now and every now and again we see some people reporting it online, seemingly always via Google ads. "

US space tech giant Maxar discloses employee data breach

Autosummary: "

Phishing emails increasingly use SVG attachments to evade detection

Autosummary: For example, the following text will create a rectangle, a circle, a link, and some text: <svg width="200" height="200" xmlns="http://www.w3.org/2000/svg"> <!-- "

USX Cyber strengthens phishing defense in GUARDIENT XDR

Autosummary: "

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

Autosummary: "Minimal interaction with a malicious file by a user such as selecting (single-click), inspecting (right-click), or performing an action other than opening or executing could trigger this vulnerability," Microsoft revealed in its advisory. "

Scammer robs homebuyers of life savings in $20 million theft spree

Autosummary: In the initial phase, Babatunde Francis Ayeni and his criminal gang targeted US title companies, real estate agents, and real estate attorneys. "

Google launches on-device AI to alert Android users of scam calls in real-time

Autosummary: Scam Detection One of the key features is Scam Detection, which leverages on-device AI to identify potential scam calls in real-time. "

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Autosummary: Some of the other recent tactics adopted by fraudsters and cybercriminals are listed below - Misuse of artificial intelligence (AI) tools to create deepfakes of public figures, taking advantage of their credibility and reach to conduct investment fraud Using hyper-realistic impersonation for bogus crypto investment schemes App and landing page clone scams that dupe users into visiting lookalike pages of their legitimate counterparts, leading to credential or data theft, malware downloads, and fraudulent purchases Capitalizing on major events and combining them with AI to defraud people or promote non-existent products and services Google told The Hacker News that it intends to release such advisories about online fraud and scams every six months as part of its efforts to raise awareness about the risks. "

Social engineering scams sweep through financial institutions

Autosummary: “As we outlined in our 2024 AI, Fraud, and Financial Crime Survey and ScamGPT white paper, AI is super-charging fraud,” said BioCatch Global Advisory Director Seth Ruden. "

GoIssue phishing tool targets GitHub developer credentials

Autosummary: "

New Google Pixel AI feature analyzes phone conversations for scams

Autosummary: " Anti-stalkerware system The second feature is the new "Live Threat Detection" in Google Play Protect, Android"s default anti-malware and security tool that protects users in real-time. "

Winter Fuel Payment scam targets UK citizens via SMS

Autosummary: Image Other examples seen have used other URL shorteners, such as bit.ly, and the scammers behind the campaign have used a variety of different messages to socially engineer unsuspecting users into visiting a phishing site. "

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns

Autosummary: " SlashNext said the tool marks a "dangerous shift in targeted phishing" that could act as a gateway to source code theft, supply chain attacks, and corporate network breaches via compromised developer credentials. "

Amazon confirms employee data breach after vendor hack

Autosummary: Company Date Stolen Number of Employees Lenovo 2023-05 45,522 McDonald"s 2023-05 3,295 HP 2023-05 104,119 City National Bank 2023-05 9,358 BT 2023-05 15,347 dsm-firmenich 2023-05 13,248 Rush University 2023-05 15,853 URBN 2023-05 17,553 Westinghouse 2023-05 18,193 UBS 2023-05 20,462 TIAA 2023-05 23,857 OmnicomGroup 2023-05 37,320 Bristol-Myers Squibb 2023-05 37,497 3M 2023-05 48,630 Schwab 2023-05 49,356 Leidos 2023-05 52,610 Canada Post 2023-05 69,860 Amazon 2023-05 2,861,111 Delta 2023-05 57,317 Applied Materials 2023-05 53,170 Cardinal Health 2023-05 407,437 US Bank 2023-05 114,076 fmr.com 2023-05 124,464 HSBC 2023-05 280,693 MetLife 2023-05 585,130 The MOVEit data-theft attacks The Clop ransomware gang was behind a wave of data theft attacks starting on May 27, 2023. "

HIBP notifies 57 million people of Hot Topic data breach

Autosummary: According to HIBP, the exposed details include full names, email addresses, dates of birth, phone numbers, physical addresses, purchase history, and partial credit card data for Hot Topic, Box Lunch, and Torrid customers. "

Amazon discloses employee data breach after May 2023 MOVEit attacks

Autosummary: Amazon discloses employee data breach after May 2023 MOVEit attacks Pierluigi Paganini November 11, 2024 November 11, 2024 Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. "

Bitcoin Fog Founder Sentenced to 12 Years for Cryptocurrency Money Laundering

Autosummary: "Over the course of its decade-long operation, Bitcoin Fog gained notoriety as a go-to money laundering service for criminals seeking to hide their illicit proceeds from law enforcement and processed transactions involving over 1.2 million bitcoin, valued at approximately $400 million at the time the transactions occurred," the DoJ said. "

Scammers target UK senior citizens with Winter Fuel Payment texts

Autosummary: The text urges the recipient to click on a link, leading them to a lookalike GOV.UK page: Please note that the government has decided that the Winter heating_allowance and Cost of Living_support for 2024 have been fully implemented, you have met the requirements, please be sure to fill in the application information as soon as possible, we will release the money to you within 3days, please note that check, this will be the last notice to you, the online application channel deadline is November 12.The domain name comprising the phrases, "notices," "gov," and "e" are all likely an attempt, albeit an unrefined one, to make it appear authentic. "

Large eBay malvertising campaign leads to scams

Autosummary: Indicators of Compromise Fake pages e-bays-24x7support-number[.]vercel[.]app developer[.]ebay[.]com e-bay24x7pluscaresupport[.]bitbucket[.]io upbay[.]online e-bay24x7customer[.]casterins[.]online e-bay24x7-customers-services-assist[.]onrender[.]com Fraudulent phone numbers 1[-]866[-]409[-]9281 1[-]833[-]714[-]3970 1[-]805[-]372[-]1369 Flurry of ads A search for ‘ebay phone number‘ or ‘ebay customer service‘ from the U.S. using Google Chrome returned several ads that were entirely fraudulent. "

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

Autosummary: The campaign, dating back to February 2023, has claimed victims across the world, particularly those located in Brazil, China, Russia, Mexico, UAE, Egypt, Algeria, Vietnam, India, and Sri Lanka." The miner, for its part, is downloaded from a GitHub repository, with the malware also initiating contact with a remote server over TLS version 1.3 to exfiltrate sensitive data from web browsers, such as cookies, credit card data, browsing history, and visited places, system metadata, installed software, and timezone, among others. "

Identity-related data breaches cost more than average incidents

Autosummary: By sector, agriculture and aerospace estimated that identity-related data breaches tended to cost them the most, with 50% and 43% of respondents noting that breaches had cost them more than $10,000,000 (respectively). "

Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks

Autosummary: The individual in question, Alexander "Connor" Moucka (aka Judische and Waifu), was apprehended on October 30, 2024, on the basis of a provisional arrest warrant, following a request by the U.S. The development was first reported by Bloomberg and corroborated by 404 Media. "

Beware of phishing emails delivering backdoored Linux VMs!

