#phishing
#phishing

Information security

Low-level cybercriminals are pouncing on CrowdStrike-connected outage

Cybercriminals exploited a faulty CrowdStrike software update with malware and phishing attacks, including a data wiper incident. [ more ]

WIRED

2 days ago

Information security

A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub

A secretive network of 'ghost' accounts on GitHub manipulates pages to promote malware using GitHub's tools and community functions. [ more ]

www.nytimes.com

6 days ago

Information security

How to Guard Against Scams Tied to the CrowdStrike Crash

Scammers took advantage of CrowdStrike cybersecurity crash to launch fraudulent schemes [ more ]

Theregister

Information security

FlyingYeti phishing crew grounded after failed Ukraine ops

Cloudflare's threat intel team prevented a phishing attack targeting financially vulnerable citizens in Ukraine attributed to the Russia-aligned gang FlyingYeti. [ more ]

The Hacker News

10 hours ago

Information security

This AI-Powered Cybercrime Service Bundles Phishing Kits with Malicious Android Apps

Cybercriminal group GXC Team bundles phishing kits with Android malware, enhancing MaaS offerings. [ more ]

The Hacker News

17 hours ago

Information security

CrowdStrike Warns of New Phishing Scam Targeting German Customers

CrowdStrike warns of a new threat actor piggybacking on Falcon Sensor update issues to target German customers. [ more ]

CyberScoop

Information security

Low-level cybercriminals are pouncing on CrowdStrike-connected outage

Cybercriminals exploited a faulty CrowdStrike software update with malware and phishing attacks, including a data wiper incident. [ more ]

WIRED

2 days ago

Information security

A Hacker 'Ghost' Network Is Quietly Spreading Malware on GitHub

A secretive network of 'ghost' accounts on GitHub manipulates pages to promote malware using GitHub's tools and community functions. [ more ]

www.nytimes.com

6 days ago

Information security

How to Guard Against Scams Tied to the CrowdStrike Crash

Scammers took advantage of CrowdStrike cybersecurity crash to launch fraudulent schemes [ more ]

Theregister

Information security

FlyingYeti phishing crew grounded after failed Ukraine ops

Cloudflare's threat intel team prevented a phishing attack targeting financially vulnerable citizens in Ukraine attributed to the Russia-aligned gang FlyingYeti. [ more ]

morecybersecurity

#cyber-security

ITPro

Information security

Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network

Cyber criminals are targeting companies affected by IT outages with fake fixes, distributing malware through phishing attacks. [ more ]

ComputerWeekly.com

Privacy professionals

Security Think Tank: The phishing forecast for 2024 | Computer Weekly

Phishing campaigns leveraging AI capabilities expected to increase in 2024.

Automation behind cyber attacks and AI will continue to expand, allowing for more sophisticated targeted attacks. [ more ]

ITPro

Information security

Hackers are creating fake CrowdStrike recovery resources to trick businesses into loading malware onto their network

Cyber criminals are targeting companies affected by IT outages with fake fixes, distributing malware through phishing attacks. [ more ]

ComputerWeekly.com

Privacy professionals

Security Think Tank: The phishing forecast for 2024 | Computer Weekly

Phishing campaigns leveraging AI capabilities expected to increase in 2024.

Automation behind cyber attacks and AI will continue to expand, allowing for more sophisticated targeted attacks. [ more ]

morecyber-security

#scams

time.com

5 days ago

Information security

How to Protect Yourself From Scams Following the CrowdStrike Microsoft IT Outage

The Microsoft IT Outage was caused by a third-party cybersecurity technology company and not a cyberattack, resulting in warnings about potential scams. [ more ]

BKReader

Information security

Top 10 Tips for Seniors to Defend Against Scammers

Seniors are frequent targets of scammers due to trust and digital unfamiliarity. [ more ]

time.com

Information security

Beware of Fake USPS Text Messages

Be cautious of unfamiliar USPS delivery text links; USPS does not send unsolicited texts with links. Report smishing incidents to spam@uspis.gov. [ more ]

time.com

5 days ago

Information security

How to Protect Yourself From Scams Following the CrowdStrike Microsoft IT Outage

The Microsoft IT Outage was caused by a third-party cybersecurity technology company and not a cyberattack, resulting in warnings about potential scams. [ more ]

BKReader

Information security

Top 10 Tips for Seniors to Defend Against Scammers

Seniors are frequent targets of scammers due to trust and digital unfamiliarity. [ more ]

time.com

Information security

Beware of Fake USPS Text Messages

Be cautious of unfamiliar USPS delivery text links; USPS does not send unsolicited texts with links. Report smishing incidents to spam@uspis.gov. [ more ]

morescams

#authentication

The Verge

Information security

Yubico bolsters authentication security with updated YubiKey 5 series devices

Yubico launching refreshed security keys with 5.7 firmware to enhance security features and move away from password-based protections. [ more ]

TechRepublic

Information security

What is a Passkey? Definition, How It Works and More

Passkeys combine private and public cryptographic keys for authentication.

