:Blog: – Page 5 – WindowsTechs.com

Autodesk hosting PDF files used in Microsoft phishing attacks

Posted on April 24, 2024 by Paul Mutton

Autodesk is hosting malicious PDF files that lead phishing attack victims to have their Microsoft login credentials stolen.

The elaborate phishing campaign behind these attacks is much more convincing than normal, as it uses compromised email accounts to find and attack new targets. These accounts are used to send phishing emails to existing contacts, using the sender’s real email signature footer.

One of the phishing emails, which links to a document shared on Autodesk Drive. The sender later confirmed their account had been compromised.

As was the case in this example, victims are much more likely to click on a shared document link when the email comes from a person or business they already work with, especially when the email is furnished with the signature and other contact details they would expect to see.

The link takes the victim to a PDF document hosted on the Autodesk Drive data sharing platform. This document includes the sender’s name and the company they work for, further leveraging the trust instilled by the existing business relationship with the sender.

The malicious PDF file hosted on Autodesk Drive.

The links in the phishing emails use the autode.sk URL shortener, which is powered by Bitly. Autodesk Drive is intended for sharing design files in the cloud, and supports a variety of 2D and 3D data files including PDFs. It is free to use when subscribing to other Autodesk products.

When the victim clicks on the large VIEW DOCUMENT button, they will be taken to a phishing site that impersonates the Microsoft login form.

One of the spoof Microsoft login forms used in these attacks.

After entering their username and password into the spoof form, the victim is redirected to a book about real estate investment, which is hosted on Microsoft’s OneDrive service. This may …

Continue reading Autodesk hosting PDF files used in Microsoft phishing attacks→

Two ransomware attacks in 2023 first disclosed in April — Kisco Senior Living, Blackstone Valley Community Health Care

Posted on April 22, 2024 by Dissent Doe PHD

Two more ransomware incidents that occurred in 2023 were disclosed this week. One was disclosed 10 months after the incident, and the other was disclosed 5 months after the incident. Kisco Senior Living On or about June 15, 2023, BlackByte claimed resp… Continue reading Two ransomware attacks in 2023 first disclosed in April — Kisco Senior Living, Blackstone Valley Community Health Care→

Valley Mountain Regional Center discloses a breach, but are patients still in the dark?

Posted on April 20, 2024 by Dissent Doe PHD

In November 2021, Valley Mountain Regional Center (VMRC) notified HHS that multiple employees were the victims of a phishing scheme that compromised the protected health information (PHI) of 17,197 individuals. They notified HHS, affected individuals, … Continue reading Valley Mountain Regional Center discloses a breach, but are patients still in the dark?→

Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack

Posted on April 20, 2024 by Dissent Doe PHD

Cannix Yau reports: Hong Kong health authorities have told a private hospital it has four weeks to submit a detailed report after it was hit by a malicious cyberattack and refused to pay a US$10 million ransom. The Department of Health said on Saturday… Continue reading Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack→

House votes in favor of curtailing government transactions with data brokers

Posted on April 18, 2024 by Dissent Doe PHD

Suzanne Smalley reports: The House passed a bill on Wednesday that would rein in the government’s ability to buy information about Americans from data brokers without a subpoena or warrant, with the vote coming in the face of intense backlash from Bide… Continue reading House votes in favor of curtailing government transactions with data brokers→

Ie: Authorities investigating ransomware attack on charity that works with vulnerable children

Posted on April 17, 2024 by Dissent Doe PHD

The Journal reports: A police investigation has been launched after a charity that works with vulnerable children suffered a data breach in a ransomware attack. Extern, a cross-border social justice charity with offices in Belfast and Co Kildare, has c… Continue reading Ie: Authorities investigating ransomware attack on charity that works with vulnerable children→

MGM Resorts sues FTC, agency chair over cyberattack investigation

Posted on April 15, 2024 by Dissent Doe PHD

It’s not the first time a big hospitality chain has pushed back against the Federal Trade Commission in an investigation over a data breach, but it’s happening again. Richard N. Velotta reports that MGM Resorts International has sued the FT… Continue reading MGM Resorts sues FTC, agency chair over cyberattack investigation→

‘Large-scale cyberattack’ hits five French municipalities, impact may last ‘months’

Posted on April 14, 2024 by Dissent Doe PHD

Alexander Martin reports: Five municipalities near the river Loire on the west coast of France have been hit by a “large-scale cyberattack” on their shared computer servers, leaving staff without the ability to access documents or get on with their wor… Continue reading ‘Large-scale cyberattack’ hits five French municipalities, impact may last ‘months’→

Small physician groups particularly vulnerable after Change Healthcare cyberattack; some consider bankruptcy

Posted on April 13, 2024 by Dissent Doe PHD

Marty Stempniak reports that physician practices are struggling from the financial impact of the Change Healthcare cyberattack in February. Smaller physician practices may be particularly hard-hit, with some considering closing, according to new data f… Continue reading Small physician groups particularly vulnerable after Change Healthcare cyberattack; some consider bankruptcy→

The AI Gold Rush: ChatGPT and OpenAI targeted in AI-themed investment scams

Posted on April 10, 2024 by Harry Freeborough

Investment scams and AI – a match made in heaven?

Online investment scams are a big money spinner for criminals, accounting for $4.6B of losses in the US. With the explosion of interest in artificial intelligence (AI) following the release of OpenAI’s ChatGPT in late 2022, it was perhaps inevitable that criminals would look to jump on the bandwagon to promote a new generation of bogus investment products that claim to “harnesses the power of AI.”

Netcraft has uncovered a range of malicious sites using ChatGPT and OpenAI-themed content to attract would-be investors looking to take advantage of the rise of generative AI. Many tout the use of “advanced trading technology,” promising outlandish returns, and feature bogus success stories. Once lured in, would-be investors are tricked into making payments that inevitably never result in the promised returns.

In this blog, we’ll walk through some of the examples we’ve found.

“ChatGPT platform” with fake Sam Altman and Elon Musk videos

One such investment scam campaign blatantly impersonates ChatGPT, claiming to be powered by the popular generative AI platform, allowing it to “imitate the thinking of analysts.” Seeking to establish credibility, this scam claims more than 1 million registered users and $68 million invested each month. Particularly implausible, given the domain name had been registered eight days prior.

Figure 1 Fake investment platform masquerading as ChatGPT – hxxps://lifecovewe[.]world.

The site also includes a poorly crafted video that attempts to fool the visitor into thinking it is a genuine endorsement from Sam Altman (the CEO of OpenAI). It espouses the increasing power of machine learning, with the tool being able to “analyze the market situation and correlate data in real-time”. With rapid progress being made with deepfakes, it is only a matter of time before videos created by criminals …

Continue reading The AI Gold Rush: ChatGPT and OpenAI targeted in AI-themed investment scams→