Collaborate Disseminate
A phishing campaign leveraging the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers at over 100 organizations around the world. The rise of phishing-as-a-service As o… Continue reading Microsoft 365 accounts of execs, managers hijacked through EvilProxy
A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among t… Continue reading 0mega ransomware gang changes tactics
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a legitimate but inac… Continue reading Kodi forum breach: User data, encrypted passwords grabbed
A new Chrome extension promising to augment users’ Google searches with ChatGPT also leads to hijacked Facebook accounts, Guardio Labs researchers have found. While this specific trick isn’t new, this time around the extension also worked a… Continue reading Fake ChatGPT for Google extension hijacks Facebook accounts
A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet’s secret recovery phrase. Attention @Namecheap users: be wary of suspicious emails claiming to be from DHL. #phishing scams are rampant and it’s crucial to keep your personal information safe. Time for #Namecheap to enhance their security measures. #cybersecurity #emailscams pic.twitter.com/kTPvY90b7d — Gbenga (@lemogbenga) February … More
The post DHL, MetaMask phishing emails target Namecheap customers appeared first on Help Net Security.
Continue reading DHL, MetaMask phishing emails target Namecheap customers
The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it … Continue reading CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie
Since the early stages of the pandemic, account takeover fraud (ATO) has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synth… Continue reading How an effective fraud prevention strategy can force fraudsters to invest more in their attacks
Imperva releases The State of Security Within eCommerce 2022 report, a 12-month analysis by Imperva Threat Research of cybersecurity threats targeting the retail industry. Retail industry cybersecurity threats A range of automated threats – from … Continue reading API abuses and attacks create new challenges for retailers
Dropbox has suffered a data breach, but users needn’t worry because the attackers did not gain access to anyone’s Dropbox account, password, or payment information. Instead, they grabbed code from 130 of the company’s private repositories h… Continue reading 130 Dropbox code repos plundered after successful phishing attack
The Identity Theft Resource Center (ITRC) has published a research that shows nearly 40 percent of ITRC victims say their personal information was stolen, compromised or misused in the past year. This Help Net Security video provides information how so… Continue reading Emotional and physical effects of identity theft are on the rise