Passkeys are phishing-resistant and eliminate the need for complex passwords. [ more ]

The Verge

Information security

Yubico bolsters authentication security with updated YubiKey 5 series devices

Yubico launching refreshed security keys with 5.7 firmware to enhance security features and move away from password-based protections. [ more ]

TechRepublic

Information security

What is a Passkey? Definition, How It Works and More

Passkeys combine private and public cryptographic keys for authentication.

Passkeys are phishing-resistant and eliminate the need for complex passwords. [ more ]

moreauthentication

#google

Mail Online

Information security

Hackers are using fake Facebook ads to steal bank account details

Cyberattack targets Facebook users with phishing ads disguised as 'sponsored' Google links. [ more ]

Engadget

Privacy professionals

Safe Browsing on Google Chrome adds real-time protection against malicious sites

Google updates Safe Browsing mode in Chrome to check sites against a real-time server-side list of known unsafe sites.

Real-time URL checks in Safe Browsing mode can help block 25% more phishing attempts. [ more ]

Entrepreneur

Deliverability

3 Email Changes Google and Yahoo Will Require You to Adopt By February 1st | Entrepreneur

Google and Yahoo have partnered to create new guidelines for mass email senders to combat spam, spoofing, and phishing attacks.

Email senders must authenticate their emails, enable one-click unsubscribing, and maintain a low spam complaint rate. [ more ]

Mail Online

Information security

Hackers are using fake Facebook ads to steal bank account details

Cyberattack targets Facebook users with phishing ads disguised as 'sponsored' Google links. [ more ]

Engadget

Privacy professionals

Safe Browsing on Google Chrome adds real-time protection against malicious sites

Google updates Safe Browsing mode in Chrome to check sites against a real-time server-side list of known unsafe sites.

Real-time URL checks in Safe Browsing mode can help block 25% more phishing attempts. [ more ]

Entrepreneur

Deliverability

3 Email Changes Google and Yahoo Will Require You to Adopt By February 1st | Entrepreneur

Google and Yahoo have partnered to create new guidelines for mass email senders to combat spam, spoofing, and phishing attacks.

Email senders must authenticate their emails, enable one-click unsubscribing, and maintain a low spam complaint rate. [ more ]

moregoogle

#cyber-crime

ComputerWeekly.com

Privacy professionals

International police operation infiltrates LabHost phishing website used by thousands of criminals | Computer Weekly

Law enforcement shuts down major phishing-as-a-service platform LabHost, leading to 37 arrests worldwide and revealing 70,000 UK fraud victims. [ more ]

Theregister

Privacy professionals

Money-grubbing crooks abuse OAuth apps for BEC, phishing

Miscreants are misusing OAuth for financially motivated cyber crimes such as phishing and crypto mining.

Microsoft warns that compromised accounts without strong authentication are particularly vulnerable to OAuth abuse. [ more ]

ComputerWeekly.com

Privacy professionals

International police operation infiltrates LabHost phishing website used by thousands of criminals | Computer Weekly

Law enforcement shuts down major phishing-as-a-service platform LabHost, leading to 37 arrests worldwide and revealing 70,000 UK fraud victims. [ more ]

Theregister

Privacy professionals

Money-grubbing crooks abuse OAuth apps for BEC, phishing

Miscreants are misusing OAuth for financially motivated cyber crimes such as phishing and crypto mining.

Microsoft warns that compromised accounts without strong authentication are particularly vulnerable to OAuth abuse. [ more ]

morecyber-crime

#artificial-intelligence

Nextgov.com

Artificial intelligence

AI is creating 'more sophisticated' but not unprecedented election threats, DHS official says

AI tools contributing to more sophisticated misinformation.