Autosummary: If the user clicks on the shortcut file, a process is started wherein: The ZIP file is “unzipped” and its contents put into the user’s profile directory into a directory called “datax” A batch processing (BAT) file is executed and it shows a decoy image saying there was an “Internal Server Error” while, in the background, a (renamed) QEMU process and command line is executed to start the emulated Tiny Core Linux environment The customized Linux VM is meant to be used to create an interactive shell (essentially, a backdoor) on the host machine by initiating an SSH connection, through which the attackers can: "

New Android Banking Malware "ToxicPanda" Targets Users with Fraudulent Money Transfers

Autosummary: A majority of the compromises have been reported in Italy (56.8%), followed by Portugal (18.7%), Hong Kong (4.6%), Spain (3.9%), and Peru (3.4%), marking a rare instance of a Chinese threat actor orchestrating a fraudulent scheme to target retail banking users in Europe and Latin America. "

ToxicPanda Android banking trojan targets Europe and LATAM, with a focus on Italy

Autosummary: “According to its source code, ToxicPanda is in an early stage of development, with some commands appearing as placeholders without a real implementati” ToxicPanda, similar to other banking trojans like Medusa, BingoMod, and Copybara, uses a manual approach allowing attackers target any bank customer, requiring less technical skill, and helping them to bypass banks’ behavioral detection defenses.Though still in early development, with incomplete code elements, ToxicPanda has infected thousands of devices across Italy, Portugal, Spain, and Latin America, targeting 16 banks. "

New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls

Autosummary: The names of the malicious package names, i.e., dropper apps, bearing the malware are listed below - com.qaz123789.serviceone com.sbbqcfnvd.skgkkvba com.securegroup.assistant com.seplatmsm.skfplzbh eugmx.xjrhry.eroreqxo gqcvctl.msthh.swxgkyv ouyudz.wqrecg.blxal plnfexcq.fehlwuggm.kyxvb xkeqoi.iochvm.vmyab Like other Android banking malware families that are known to abuse accessibility services APIs to seize control of the devices and perform malicious actions, FakeCall uses it to capture information displayed on the screen and grant itself additional permissions as required. "

Windows infected with backdoored Linux VMs in new phishing attacks

Autosummary: Start.bat batch file installing the QEMU Linux virtual machine Source: BleepingComputer While the virtual machine is being installed, the same batch file will display a PNG file downloaded from a remote site that shows a fake server error as a decoy, implying a broken link to the survey. "

Nigerian man Sentenced to 26+ years in real estate phishing scams

Autosummary: Nigerian man Sentenced to 26+ years in real estate phishing scams Pierluigi Paganini November 04, 2024 November 04, 2024 Nigerian Kolade Ojelade gets 26 years in U.S. for phishing scams that stole millions by hacking email accounts. "

Crooks bank on Microsoft&#8217;s search engine to phish customers

Autosummary: Indicators of Compromise Cloaking domains ixx-kexxx[.]com Phishing domains xxx-ii-news[.]net xxx-ii-news[.]com ixxx-blognew[.]com xxx-ii-news[.]net new-bllog-i[.]com info-blog-news[.]com xv-bloging-info[.]com xxx-new-videos[.]com Hosting server 200.107.207[.]232This is because of the built-in anti-phishing heuristic rules which intercept the connection and display a warning message: If you suspect your banking information has already been stolen, try to take action as quickly as possible by contacting your financial institution(s) and resetting all your passwords (especially if you reused any of them for different websites). Bypassing multi factor authentication In some phishing campaigns, criminals are notified in real time when a new victim attempts to login into their fraudulent page. "

ChatGPT-4o can be used for autonomous voice-based scams

Autosummary: Scam types and success rate Source: Arxiv.org OpenAI"s response OpenAI told BleepingComputer that its latest model, o1 (currently in preview), which supports "advanced reasoning," was built with better defenses against this kind of abuse. Study findings The researcher"s paper explores various scams like bank transfers, gift card exfiltration, crypto transfers, and credential stealing for social media or Gmail accounts. "

50% of financial orgs have high-severity security flaws in their apps

Autosummary: Security debt, defined for this report as flaws that remain unfixed for longer than a year, exists in 76% of organizations in the financial services sector, with 50% of organizations carrying critical security debt, according to Veracode. "

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Autosummary: Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services, and banking services. "

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

Autosummary: "

Android malware FakeCall intercepts your calls to the bank

Autosummary: Likely without realizing, when the user gives the app permission to set it as the default call handler, the malware gains permission to intercept and manipulate both outgoing and incoming calls. "

Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Autosummary: "

New version of Android malware FakeCall redirects bank calls to scammers

Autosummary: New version of Android malware FakeCall redirects bank calls to scammers Pierluigi Paganini October 31, 2024 October 31, 2024 The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. "

Russia fines Google more money than there is in entire world

Autosummary: "

Android malware "FakeCall" now reroutes bank calls to attackers

Autosummary: A new phone listener service establishes a communication channel with the attacker"s command and control (C2) server, allowing them to issue commands to perform various actions, like get device location, delete apps, record audio or video, and edit contacts. Overview of latest FakeCall attacks Source: Zimperium New features and improvements Despite heavier code obfuscation, Zimperium also discovered that the latest FakeCall versions add several improvements and attack mechanisms, though some are still under development. "

Interbank confirms data breach following failed extortion, data leak

Autosummary: Stolen Interbank data up for sale (BleepingComputer) ​The threat actor claims they were able to steal Interbank customers" full names, account IDs, birth dates, addresses, phone numbers, email addresses, and IP addresses, as well as credit card and CVV numbers, credit card expiry dates, info on bank transactions, and other sensitive information, including plaintext credentials. "

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Autosummary: Microsoft warns of a large-scale spear-phishing campaign by Russia-linked APT Midnight Blizzard (aka APT29, SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes), targeting 1,000+ users across 100+ organizations for intelligence gathering. "

PIXM protects MSPs from credential theft and phishing attacks

Autosummary: While phishing security is often associated solely with email protection, cybercriminals are adapting and increasingly exploiting other channels such as SMS, social media platforms (such as Facebook), SaaS work apps (such as Slack and Google Docs), and even QR codes to deliver phishing attacks. "

Entrust helps banks fight fraud during account opening

Autosummary: Empowering financial institutions to unlock scale and acquire more customers through digital identity verification, establishing high assurance in their customers through document validation, biometric liveness detection, and a suite of fraud signals, underpinned by award-winning AI technology. "

Free, France’s second largest ISP, confirms data breach after leak

Autosummary: However, the attackers failed to access customer passwords, bank card information, and communications content (including "emails, SMS, voice messages, etc."). "

French ISP Free confirms data breach after hacker puts customer data up for auction

Autosummary: [embed lemonde-article.jpeg] However, according to the firm, no passwords, bank card information, or the contents of communications (emails, SMS, or voicemails) were compromised by the attack. "

Four REvil Ransomware members sentenced for hacking and money laundering

Autosummary: Vasinskyi (aka Profcomserv, Rabotnik, Rabotnik_New, Yarik45, Yaraslav2468, and Affiliate 22) was arrested on October 8, 2021, while he was trying to enter Poland. "

100 million US citizens officially impacted by Change Healthcare data breach

Autosummary: Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.And 2024 looks even worse, she added: “And this year, with both the Change breach and Ascension breach, we expect that number to potentially double or go higher.” "

Change Healthcare data breach impacted over 100 million people

Autosummary: “Our experts are working to address the matter and we are working closely with law enforcement and leading third-party consultants, Mandiant and Palo Alto Network, on this attack against Change Healthcare’s systems” Compromised data includes names, addresses, dates of birth, phone numbers, driver’s license or state ID numbers, Social Security numbers, diagnosis and treatment information, medical record numbers, billing codes, insurance member IDs, and other types of information. "

OnePoint Patient Care data breach impacted 795916 individuals

Autosummary: The compromised data includes names, residence information, medical records, diagnosis, prescription details, and, for some, Social Security numbers. "

