Interesting, heard about someone who almost had their work direct deposit changed... Someone set up a gmail account with their name and emailed HR of their employer and asked them to change their direct deposit to an account (that was NOT THEIRS). Worth keeping an eye on that one. #cybersecurity#phishing#scam
Important Security Notice: WordPress administrators being actively targeted with phishing campaign
It has come to our attention that a fraudulent phishing campaign is actively targeting administrators of WordPress websites.
The attackers are sending emails with the subject line "URGENT: Vulnerability found - Your website [DOMAIN] is at risk!" The email claims to be from the WordPress Security Team and insists on addressing a critical Remote Code Execution (RCE) vulnerability affecting your website. It urges users to download a plugin labelled as "CVE-2024-46188 Patch" to mitigate the alleged threat.
Organizations on average experience 700+ social engineering attacks a year.
Dardan Prebreza is your host as we explore #socialengineering stages from planning to execution, common #phishing techniques, and the necessity of ongoing vigilance and proactive strategies to combat this pervasive issue. Don't miss out!
The growing abuse of QR codes in malware and payment scams prompts FTC warning
The US Federal Trade Commission has become the latest organization to warn against the growing use of QR codes in scams that attempt to take control of smartphones, make fraudulent charges, or obtain personal information.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #01/2024 is out! It includes the following and much more:
➝ 🇺🇸 🖼️ MAJOR US #MUSEUMS SUFFER #CYBERATTACK FALLOUT
➝ 🇪🇸 📡 A “ridiculously weak“ password causes disaster for #Spain’s No. 2 mobile carrier
➝ 🔓 🧬 #23andMe tells victims it’s their fault that their data was breached
➝ 🔓 💸 #OrbitChain loses $86 million in the last #fintech hack of 2023
➝ 🔓 🅿️ Europe’s Largest Parking App Provider Informs Customers of Data Breach
➝ 💸 🙊 #Crypto wallet founder loses $125,000 to fake airdrop website
➝ 🇺🇸 ⚖️ US Says 19 People Charged Following 2019 Takedown of #xDedic Cybercrime Marketplace
➝ 🇵🇸 🇮🇱 Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks
➝ 🔓 ❌ Hacked #Mandiant X Account Abused for #Cryptocurrency Theft
➝ 🇳🇬 🇺🇸 ⚖️ Nigerian hacker arrested for stealing $7.5M from charities
➝ 🇦🇱 📡 Albanian Parliament and One Albania Telecom Hit by Cyber Attacks
➝ 🇺🇸 The FBI is adding more cyber-focused agents to U.S. embassies
➝ 🇺🇸 ⚖️ Former #BreachForums admin to be jailed until Jan. 19 sentencing
➝ 🇺🇸 💰 DOJ Slams #XCast with $10 Million Fine Over Massive Illegal Robocall Operation
➝ 📷 🥸 #Google Contractor Pays Parents $50 to Scan Their Childrens' Faces
➝ 💰 🥸 Google Settles $5 Billion #Privacy Lawsuit Over Tracking Users in 'Incognito Mode'
➝ 🇨🇳 🗳️ #Taiwan to reveal Chinese election interference after Saturday’s vote
➝ 🦠 💰 #Merck Settles #NotPetya Insurance Claim, Leaving #Cyberwar Definition Unresolved
➝ 🦠 🇰🇵 SpectralBlur: New #macOS Backdoor Threat from North Korean Hackers
➝ 🦠 🐍 3 Malicious #PyPI Packages Found Targeting #Linux with Crypto Miners
➝ 🦠 🎠 New Bandook #RAT Variant Resurfaces, Targeting #Windows Machines
➝ 🦠 🎠 UAC-0050 Group Using New #Phishing Tactics to Distribute Remcos RAT
➝ 🦠 🇺🇦 CERT-UA Uncovers New #Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
➝ 🔓 🦠 Free Decryptor Released for #BlackBasta Ransomware
➝ 🐛 📨 #SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof #Emails
➝ 🩹 #Ivanti warns critical EPM #bug lets hackers hijack enrolled devices
➝ 🩹 Google Patches Six Vulnerabilities With First #Chrome Update of 2024
➝ 🩹 🐡 Millions still haven’t patched #Terrapin SSH protocol #vulnerability
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Last year’s highlights…my team started to come out of our shell with a commitment to publishing high end original research on topics related to DNS threats
that were not covered by others…we’ve got big plans for 2024!
Decoy Dog was the first time an APT DNS malware was detected and reverse engineered from DNS query-response data…we got the actors to respond to us, and picked up some file samples later but this was a DNS story through and through
Open Tangle was the first publication of a dedicated lookalikes phishing DNS threat actor operating for over 4 years
We introduced the DNS threat actor technique of registered domain generation algorithms (RDGA) to evade detection
Prolific Puma was the first report of a malicious link shortener (and they use RDGA)
and we discovered that they had circumvented of the usTLD privacy regulations to boot…
Enter any post code, and it'll then say that one needs to pay to reschedule a delivery---I assume to get ones credit/debit card details. Please beware of this website.
Uh, das ist ja mal eine richtig gut gemachte #Phishing Mail. Wäre jetzt noch die Sendeadresse ordentlich gespoofed worden wäre das echt überzeugend gewesen - der Button zeigt offenkundig natürlich mal wieder sonstwo hin.
Wobei das Spoofing wiederrum wohl den Spamfilter getriggered hätte, ohne erreichen sie vmtl. mehr Leute. 🤔
While the malware is capable of collecting files of interest and system information, it lacks some features found in advanced stealer malware in the cybercrime underground.
Etsy has a huge phishing problem and they know it. But their countermeasures are completely inadequate. The picture shows just some of the phishing messages my wife has received in the last days, and with Etsy in the name and avatar they could easily be detected and automatically blocked.
Threat actors using Google Ads to lure people to fake Kinsta pages in an effort to steal hosting credentials. Be careful of where you click, even on "trusted" pages like Google search results.
Generally, it's best to avoid clicking on sites in the sponsored results of Google (or any search engine, really).
Using an adblocker prevents this section from loading in most cases.