"As far back as 2018, Interisle found .US domains were the worst in the world for #spam, botnet (attack infrastructure for DDOS etc.) and illicit or harmful content"
#Cybersecurity#Phishing#Scams#Montenegro: "“Howdy Joseph,” the July email I got from Zdravko Krivokapić, who was the Prime Minister of Montenegro until last year, read.
Obviously, this wasn’t actually Krivokapić emailing me. Instead, it was a hacker who had gained access to what seemed to be Krivokapić’s personal Gmail account. The hackers proceeded to send me a mass of alleged documents from the government of Montenegro, including some related to the country’s Ministry of Finance. Alongside those, the hacker also sent photos of cash, flashy watches, and weapons, which appear to be from the hacker’s own collection and not the former Prime Minister’s.
Beyond wanting to flex their access to Krivokapić’s account, the hacker said they might use the compromised email to then target other services, using the former Prime Minster’s identity as a cover."
#phishing email that arrives initially encrypted, but once decrypted, is a legitimate link to #adobe document online storage. That document contains a link to a phishing domain that is typosquatting the previous victim's domain.
Normal "checks" fail to catch this:
Email has the legitimate headers and such of the sender (who has been previously compromised).
The initial document link uses correct language and theming from Adobe's document site
The Adobe URL is an actual "adobe.com" link.
It wasn't until you get a few layers deep that you encounter something odd.
Pretty bad #phishing scam in my email today. The letter claims to be from #Youporn and asserts that my image has been used in porn on their site, and that they won't remove it unless I pay them significant money in Bitcoin to the wallet linked. I happen to be fairly alert to these #scams, but this could fool someone who has sexted with an ex who they now are on bad terms with. I tried to report it to Youporn, but their contact form is thoroughly broken.
🔐 Exciting News! Get ready for an all new podcast episode that dives into the world of cybersecurity and online safety!🌐 Here's what's on this week's episode:
🔒 Back-to-School Cybersecurity Tips
As schools gear up for a new year, digital security takes center stage. We discuss crucial cybersecurity tips that educational institutions and students must know to safeguard sensitive data and protect against cyber threats.
💡 Avoiding Malicious Links & Phishing Scams
Phishing attacks are on the rise, and it's essential to be proactive. Learn 4 key strategies to outsmart malicious links and avoid falling into the traps of scams.🛡️
🚫 The X Update: Changes to Blocking Content
X (formerly Twitter) users will experience a significant change in blocking users. Tune in to our podcast episode to explore the safety implications and its impact on the platform's safety features.
🎙️ Tune in this week for an insightful discussion, packed with practical tips to keep you secure in today's digital age!
Thank you to @hacks4pancakes for spending the time to organize this with volunteers and GREAT GIGANTIC THANK YOU to the Speakers and the patience while these vidoes were processed and posted.
For anyone at @BlueTeamCon who wants to understand why many forms of MFA are not phishing-resistant and why passkeys/FIDO2 are, tomorrow at 12:20pm during lunch in the #unconference room I’ll be delivering an impromptu session on #phishing resistant authentication, including a live demo of #evilginx.
In fünf Webinaren vom 23.10. bis 27.11.2023 lernen IT-Verantwortliche und Admins von den Profis der SySS GmbH, Hackern stets einen Schritt voraus zu sein.
Achtung #Servicehinweis für alle Nutzenden von #tutanota@Tutanota :
Aktuell sind #Phishing-#EMails mit offenen Rechnungsposten unterwegs. Dabei stammt die angezeigte Absenderadresse aus AT (Österreich).
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #33/2023 is out! It includes the following and much more:
➝ 🇬🇧 👮🏻♂️ #Norfolk and #Suffolk police: Victims and witnesses hit by #databreach
➝ 💬 🔓 #Discord.io confirms breach after hacker steals data of 760K users
➝ 🇺🇸 🏥 #Health plan provider PH TECH joins MOVEit victim list, 1.7 million exposed
➝ 🌍 👮🏻♂️ #Interpol arrests 14 suspected cybercriminals for stealing $40 million
➝ 🇮🇷 #Iran and the Rise of Cyber-Enabled Influence Operations
➝ 🎣 📨 Major U.S. energy org targeted in QR code #phishing attack
➝ 🦠 💸 Jon DiMaggio’s demystifying #LockBit’s Secrets in his latest Ransomware Diaries Vol. 3
➝ 🔓 🎠 Approximately 2000 #Citrix NetScalers backdoored in mass-exploitation campaign
➝ 🇮🇷 Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks
➝ 🇺🇸 💸 #FBI warns of increasing #cryptocurrency recovery scams
➝ 🇵🇱 👮🏻♂️ #LOLEKHosted admin arrested for aiding Netwalker ransomware gang
➝ 🇷🇺 👨🏻⚖️ #Russia slaps #Reddit, #Wikipedia with fines
➝ 🇨🇳 ⚡️ #Tesla reassures Chinese users on #datasecurity amid spying concerns
➝ 🇮🇱 🇺🇸 #Israel, US to Invest $4 Million in Critical Infrastructure Security Projects
➝ 💸 🐈⬛ New #BlackCat Ransomware Variant Adopts Advanced Impacket and RemCom Tools
➝ 🦠 🦝 Raccoon Stealer #malware returns with new stealthier version
➝ 💸 🐧 Monti #Ransomware Returns with New #Linux Variant and Enhanced Evasion Tactics
➝ 🏴☠️ 💻 Over 120,000 Computers Compromised by Info Stealers Linked to Users of #Cybercrime Forums
➝ 🤖 🌪️ Google Brings AI Magic to Fuzz Testing With Eye-Opening Results
➝ 🔑 #Google Introduces First #Quantum Resilient #FIDO2 Security Key Implementation
➝ 🐮 👀 Cult of the Dead Cow releases #Veilid: A secure open-source Peer-to-Peer network for apps that flips off the surveillance economy
➝ 📱 Threat actors use beta apps to bypass mobile app store security
➝ 🛰️ ☠️ How a hacking crew overtook a #satellite from inside a Las Vegas convention center and won $50,000
➝ 🃏 🔓 How to hack #casino card-shuffling machines
➝ 🇫🇷 🏧 Iagona ScrutisWeb Vulnerabilities Could Expose #ATM's to Remote Hacking
📚 This week's recommended reading is: "The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage" by Clifford Paul "Cliff" Stoll
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Citing EU #GDPDR rules and looking like a standard notification of ToS, the #cybercriminal has invested a lot of work in the quite authentic looking website.