AI and deepfakes fuel phishing scams, making detection harder

Autosummary: As it stands, credentials are pretty much littered across the many disparate layers of the technology stack – Kubernetes, servers, cloud APIs, specialized dashboards and databases, and more.” "

Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA

Autosummary: Even more troubling, RISK & INSURANCE, a leading publication from the cybersecurity insurance industry, reported that the median ransom grew to $20 million in 2023, up significantly from $1.4 million in 2022, while actual payments surged to $6.5 million, compared to $335,000 previously.Cybercriminals are easily bypassing legacy MFA solutions through phishing, SIM swapping, Man-in-the-Middle (MitM) attacks, and more.In their advisory AA24-242A, DHS/CISA and the FBI told the entire cybercriminal-stopping world that to stop ransomware attacks, organizations needed to implement phishing-resistant MFA and ditch SMS-based OTP MFA. "

Insurance admin Landmark says data breach impacts 800,000 people

Autosummary: "

Henry Schein discloses data breach a year after ransomware attack

Autosummary: "

New Grandoreiro Banking Malware Variants Emerge with Advanced Tactics to Evade Detection

Autosummary: "Grandoreiro searches for anti-malware solutions such as AVAST, Bitdefender, Nod32, Kaspersky, McAfee, Windows Defender, Sophos, Virus Free, Adaware, Symantec, Tencent, Avira, ActiveScan, and CrowdStrike," the company said. "

Phishing scams and malicious domains take center stage as the US election approaches

Autosummary: The analysis continues to show a significant number of diverse databases available on darknet forums targeting the US, including SSNs, usernames, email addresses, passwords, credit card data, date of birth, and other PII that could be used to challenge the integrity of the 2024 US election. "

Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies

Autosummary: In May 2024, a coalition of European countries said it dismantled over 100 servers linked to several malware strains such as IcedID (and, by extension, Latrodectus), SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. "

Facebook and Instagram launch celebrity scam ad crackdown

Autosummary: "

Gophish Framework Used in Phishing Campaigns to Deploy Remote Access Trojans

Autosummary: The JavaScript is executed using a legitimate Windows binary named "cscript.exe." "The PowerShell loader script masquerading as the INI file contains base64 encoded data blob of the payload PowerRAT, which decodes and executes in the victim"s machine memory," Raghuprasad said. "

Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain

Autosummary: "Over a period of at least six months, the attackers stealthily gathered valuable information from the targeted company including, but not limited to, network configurations, user passwords, and secrets from the LSASS process," Ido Naor, co-founder and CEO of Israeli cybersecurity company Security Joes, said in a statement shared with The Hacker News. "

Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign

Autosummary: Unknown threat actors exploit Roundcube Webmail flaw in phishing campaign Pierluigi Paganini October 21, 2024 October 21, 2024 Hackers exploited a now-patched Roundcube flaw in a phishing attack to steal user credentials from the open-source webmail software. "

Google Voice scams: What are they and how do I avoid them?

Autosummary: Then they may do one of several things: Sell your Google Voice number and account to other scammers Place vishing calls designed to scam victims, using your Google Voice account Embed your Google Voice number into email phishing or smishing messages Use the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scams Use the Google Voice number and spoofing software to call or text your family and friends, asking for emergency funds The FTC also warns that sometimes the fraudster will try to obtain personally identifiable information from you as well as carry out the Google Voice scam.Watch out for schemes where fraudsters trick people into sharing verification codes so they can gain access to their phone numbers In our hyper-connected world, technology has transformed the way we communicate, enabling us to connect with anyone, anywhere, at the touch of a button. What to do in a worst-case scenario If you realize you’ve been the victim of a Google Voice scam, there’s a dedicated page designed to help you reclaim your Voice number. "

Omni Family Health data breach impacts 468,344 individuals

Autosummary: The data breach at Omni Family Health may have exposed varying personal information for current and former patients, including names, addresses, Social Security numbers, dates of birth, health insurance details, and medical information. "

Tech giant Nidec confirms data breach following ransomware attack

Autosummary: The investigation also revealed that the attackers stole 50,694 files, including the following: Internal documents Letters from business partners Documents related to green procurement Labor safety and health policies (business and supply chain, etc.) "

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Autosummary: "

USDoD hacker behind National Public Data breach arrested in Brazil

Autosummary: "

How does WhatsApp make money? It"s free - with some tricks

Autosummary: Discord, a messaging app largely used by young gamers, has a freemium model – it is free to sign-up, but additional features, including access to games, come with a pricetag.“Our vision, if we get all of this right, is a business and a customer should be able to get things done right in a chat thread,” says Nikila Srinivasan, vice president of business messaging at Meta. "

Data breaches trigger increase in cyber insurance claims

Autosummary: In discussions with clients, it is critical we understand their data governance standards and how transparent they are when it comes to their use of consumers’ data, who they share it with, and their approach to vendor cyber security,” says Tresa Stephens, Head of Cyber, North America, Allianz Commercial. “AI is also becoming an essential tool in the fight against cyber-attacks, as it can quickly identify a security breach and automatically isolate systems and databases, as well as having the potential to significantly reduce the cost and life cycle of a data breach claim by automating tasks, such as forensics and notifications, potentially saving companies millions of dollars,” concluded Baviskar. "

AI scammers target Gmail accounts, say they have your death certificate

Autosummary: To verify if a security alert is from Google, users can check their Recent security activity: Tap your Gmail profile photo in the top right corner Tap Manage your Google Account Select the Security tab tab You will see something similar to this: Here you can find the Review Security Activity button Any messages claiming to be security alerts from Google that are not listed there will not be from Google. Public service announcement: You should be aware of a pretty elaborate phishing scam using AI voice that claims to be Google Support (caller ID matches, but is not verified) DO NOT CLICK YES ON THIS DIALOG— You will be phished They claim to be checking that you are alive and… pic.twitter.com/60zeuS2lL8 — Garry Tan (@garrytan) October 10, 2024 The scammers claim to be checking that you are alive and whether they should disregard a filed death certificate. "

Bitdefender Scam Copilot detects and combats online scams

Autosummary: Key features and benefits include: Full scam and fraud protection – Scam Copilot provides comprehensive protection across digital environments, including web browsing, email (Gmail and Outlook), texting, chat apps (WhatsApp, Facebook Messenger, Telegram, Discord), push notifications, and calendar invites. "

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

Autosummary: " Another notable aspect is the broad targeting of TrickMo, gathering data from applications spanning multiple categories such as banking, enterprise, job and recruitment, e-commerce, trading, social media, streaming and entertainment, VPN, government, education, telecom, and healthcare. "

New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists

Autosummary: "

A new Linux variant of FASTCash malware targets financial systems

Autosummary: In October 2018, the US-CERT released a joint technical alert from the DHS, the FBI, and the Treasury warning about the ATM cash-out scheme, dubbed “FASTCash,” being used by the prolific North Korean APT hacking group known as Hidden Cobra (aka Lazarus Group and Guardians of Peace). "

Pokemon dev Game Freak discloses data breach

Autosummary: In 2020, Nintendo, another co-owner of Pokémon, suffered a data breach, with attackers leaking source code, internal documents, and development tools. "

OneSpan strenghtens banking security with phishing-resistant authentication

Autosummary: As a pioneer in authentication solutions for digital banking, OneSpan’s wide range of user authentication and digital transaction security solutions help customers safeguard digital accounts, secure financial transactions, and fight cybercrime. "

