Collaborate Disseminate
North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago, according to BioCatch. The data shows scams now represent 23% of all digital banking fraud. Growing danger of deepfake and… Continue reading Social engineering scams sweep through financial institutions
Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta u… Continue reading Black Basta operators phish employees via Microsoft Teams
Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) &… Continue reading Fake Google Meet pages deliver infostealers
T-Mobile has agreed to invest $15.75 million in cybersecurity and pay $15.75 million to settle an FCC investigation into four data breaches.
The post T-Mobile to Pay Millions to Settle With FCC Over Data Breaches appeared first on SecurityWeek.
Continue reading T-Mobile to Pay Millions to Settle With FCC Over Data Breaches
Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers,… Continue reading Transportation, logistics companies targeted with lures impersonating fleet management software
Hackers stole $243M from a single victim by posing as Google and Gemini support, resetting 2FA to access… Continue reading Hackers Posed as Google Support to Steal $243 Million in Crypto
This is really interesting.
It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line.
Clever.
Continue reading Clever Social Engineering Attack Using Captchas
Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article
These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS…
Continue reading Python Developers Targeted with Malware During Fake Job Interviews
Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware. From a news article
These particular attacks from North Korean state-funded hacking team Lazarus Group are new, but the overall malware campaign against the Python development community has been running since at least August of 2023, when a number of popular open source Python tools were maliciously duplicated with added malware. Now, though, there are also attacks involving “coding tests” that only exist to get the end user to install hidden malware on their system (cleverly hidden with Base64 encoding) that allows remote execution once present. The capacity for exploitation at that point is pretty much unlimited, due to the flexibility of Python and how it interacts with the underlying OS…
Continue reading Python Developers Targeted with Malware During Fake Job Interviews
“North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a public service announcement. This suggests … Continue reading North Korean hackers’ social engineering tricks