Block the domain and inform your IT security.
Good luck!
noreply@email.zoominformation.com
Also; ZOOM changed its Terms of Service on 04/01/2023. - You have now agreed that they may use all your data generated while using their app, including the training of LLMs. Check the ToS, Sect.10
LKA warnt vor Betrugsmasche mit Bezug auf Steuer-Bescheid und-Betrug
E-Mails mit Bezug auf Steuerbescheid, -betrug oder Einkommenssteuer, vorgeblich etwa von "Steuerbehörden", machen die Runde, warnt das LKA Niedersachsen.
“I hacked all the atms in vegas and took everyones money!” Lolololol (guy 1)
“I hacked the pacemakers and #killed all the boomers!” Lolololol (guy 2)
“I caused horrible chaos to everyone in vegas by sending millions of #phishing texts!” lololol (guy 3)
“I took my cab drivers money lololol i have a tiny dick!” (Guy 4)
Zahl der Cyberangriffe in Deutschland weiterhin auf hohem Niveau
Was die BKA-Statistik erfasst, ist nur "die Spitze des Eisbergs" - doch auch die ist schon beachtlich: 136.865 Fälle von Cyberkriminalität registrierte das BKA 2022. Gerade Erpressung mit Ransomware könne "existenzbedrohend" sein.
@tagesschau Diese elenden #Kleptokraten von der #Tagesschau! Geld kassieren, das im #Schutzgeldverfahren eingezogen wird, aber gar nicht daran denken, eine entsprechende Gegenleistung zu erbringen. Das Mindeste wäre, sich schlau zu machen, was #Phishing wirklich bedeutet. Aber das würde ja ein Mindestmaß an Kompetenz in Sachen #Cybersicherheit bedeuten, und die ist in der Redaktion der Tagesschau offensichtlich unerwünscht. Kein Wunder, dass die #Cyberkriminalität hoch bleibt.
I don't use #Paypal. But I use the <phishing@paypal.com> email address several times a week. If you receive Paypal-related #phishing attempts, forward them to that address.
Odd mixed feelings: I shun Paypal, partly because of the nonstop phishing and partly because of the #ElonMusk connection. But I appreciate the phishing alert email address.
Dass die EU-Kommission die Totalüberwachung und digitale
Kontrolle im Internet genauso wie im Alltag, an ihren Außengrenzen zur Bekämpfung von fliehenden Menschen und im Inneren u.a. für den Datenkapitalismus weiter ausbaut, ist nichts Neues. Nicht nur besteht sie aus stramm neoliberalen, autoritären Politiker*innen, die schon zuvor immer wieder mit repressiven Vorhaben angekommen sind, es geht allgemein mit dem Überwachungs- und Krisenkapitalismus auch eine autoritäre Transformation einher.
Als Antiautoritäre stellen wir uns diesen Entwicklungen und Allen, die sie voranbringen wollen, entschlossen entgegen!
"Die französische Regierung will Zensurmechanismen auf Browser-Ebene einführen. #Mozilla, bekannt für seinen Firefox-Browser, fürchtet eine dystopische Technik, die autoritären Regimen die Zensur erleichtert.
(...)
„Dass eine Regierung anordnen kann, dass eine bestimmte Website in einem Browser/System überhaupt nicht geöffnet wird, ist Neuland, und selbst die repressivsten Regime der Welt ziehen es bisher vor, Websites weiter oben im Netz (Internetanbieter usw.) zu blockieren“, schreibt Mozilla.
Auch wenn die Technik heute in Frankreich vielleicht nur für #Malware und #Phishing genutzt werden würde, entstünde ein Präzedenzfall und die technische Voraussetzung in Browsern für Zensur. „Eine Welt, in der Browser gezwungen werden können, eine Liste verbotener Websites auf Software-Ebene zu integrieren, die sich weder in einer Region noch weltweit öffnen lassen, ist eine beunruhigende Aussicht, die ernste Bedenken hinsichtlich der Meinungsfreiheit aufwirft“, schreibt Udbhav Tiwari. Mozilla fürchtet, dass das Gesetz es dann in Zukunft Browsern schwer machen würde, solche Anfragen von anderen Regierungen abzulehnen." https://netzpolitik.org/2023/gefaehrlicher-praezedenzfall-neues-gesetz-in-frankreich-will-browser-zur-zensur-verpflichten/ #Autoritarisierung#Antireport#Netzpolitik