New FASTCash malware Linux variant helps steal money from ATMs

Autosummary: Once the manipulated message is sent back to the bank"s central systems containing the approval codes (DE38, DE39) and the amount (DE54), the bank approves the transaction, and a money mule acting on behalf of the hackers withdraws the cash from an ATM. "

Scammers target Airbnb and Booking.com users

Autosummary: In late 2023, after ESET Research had published its two-part series on Telekopye, Czech and Ukrainian police arrested tens of cybercriminals utilizing Telekopye, including the key players, in two joint operations. "

GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks

Autosummary: "In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and InlandRevenue were used instead of unknown, low-star repositories," Cofense researcher Jacob Malimban said. "

Internet Archive data breach, defacement, and DDoS: Users’ data compromised

Autosummary: The Internet Archive is a non-profit organization that provides free access to digitized materials – printed and audiovisual materials, music, podcasts, audio books, images, software – as well as the Wayback Machine, a massive collection of archived copies of web pages. "

Internet Archive suffers data breach and DDoS

Autosummary: The stolen database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. "

Fidelity Investments says data breach affects over 77,000 people

Autosummary: "

Marriott settles with FTC, to pay $52 million over data breaches

Autosummary: The exposed data included names, email addresses, postal addresses, phone numbers, dates of birth, and loyalty account information. "

Telekopye transitions to targeting tourists via hotel booking scam

Autosummary: Online marketplace scams Always verify the person you are talking with, mainly their history on the platform, age of their account, rating, and location – a location too far away, a fresh account with no history, or a bad rating might be indicators of a scammer. Throughout our tracking of Telekopye, we’ve observed that different Telegram groups implement their own advanced features into the toolkit, aimed at speeding up the scam process, improving communication with targets, protecting phishing websites against disruption by competitors, and other goals. Law enforcement operations In late 2023, after ESET Research had published its two-part series on Telekopye, Czech and Ukrainian police arrested tens of cybercriminals utilizing Telekopye, including the key players, in two joint operations. Telekopye groups have a business-like operation, with a clear hierarchy, defined roles, internal practices – including admission and mentoring processes for newcomers – fixed working hours, and commission payouts for Telekopye administrators.Telekopye is designed to target a large variety of online services in Europe and North America, such as OLX, Vinted, eBay, Wallapop, and others. Neanderthals – members of any Telegram group utilizing Telekopye – gain access to the bot’s UI, which enables simple generation of phishing emails, SMS messages, web pages, and other features. This makes the scam much harder to spot, as the information provided is personally relevant to the victims, arrives via the expected communication channel, and the linked, fake websites look as expected. While our previous research explored the technical and organizational background of Telekopye scams, our latest research describes the scammers’ various efforts to maximize their financial gains – expanding their victim pool, taking advantage of seasonal opportunities, and improving their tools and operations. The page contains prefilled information about a booking, such as the check-in and checkout dates, price, and location. We have described the groups’ various efforts to maximize their financial gains, including expanding their victim pool, taking advantage of seasonal opportunities, and improving their tools and operations. "

Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale

Autosummary: "

Internet Archive hacked, data breach impacts 31 million users

Autosummary: 9887370, internetarchive@scotthelme.co.uk,$2a$10$Bho2e2ptPnFRJyJKIn5BiehIDiEwhjfMZFVRM9fRCarKXkemA3PxuScottHelme,2020-06-25,2020-06-25,internetarchive@scotthelme.co.uk,2020-06-25 13:22:52.7608520,\N0\N\N@scotthelme\N\N\N Helme confirmed that the bcrypt-hashed password in the data record matched the brcrypt-hashed password stored in his password manager. "

Exposing the Facebook funeral livestream scam (Lock and Code S05E21)

Autosummary: Show notes and credits: Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Outro Music: “Good God” by Wowa (unminus.com) Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it. "

MoneyGram confirms customer data breach

Autosummary: Date of birth Social Security Numbers Government-issued identification documents (e.g. driver’s licenses) Other identification documents (e.g. utility bills) Bank account numbers MoneyGram Plus Rewards numbers Transaction information (such as dates and amounts of transactions) Criminal investigation information (such as fraud) MoneyGram says that only a limited number of customers’ Social Security numbers and criminal investigation information was taken. Initial investigations show the type of information stolen varies between different individuals, but may include: Names Contact information (phone number, email, physical address) Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. "

FBCS data breach impacted 238,000 Comcast customers

Autosummary: FBCS data breach impacted 238,000 Comcast customers Pierluigi Paganini October 07, 2024 October 07, 2024 238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. According to the agency, compromised information may include names, dates of birth, Social Security numbers, and account information. "

LEGO"s website hacked to push cryptocurrency scam

Autosummary: " According to LEGO Reddit moderator "mescad," the breach took place at 9 PM EST and lasted approximately 75 minutes until 10:15 PM ET, when the site was restored. "

Comcast and Truist Bank customers impacted by debt collector&#8217;s breach

Autosummary: The data breach occurred in February 2024 and the cybercriminals responsible for the incident gained access to: Full names Social Security Numbers (SSNs) Date of birth Account information and other provider information ID card and/or driver’s license Other state identification number Medical claims information Clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information. "

Universal Music data breach impacted 680 individuals

Autosummary: Universal Music data breach impacted 680 individuals Pierluigi Paganini October 07, 2024 October 07, 2024 Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. "

MoneyGram confirms hackers stole customer data in cyberattack

Autosummary: "

Comcast and Truist Bank customers caught up in FBCS data breach

Autosummary: Last April this year, FBCS informed of a data breach determined to have occurred between February 14 and February 26, 2024, when threat actors breached its network and stole the following details from its electronic records: Full name Social Security Number (SSN) Date of birth Account information Driver"s license number or ID card The data breach was initially believed to have impacted 1.9 million people, but subsequent findings upped the tally to 3.2 million in June and, finally, 4.2 million individuals in July. "

MoneyGram: No evidence ransomware is behind recent cyberattack

Autosummary: "After working with leading external cybersecurity experts, including CrowdStrike, and coordinating with U.S. law enforcement, the majority of our systems are now operational, and we have resumed money transfer services," says an email obtained by BleepingComputer. "

Spotting AI-generated scams: Red flags to watch for

Autosummary: If lighting looks off, with harsh contrasts or mismatched shadows, it could be a sign of manipulation), blurriness (Edges, where the face is swapped, may appear blurred, distorted, or pixelated, especially if the transition between the fake and real parts is not smooth), audio anomalies (If the voice sounds robotic, lacks emotion, or doesn’t match the speaking style of the person being imitated, it could be a fake). Therefore, if you receive a video or audio call, you need to pay attention to these red flags: strange facial movements (Look for unnatural expressions, mismatched lip movements, or awkward eye movement), inconsistent lighting (Natural videos typically have consistent lighting across a scene. "

INTERPOL Arrests 8 in Major Phishing and Romance Fraud Crackdown in West Africa

Autosummary: Adeagbo "conspired with others to participate in multiple cyber-enabled BEC schemes that defrauded a North Carolina university of more than $1.9 million, and attempted to steal more than $3 million from victim entities in Texas, including local government entities, construction companies, and a Houston-area college," the DoJ said. "

Browser Guard now flags data breaches and better protects personal data

Autosummary: And it’s precisely this data that advertisers want, as it helps them micro-target their ads to, say, new dads in Overland Park, Kansas, looking for a lawnmower, or, first-time homeowners in San Francisco needing a washer and dryer that fit in a small space. "