Phishing campaigns using generative AI can increase likelihood of election personnel being targeted. [ more ]

english.elpais.com

Artificial intelligence

Beware of ChatGPT's evil twin and other generative AI dangers

Generative artificial intelligence tools like FraudGPT and WormGPT are being used by cybercriminals for malicious purposes.

These AI tools can create convincing fake messages and emails, leading to scams, deepfakes, and misinformation campaigns. [ more ]

www.bbc.com

Artificial intelligence

Booking.com warns of up to 900% increase in travel scams

AI is fueling a significant rise in travel scams, with phishing attacks escalating due to generative AI tools like ChatGPT. [ more ]

Nextgov.com

Artificial intelligence

AI is creating 'more sophisticated' but not unprecedented election threats, DHS official says

AI tools contributing to more sophisticated misinformation.

Phishing campaigns using generative AI can increase likelihood of election personnel being targeted. [ more ]

english.elpais.com

Artificial intelligence

Beware of ChatGPT's evil twin and other generative AI dangers

Generative artificial intelligence tools like FraudGPT and WormGPT are being used by cybercriminals for malicious purposes.

These AI tools can create convincing fake messages and emails, leading to scams, deepfakes, and misinformation campaigns. [ more ]

www.bbc.com

moreartificial-intelligence

Artificial intelligence

Booking.com warns of up to 900% increase in travel scams

AI is fueling a significant rise in travel scams, with phishing attacks escalating due to generative AI tools like ChatGPT. [ more ]

Theregister

Privacy professionals

IT helpdeskers increasingly targeted by cybercriminals

IT helpdesk workers are increasingly targeted by cybercriminals, a trend growing in success.

Attacks involve pretending to be an employee, requesting changes to identity access, and registering their device for insider access. [ more ]

The Globe and Mail

Privacy professionals

Manitoba government could boost security for remote work, auditor-general says

Manitoba government implements IT security measures for remote work, but improvements needed

Auditor-General highlights weaknesses in encryption settings and outdated remote work security policies. [ more ]

TNW | Data-Security

Deliverability

New Russian PSYOPs mix disinformation, spam, and Navalny

Russia-aligned PSYOPs campaign involved espionage, disinformation, and phishing.

ESET uncovered Operation Texonto, linking it to Russian propaganda, targeting Ukrainians, and Navalny-related domains. [ more ]

#data-breach

Mail Online

Privacy professionals

Warning to Facebook Marketplace users as 200,000 accounts leaked

Hundreds of thousands of Facebook Marketplace accounts have been leaked online, putting users at risk of phishing and cyberattacks.

The leaked data includes personal information such as names, phone numbers, email addresses, and Facebook profile information. [ more ]

ReadWrite

Privacy professionals

Massive data breach in France affects 33 million citizens

A massive security breach has affected almost half of French citizens, involving two service providers for medical insurance companies.

Around 33 million customers' data was stolen, including personal information such as birth dates, social security numbers, and insurance details. [ more ]

BleepingComputer

Privacy professionals

Data breach at French healthcare services firm puts millions at risk

French healthcare services firm Viamedis suffered a cyberattack exposing the data of policyholders and healthcare professionals.

The data breach includes sensitive information such as social security numbers and names of health insurers.

The breach was the result of a successful phishing attack on an employee, not ransomware. [ more ]

TechCrunch

Privacy professionals

Framework says hackers accessed customer data after phishing attack on accounting partner | TechCrunch

U.S. repairable laptop maker Framework confirmed a data breach after an employee at its accounting service provider was phished.

Hackers accessed customers' personal information, including names, email addresses, and balances owed.

It's unclear if any other clients of the accounting service provider were affected. [ more ]

Mail Online

Privacy professionals

Warning to Facebook Marketplace users as 200,000 accounts leaked

Hundreds of thousands of Facebook Marketplace accounts have been leaked online, putting users at risk of phishing and cyberattacks.

The leaked data includes personal information such as names, phone numbers, email addresses, and Facebook profile information. [ more ]

ReadWrite

Privacy professionals

Massive data breach in France affects 33 million citizens

A massive security breach has affected almost half of French citizens, involving two service providers for medical insurance companies.

Around 33 million customers' data was stolen, including personal information such as birth dates, social security numbers, and insurance details. [ more ]

BleepingComputer

Privacy professionals

Data breach at French healthcare services firm puts millions at risk

French healthcare services firm Viamedis suffered a cyberattack exposing the data of policyholders and healthcare professionals.