APT and financial attacks on industrial organizations in Q2 2024

Autosummary: The dropped stealer collects Telegram messenger configuration files, files with various extensions and from external media, data from browsers (Chrome, Opera, Yandex, Brave, Edge, etc.), as well as PowerShell usage logs and FileZilla and SSH configurations.Based on the accounts used to register Atera Agent and analyzed emails, researchers believe MuddyWater targeted the following types of organizations between October 2023 and April 2024: airlines, IT, telecommunications and pharmaceutical companies, automotive manufacturers, logistics companies, travel and tourism agencies, employment/immigration services, as well as small businesses. Hellhounds attacks Researchers at Positive Technologies have reported a continuation of attacks against Russian companies by the Hellhounds threat actor, with at least 48 companies attacked, including public sector, IT, aerospace, energy, transportation and logistics, and mining companies. Transparent Tribe attacks According to BlackBerry researchers, the threat actor Transparent Tribe (aka APT36, ProjectM, Mythic Leopard, Earth Karkaddan) is responsible for attacks carried out between late 2023 and April 2024 that targeted the Indian government, defense and aerospace sectors using cross-platform malware written in Python, Golang and Rust.The threat actor has targeted organizations in the government, telecoms, technology, aerospace, defense and utilities sectors in North America, Southeast Asia and Oceania, with other targets in Europe, Africa and elsewhere in Asia.The group also targeted organizations in Hong Kong, Malaysia, Laos, South Korea, the USA, Djibouti, Kenya, and Rwanda. Mustang Panda attacks In the first quarter of 2024, ESET researchers identified the presence of Chinese-language APT Mustang Panda (aka Stately Taurus, Bronze President, Earth Preta, HoneyMyte, Camaro Dragon, RedDelta)Since March 2024, Sapphire Werewolf has conducted more than 300 attacks against Russian organizations in the education, industrial, IT, military-industrial complex and aerospace sectors using the Amethyst stealer, which is based on the open-source program called SapphireStealer.Researchers associate Shedding Zmiy with the Cobalt ((ex)Cobalt) group, known since 2016, which, according to public reports, exclusively attacked credit and financial organizations, pursuing only material gain. RedJuliett attacks From November 2023 to April 2024, Insikt Group researchers identified cyber-espionage activities by RedJuliett targeting government, academic, technology (especially electronics), and diplomatic organizations in Taiwan. Moonstone Sleet attacks A new threat actor, dubbed Moonstone Sleet by Microsoft researchers (formerly tracked as Storm-1789), has been targeting individuals and organizations in the software, IT, education and defense industrial base sectors using social engineering tactics. SmallTiger malware attacks The AhnLab Security intelligence Center (ASEC) discovered cases where a downloader named SmallTiger was used to attack South Korean businesses, including defense contractors, automotive parts manufacturers, and semiconductor manufacturers, among other confirmed targets. "

Dutch Police: ‘State actor’ likely behind recent data breach

Autosummary: "

Fraudsters imprisoned for scamming Apple out of 6,000 iPhones

Autosummary: "

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations

Autosummary: Some of the other programs used in the intrusions are Mimikatz, Sliver, Chisel, PuTTY, Plink, Snap2HTML, and FastReverseProxy (FRP), all of which are either open-sourced or publicly available. "

Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials

Autosummary: A video uploaded to Vimeo in January 2021 shows that the service offers ready-to-use scam templates for various online sites like X, Facebook, Instagram, Skype, Yahoo, Netflix, Steam, Snapchat, and PayPal in English, Arabic, and French languages. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi, Howard Tong, and Alex Starov said in a technical report. "

Fake Disney+ activation page redirects to pornographic scam

Autosummary: Alureon Spyware With Child Pornography Download Detected“: The page contains a background image with pornographic material, as if it were from sites victims may have visited: Despite the scary warning page, this is all a scam and you do not need to call the phone number shown on screen. "

Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

Autosummary: “The personal information that was potentially impacted included first and last names with one or more of the following identifiers: Social Security Number, Date Of Birth, Driver’s License Number / State Id Number, Passport Number, Financial Account Number, Routing Number, Bank Name, Credit / Debit Card Number, Card CVV Expiration Date, Pin/Security Code, Login Information, Medical Diagnosis, Clinical Information, Medical Treatment/Procedure Information, Treatment Type, Treatment Location, Treatment Cost Information, Doctor’s Name, Medical Record Number, Patient Account Number, Prescription Information and/ or Biometric Data. Mālama investigated the security breach with external cybersecurity professionals, and on August 7, 2024, the experts determined that personal data may ‘have been subject to unauthorized access and acquisition between May 4, 2024 and May 7, 2024.’ "

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

Autosummary: "

Patelco Credit Union data breach impacted over 1 million people

Autosummary: Patelco Credit Union data breach impacted over 1 million people Pierluigi Paganini September 30, 2024 September 30, 2024 The ransomware attack on Patelco Credit Union this summer led to a data breach affecting over 1 million individuals, revealed the company. "

Crypto Scam App Disguised as WalletConnect Steals $70K in Five-Month Campaign

Autosummary: The campaign involved distributing a deceptive app that went by several names such as "Mestox Calculator," "WalletConnect - DeFi & NFTs," and "WalletConnect - Airdrop Wallet" (co.median.android.rxqnqb). "

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

Autosummary: Elliptic, another blockchain intelligence firm, said it"s aware of "thousands of additional addresses" connected to Cryptex, PM2BTC, PinPays, and Joker"s Stash, outside of the four cryptoasset addresses listed by the Treasury as tied to Cryptex. "

U.S. charges Joker"s Stash and Rescator money launderers

Autosummary: Notable platforms taken down as a result of the operation, codenamed "Final Exchange," include Xchange.cash, 60cek.org, Bankcomat.com, and Banksman.com, which collectively had over 1.2 million accounts and processed over 3.5 million transactions. "

Arkansas City water treatment facility switched to manual operations following a cyberattack

Autosummary: "

New Android banking trojan Octo2 targets European banks

Autosummary: Over the years, Octo malware campaigns targeted regions worldwide, including Europe, the USA, Canada, the Middle East, Singapore, and Australia. "

Romance scams costlier than ever: 10 percent of victims lose $10,000 or more

Autosummary: If you’ve been impacted by a romance scam, pig butchering, or crypto investment fraud, you can report the crime to the Internet Crimes Complaint Center (IC3), which is run by the FBI, or the FTC on its reporting and resources page. Demographics of romance scams The majority of survey respondents were subject to romance scam advances within the last year, with 37 percent saying it happened within the last six months, and an additional 15 percent saying it happened between six months and one year ago. Unfortunately, that leaves 26 percent engaging with romance scammers for more than two weeks, with 12 percent spending several months talking to pretend paramours, and 5 percent in a faux relationship for one year or more.In 2023, romance scam victims—not counting those who reported crypto investment fraud—lost a median of $2,000 per person, the highest reported losses for any form of imposter scam, according to the FTC. For a full breakdown of survey results, including demographics, scammer tactics, and financial and emotional impacts, read below. "

Expert Tips on How to Spot a Phishing Link

Autosummary: Complex URL with redirects In this case, after the initial "Google" in the URL, you see 2 other instances of "Google," which is a clear sign of a redirection attempt and misuse of the platform. Example: Suspicious page title along with broken Microsoft favicon analyzed inside ANY.RUN In this Safebrowsing session, you"ll notice how the page title and favicon don"t align with what you would expect from a legitimate Microsoft Office login page. Example: Interface elements mimicking Adobe PDF Viewer In this Safebrowsing session, attackers mimicked Adobe PDF Viewer, embedding its password input form. Example: Cloudflare verification abuse observed in ANY.RUN"s Safebrowsing session In this analysis session, attackers use Cloudflare verification as a deceptive layer in their phishing scheme to add legitimacy and obscure their malicious intent. "

MoneyGram confirms a cyberattack is behind dayslong outage

Autosummary: "Upon detection, we immediately launched an investigation and took protective steps to address it, including proactively taking systems offline, which impacted network connectivity. "

NICE Actimize Fraud Investigation combats fraud and financial crime

Autosummary: "

New Octo2 Android Banking Trojan Emerges with Device Takeover Capabilities

Autosummary: The new version has been codenamed Octo2 by the malware author, Dutch security firm ThreatFabric said in a report shared with The Hacker News, adding campaigns distributing the malware have been spotted in European countries like Italy, Poland, Moldova, and Hungary. "

U.S. govt agency CMS says data breach impacted 3.1 million people

Autosummary: "

A cyberattack on MoneyGram caused its service outage

Autosummary: A cyberattack on MoneyGram caused its service outage Pierluigi Paganini September 24, 2024 September 24, 2024 American peer-to-peer payments and money transfer company MoneyGram confirmed that a cyberattack caused its service outage. "

A generative artificial intelligence malware used in phishing attacks

Autosummary: A generative artificial intelligence malware used in phishing attacks Pierluigi Paganini September 24, 2024 September 24, 2024 HP researchers detected a dropper that was generated by generative artificial intelligence services and used to deliver AsyncRAT malware. "

OP KAERB: Europol dismantled phishing scheme targeting mobile users

Autosummary: Europol dismantled phishing scheme targeting mobile users Pierluigi Paganini September 21, 2024 September 21, 2024 A joint international law enforcement operation led by Europol dismantled a major phishing scheme targeting mobile users. "

Dell investigates data breach claims after hacker leaks employee info

Autosummary: "

Europol Shuts Down Major Phishing Scheme Targeting Mobile Phone Credentials

Autosummary: The phishing-as-a-service (PhaaS) platform, called iServer, is estimated to have claimed more than 483,000 victims globally, led by Chile (77,000), Colombia (70,000), Ecuador (42,000), Peru (41,500), Spain (30,000), and Argentina (29,000). iServer, per the Singapore-based company, offered a web interface that enabled low-skilled criminals, known as "unlockers," to siphon device passwords, user credentials from cloud-based mobile platforms, essentially permitting them to bypass Lost Mode and unlock the devices. "

Disney ditching Slack after massive July data breach

Autosummary: "

New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails

Autosummary: A fully-featured remote access trojan developed in Java, SambaSpy is nothing short of a Swiss Army knife that can handle file system management, process management, remote desktop management, file upload/download, webcam control, keylogging and clipboard tracking, screenshot capture, and remote shell. "

Walmart customers scammed via fake shopping lists, threatened with arrest

Autosummary: The call centre uses several different people, all who play a different role to process victims: the Walmart customer service representative the higher authority or “supervisor” a fake bank employee a fake FTC investigator When we called, the scammers claimed that our account had been used to transfer huge amounts of money to narco trafficking countries: Now, all the banking found which was created using your personal information are transferring huge amounts of money to the narco trafficking countries such as Columbia, Mexico, some Saudi Arabia countries and Columbia.Oddly enough, the scammer mentions there won’t be any taxes on the transaction, which really would be the last concern on someone’s about to be arrested: Yes, I know Sir, it’s not a checking account, it’s a Bitcoin wallet. Figure 1: A Google search for Walmart’s phone number on a mobile device Figure 2: A Google search for Walmart’s phone number on a desktop computer Walmart Lists In previous cases, we have seen malicious advertisers impersonate brands by displaying their official website in the ad URL. "

Chinese man charged for spear-phishing against NASA and US Government

Autosummary: Chinese man charged for spear-phishing against NASA and US Government Pierluigi Paganini September 17, 2024 September 17, 2024 US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. Air Force, Navy, Army, and the FAA. "

AT&T pays $13 million FCC settlement over 2023 data breach

Autosummary: The consent decree mandates AT&T to implement a comprehensive Information Security Program that includes broad customer data protection, improve its data inventory processes to track data shared with vendors, ensure that vendors follow retention and disposal rules for customer information (to limit the amount of customer data vulnerable to date breaches), and conduct annual compliance audits to assess AT&T"s compliance with these requirements. "

Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Autosummary: Dubbed Greasy Opal by Arkose Labs, the Czech Republic-based "cyber attack enablement business" is believed to have been operational since 2009, offering to customers a toolkit of sorts for credential stuffing, mass fake account creation, browser automation, and social media spam at a price point of $190 and an additional $10 for a monthly subscription. Over 36% of the attacks have singled out the business-and-economy sector, followed by financial services (12.9%), government (6.9%), health and medicine (5.7%), and computer and internet (5.4%). "

23andMe to pay $30 million in settlement over 2023 data breach

Autosummary: Genetic testing company 23andMe will pay $30 million to settle a class action lawsuit over a 2023 data breach which ended in some customers having information like names, birth years, and ancestry information exposed. "

Rain Technology protects consumers against visual hackers and snoopers at ATM terminals

Autosummary: “Businesses can foster trust and loyalty, improve the customer journey, protect physical safety, mitigate the risk of data breaches, and ensure regulatory compliance — a winning proposition that promotes a more secure, transparent and mutually beneficial relationship between businesses and their customers.Rain Technology announced ATM Switchable Privacy, designed to protect consumers against visual hackers and snoopers at ATM terminals in financial institutions, retail stores, restaurants, airports, and other public settings. "

23andMe to pay $30 million in genetics data breach settlement

Autosummary: "23andMe denies the claims and allegations set forth in the Complaint, denies that it failed to properly protect the Personal Information of its consumers and users, and further denies the viability of Settlement Class Representatives’ claims for statutory damages," the company said in the filed preliminary settlement. "

Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Autosummary: Our passwordless, phishing-resistant MFA allows users to log in with a touch or glance and supports the broadest range of operating systems on the market, including Windows, Android, macOS, iOS, Linux, and ChromeOS, so users can log in seamlessly no matter what device they prefer to use.The second benefit is that, as an application that lives on the device, it can provide real-time risk data about the device, such as firewall enabled, biometric-enabled, disk encryption enabled, and more. "

TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

Autosummary: Notable among the features are its ability to record screen activity, log keystrokes, harvest photos and SMS messages, remotely control the infected device to conduct on-device fraud (ODF), and abuse Android"s accessibility services API to carry out HTML overlay attacks as well as perform clicks and gestures on the device. "

Lehigh Valley Health Network hospital network has agreed to a $65 million settlement after data breach

Autosummary: In a data breach notification published on its website, the company reported that affected information varied by individual but potentially included some combination of the following data elements: names, addresses, phone numbers, medical record number, treatment and diagnosis information, including Current Procedural Terminology (CPT) codes, and health insurance information. "

Losses due to cryptocurrency and BEC scams are soaring

Autosummary: While these transfers can be reversed by banks if the victim acts quickly, and there are mechanisms for recovering large international wire transfers stolen from US victim bank accounts (e.g., the Financial Fraud Kill Chain, INTERPOL’s Global Rapid Intervention of Payments) and law enforcement teams that can help (e.g., FBI’s Recovery Asset Team), there was a 9% increase in identified global exposed losses between December 2022 and December 2023, according to the FBI. "

PartnerLeak scam site promises victims full access to &#8220;cheating&#8221; partner&#8217;s stolen data

Autosummary: Here’s how it works: Data Backup Access: You can download a backup from iCloud or Google, which includes: Device location tracking Movement history with timestamps Correspondence from popular messaging apps like Telegram, WhatsApp, and iMessage Photo and video materials stored on the smartphone Social Media Analysis: Utilizing AI and extensive data, our service can: Check user registration and analyze behavior on platforms like Facebook and Twitter Investigate activity on popular dating apps such as Tinder, AdultFriendFinder, Hinge, and OkCupid But since many victims, including our co-worker, used The Knot’s services, we contacted them and received this statement from a spokesperson: “We were notified of user concerns, and after investigation by our cybersecurity team, determined there is no evidence of unauthorized access to our systems.”(We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. "

Fortinet confirms data breach after hacker claims to steal 440GB of files

Autosummary: "

Scammers advertise fake AppleCare+ service via GitHub repos

Autosummary: Google, who reportedly paid Apple $20 billion to be the default search engine, will display results in Safari, along with ads, hence the lucrative partnership. Hey Siri, google “Apple phone support” While Apple products are designed with simplicity in mind, we’ve all come across an issue at some point that we need assistance with. "

New Android Malware "Ajina.Banker" Steals Financial Data and Bypasses 2FA via Telegram

Autosummary: Targets of the ongoing campaign include countries such as Armenia, Azerbaijan, Iceland, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan, Ukraine, and Uzbekistan. "

Cybersecurity giant Fortinet discloses a data breach

Autosummary: “An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number of Fortinet customers, and we have communicated directly with customers as appropriate,” a company spokesman told Cyber Daily. "

6 common Geek Squad scams and how to defend against them

Autosummary: If you think you’ve been scammed In the worst-case scenario, you may need to: Freeze your credit/debit cards, contact your bank/card provider and apply for new ones.Fake subscription renewal notice (Image source: Reddit) Invoice fraud: Similarly to the above, you receive an email containing a fake invoice for non-existent services rendered.In this variation, they’re from Geek Squad, and will trick you into giving them remote access to your computer, which they will use to download actual malware to search for sensitive personal and financial information.Here are the most common we’ve observed: Auto-renewal: You receive an email reminding you that a non-existent subscription to a Best Buy or Geek Squad service is coming to an end and will auto-renew unless you click a link. "

Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Autosummary: “Slim CD is providing individuals with information on how to place a fraud alert and security freeze on one’s credit file, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.” "

Payment provider data breach exposes credit card information of 1.7 million customers

Autosummary: The company said it is not aware of anyone yet using the exposed information: “Although Slim CD presently has no evidence that any such information has been used to commit identity theft or fraud, Slim CD is providing information about the event, Slim CD’s response, and resources available to individuals to help protect their information from possible misuse.” Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. A subsequent investigation by a third-party specialist revealed that cybercriminals had access to Slim CD’s systems for 10 months, between August 17, 2023, and June 15, 2024. "

Your partner “is cheating on you” scam asks you to pay to see proof

Autosummary: (We have all [his/her] address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all [his/her] contacts) and are willing to give you a full access to this data. Based on speculation among Reddit users, BleepingComputer contacted a wedding planning site called The Knot, which was listed as a possible source, but received no reply. "

Galileo delivers real-time fraud detection for fintechs, banks and businesses

Autosummary: As digital transactions surge and cyber threats evolve, these tools offer fintechs, financial institutions and businesses advanced real-time fraud detection and risk management capabilities, addressing an industry in which 63% of financial firms reported an increase in fraud, with digital channels contributing to half of the total fraud losses. Why GIVE and GScore matter The Galileo Instant Verification Engine and GScore empower financial institutions, fintechs and businesses to navigate the complexities of an increasingly digital financial landscape, reducing fraud, improving operational efficiency, and delivering a seamless customer experience across multiple payment channels. "

Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches

Autosummary: Not only do they monitor configurations, users, devices, and other elements of the SaaS stack, but they are essential in detecting all non-human identities, including shadow applications. Email security tools routinely scan email traffic, looking for malicious links, phishing attempts, malware attachments, and other email-borne threats.When shadow apps are in use, IT teams may be blind to potential threats, unable to detect unauthorized data transfers, or unaware of risks stemming from outdated or insecure applications. "

Phishing in focus: Disinformation, election and identity fraud

Autosummary: "

Payment gateway data breach affects 1.7 million credit card owners

Autosummary: "

Apple banks on AI to boost sales of new iPhone 16

Autosummary: Apple said its new phones, which come with longer lasting batteries, more powerful chips and enhanced privacy features, were its first built specifically to handle AI and its new "Apple Intelligence" tools, many of which were announced in June. "

North Korean Threat Actors Deploy COVERTCATCH Malware via LinkedIn Job Scams

Autosummary: "The actors may reference personal information, interests, affiliations, events, personal relationships, professional connections, or details a victim may believe are known to few others," the FBI said, highlighting attempts to build rapport and eventually deliver malware. "

Sextortion scam now use your "cheating" spouse’s name as a lure

Autosummary: We made a full backup of his disk (We have all his address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all his contacts) and are willing to give you full access to this data. Since then, scammers have created a wide variety of extortion email scams, including ones that pretend to be hitman contracts, bomb threats, CIA investigations, and threats of installing ransomware. "

Sextortion scams now use your "cheating" spouse’s name as a lure

Autosummary: We made a full backup of his disk (We have all his address book, social media, history of viewing sites, dating apps, all files, phone numbers, and addresses of all his contacts) and are willing to give you full access to this data. Since then, scammers have created a wide variety of extortion email scams, including ones that pretend to be hitman contracts, bomb threats, CIA investigations, and threats of installing ransomware. "

Car rental giant Avis discloses data breach impacting customers

Autosummary: "

Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

Autosummary: "

Car rental company Avis discloses a data breach

Autosummary: Car rental company Avis discloses a data breach Pierluigi Paganini September 06, 2024 September 06, 2024 Car rental giant Avis disclosed a data breach that impacted one of its business applications in August compromising customers’ personal information. "

Car rental giant Avis data breach impacts over 299,000 customers

Autosummary: According to data breach notification letters sent to impacted customers on Wednesday and filed with California"s Office of the Attorney General, the company took action to stop the unauthorized access, launched an investigation with the help of external cybersecurity experts, and reported the incident to relevant authorities after learning of the breach on August 5. "

How to avoid election related scams

Autosummary: With the US election campaigns at full throttle, scammers have taken a renewed interest in the ways this can be used to defraud people , often using the same tactics legitimate campaigns leverage for support (emails, text messages, phone calls, and social media pleas). Donate safely If you decide to sponsor a candidate, do not follow any links provided in text messages, emails, or on social media. A survey site that asks for personal details and credit card information Another method besides surveys are voter registration scams where the scammer poses as an election official and asks you to update your voter registration, or tell you that you can register to vote over the phone. "

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

Autosummary: Though Pegasus is indeed a powerfully invasive spyware tool, the threat of its use, as included in these scam emails, is entirely empty.It provides access to your webcam, messengers, emails, call records, etc. How to react to “Hello pervert” emails First and foremost, never reply to emails of this kind. "

A third of organizations suffered a SaaS data breach this year

Autosummary: When organizations implement SaaS apps, they see a surge in third-party integrations that deliver extended functionalities, automated workflows, unified data access, etc. "

Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users

Autosummary: " Some of the prominent targets of the malware include financial institutions such as Itaú Shop, Santander, with the phony apps masquerading as Bradesco Prime and Correios Celular, among others - Livelo Pontos (com.resgatelivelo.cash) Correios Recarga (com.correiosrecarga.android) Bratesco Prine (com.resgatelivelo.cash) Módulo de Segurança (com.viberotion1414.app) Source code analysis of the malware has revealed that Rocinante is being internally called by the operators as Pegasus (or PegasusSpy). "

U.S. oil giant Halliburton disclosed a data breach

Autosummary: “The Company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny.” continues the document. "

FTC: Over $110 million lost to Bitcoin ATM scams in 2023

Autosummary: Additionally, never withdraw cash in response to unexpected calls or messages, and never believe anyone who says you need to use a Bitcoin ATM, buy gift cards, or move money to protect your bank account or fix a problem. "

Business services giant CBIZ discloses customer data breach

Autosummary: "

Iranian cybercriminals are targeting WhatsApp users in spear phishing campaign

Autosummary: Other names for this group—depending on the vendor– are APT42, Storm-2035, Charming Kitten, Damselfly, Mint Sandstorm, TA453, and Yellow Garuda. "

Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000

Autosummary: "

How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back

Autosummary: But, we only really need to look at what recent high-profile breaches show us about how lucrative it can be for attackers to find ways to take over workforce identities in order to access web-based business applications – with the recent Snowflake attacks, going down as one of the biggest breaches in history, being the elephant in the room. Attackers are bypassing existing controls with ease Existing phishing prevention solutions have tried to solve the problem by protecting the email inbox, a common (but not the only) attack vector, and blocking lists of known-bad domains.Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. And even if they are reported, it"s trivial for attackers to obfuscate or change these components: You could look for known-bad URLs in emails, but these change for every phishing campaign. In this article, we"re going to look at what AitM phishing is, how it works, and what organizations need to be able to detect and block these attacks effectively. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. AitM and BitM attack and detection demo Check out the video below to see a demonstration of the Evilginx and EvilNoVNC phishing toolkits in action, as well as how browser-based security controls can be used to detect and block them before the phishing attack is completed. "

University criticised for using Ebola outbreak lure in phishing test

Autosummary: "

New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials

Autosummary: In April 2020, Group-IB detailed a campaign dubbed PerSwaysion that successfully compromised corporate email accounts of at least 156 high-ranking officers at various firms based in Germany, the U.K., the Netherlands, Hong Kong, and Singapore by using Sway as the jumping board to redirect victims to credential harvesting sites. "

Young Consulting data breach impacts 954,177 individuals

Autosummary: The ransomware gang claimed the theft of the following information: Business data (contracts, contacts, planning, presentations, etc) Employee data (passports, contracts, contacts, family details, medical examinations, etc) Financial data (audits, reports, payments, contracts, etc) other data taken from shares and personal folders The group added that top management completely refused to negotiate thinking that they were bluffing. "

Park’N Fly notifies 1 million customers of data breach

Autosummary: The firm, which also offers shuttle, car washing, and oil change services, operates facilities located near airports in Toronto, Vancouver, Montreal, Edmonton, and Ottawa. "

Microsoft Sway abused in massive QR code phishing campaign

Autosummary: "

SMS scammers use toll fees as a lure

Autosummary: Involved domains myturnpiketollservices[.]com nytollservices.com tollsinfosny[.]com tollsinfonyc[.]com bayareafastraktollservices[.]com intollroadacc219[.]com toll-sunpass[.]com tollnyezpassweb[.]com indiana260roadtollac[.]com inweb-tollroadtrust[.]com in-tollroadgouv1[.]com newyorktollroadtrust1[.]com nyserviceezpass[.]com intrust-tollroadweb[.]com sunspass[.]com sunspasstollsservices[.]com sunpasstollservices[.]com tollsbymailsny[.]com Several of these were hosted at the IP: 45.8.92[.]38 We don’t just report on phone security—we provide it Cybersecurity risks should never spread beyond a headline. "

TDECU data breach affects half a million people

Autosummary: Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.Since then it has gone through several mergers and acquisitions According to the data breach notification, the breach occurred on May 29, 2023, but wasn’t discovered until July 30, 2024.Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts. "

Patelco notifies 726,000 customers of ransomware data breach

Autosummary: "

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

Autosummary: Russian national arrested in Argentina for laundering money of crooks and Lazarus APT Pierluigi Paganini August 24, 2024 August 24, 2024 A Russian national was arrested in Argentina for laundering proceeds from illicit actors, including North Korea-linked Lazarus Group.Through our investigation, we were able to confirm that the Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $100 million of virtual currency from Harmony’s Horizon bridge reported on June 24, 2022.” "

Fraud tactics and the growing prevalence of AI scams

Autosummary: The rate of spam flag rate varies state by state, with Oklahoma, Indiana, and Ohio having the highest spam rates in H1, while Alaska, New York, and North Dakota had the lowest. "

Fake funeral “live stream” scams target grieving users on Facebook

Autosummary: Associated domains Fake streaming sites: Qtvlivestreamhd[.]com Hqonlivestream[.]xyz Visitpageaus[.]com Auseventstream[.]com Phishing sites: pbg4jptrk[.]com paperpadpen[.]com The National Association of Funeral Directors says: “You shouldn’t have to pay to view a funeral live stream and official links will be provided via the funeral director to the bereaved family.” Malwarebytes blocks pbg4jptrk.com Adding the domain to the exclusion list allowed me to follow through, and I ended up on a site that wants you to sign up for your “favorite movies” so that I could allegedly get full access. "

Phishing attacks target mobile users via progressive web applications (PWA)

Autosummary: Phishing attacks target mobile users via progressive web applications (PWA) Pierluigi Paganini August 23, 2024 August 23, 2024 Cybercriminals use progressive web applications (PWA) to impersonate banking apps and steal credentials from mobile users. For Android users, this can be a WebAPK, while for both iOS and Android users, it may be a Progressive Web Application (PWA). "

PWA phishing on Android and iOS – Week in security with Tony Anscombe

Autosummary: "

Android malware uses NFC to steal money at ATMs

Autosummary: The technique is based on a tool called NFCGate, designed by students at the Technical University of Darmstadt, Germany, to capture, analyze, or alter NFC traffic; therefore, we named this new malware family NGate,” says Lukáš Štefanko, who discovered the novel threat and technique.This means checking URLs of websites, downloading apps from official stores, keeping PIN codes secret, using security apps on smartphones, turning off the NFC function when it is not needed, using protective cases, or using virtual cards protected by authentication,” advises Štefanko. "

McAfee Deepfake Detector combats AI scams and misinformation

Autosummary: Availability and pricing McAfee Deepfake Detector is available for English language detection in select new Lenovo AI PCs3, ordered on Lenovo.com and select local retailers beginning August 21, 2024, in the US, UK, and Australia. "

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

Autosummary: "

Hackers steal banking creds from iOS, Android users via PWA apps

Autosummary: The malicious WebAPK (left) and the phishing login page (right) Source: ESET The appeal of using PWAs on mobile PWAs are designed to work across multiple platforms, so attackers can target a broader audience through a single phishing campaign and payload. "

Cybercriminals exploit file sharing services to advance phishing attacks