The data breach includes sensitive information such as social security numbers and names of health insurers.

The breach was the result of a successful phishing attack on an employee, not ransomware. [ more ]

TechCrunch

Privacy professionals

Framework says hackers accessed customer data after phishing attack on accounting partner | TechCrunch

U.S. repairable laptop maker Framework confirmed a data breach after an employee at its accounting service provider was phished.

Hackers accessed customers' personal information, including names, email addresses, and balances owed.

It's unclear if any other clients of the accounting service provider were affected. [ more ]

moredata-breach

Hubspot

Privacy professionals

4 Phishing Email Examples Even I Could Fall For (& How to Spot Them)

Phishing emails are online scams that trick recipients into providing sensitive information.

Phishing emails come in various types, each designed to exploit specific vulnerabilities or scenarios. [ more ]

DevOps.com

Privacy professionals

The Code Caveat: When Developer Credentials Become the Hacker's Pickaxe - DevOps.com

Developers are often the weakest link in cloud security.

Common ways developers can compromise cloud security include exposing credentials, falling victim to phishing campaigns, and using weak passwords. [ more ]

Tripwire

Privacy professionals

NCSC Warns That AI is Already Being Used by Ransomware Gangs

Malicious attackers are using artificial intelligence (AI) for more effective cyber attacks, and the volume and impact of threats will increase in the next two years.

AI tools make it easy to generate believable text, images, audio, and deepfake videos that can be used to deceive targets. [ more ]

#cybercrime

WIRED

Artificial intelligence

Staying One Step Ahead of Hackers When It Comes to AI

Generative AI is being used by cybercriminals to automate the creation of personalized phishing emails.

Generative AI may make biometric hacking easier and allow hackers to target chatbots and inject malware into their generated output. [ more ]

Hot for Security

4 weeks ago

Information security

US charges four FIN9-linked hackers after $71 million cybercrime spree

Four alleged members of the FIN9 cybercrime gang have been charged in the US for causing over $71 million in losses through phishing and supply chain attacks. [ more ]

TechCrunch

Information security

UK national accused of hacking dozens of US companies arrested in Spain | TechCrunch

Spanish police arrested a British national accused of leading an organized cybercrime group targeting US companies, accessing $27 million in cryptocurrency. [ more ]

MIT Technology Review

Artificial intelligence

Five ways criminals are using AI

Generative AI has enabled criminals to work more efficiently and globally in cybercrime activities. [ more ]

WIRED

Artificial intelligence

Staying One Step Ahead of Hackers When It Comes to AI

Generative AI is being used by cybercriminals to automate the creation of personalized phishing emails.

Generative AI may make biometric hacking easier and allow hackers to target chatbots and inject malware into their generated output. [ more ]

Hot for Security

4 weeks ago

Information security

US charges four FIN9-linked hackers after $71 million cybercrime spree

Four alleged members of the FIN9 cybercrime gang have been charged in the US for causing over $71 million in losses through phishing and supply chain attacks. [ more ]

TechCrunch

Information security

UK national accused of hacking dozens of US companies arrested in Spain | TechCrunch

Spanish police arrested a British national accused of leading an organized cybercrime group targeting US companies, accessing $27 million in cryptocurrency. [ more ]

MIT Technology Review

Artificial intelligence

Five ways criminals are using AI

Generative AI has enabled criminals to work more efficiently and globally in cybercrime activities. [ more ]

morecybercrime

www.fastcompany.com

Artificial intelligence

5 cybersecurity predictions for 2024

Cybersecurity costs are predicted to rise globally to $10.5 trillion by 2025 as cybercrime becomes more sophisticated.

AI-powered scams and advanced phishing techniques are expected to increase in 2024. [ more ]

Theregister

Information security

The Russians are coming! Err, they've already infiltrated

Russia-backed attackers named defense-industrial firms and energy facilities as new targets for phishing campaigns.

The Russian group Star Blizzard, believed to be affiliated with the FSB, is responsible for the attacks. [ more ]

ComputerWeekly.com

Privacy professionals

UK names Russian FSB agents behind political hacking campaign | Computer Weekly

Russia's FSB is confirmed to be behind a hacking campaign targeting politicians, civil servants, journalists, and civil society organizations.

The campaign aimed to interfere with UK politics and the democratic process by phishing high-profile individuals. [ more ]

TechRepublic

8 months ago

Privacy professionals

Sekoia: Latest in the Financial Sector Cyber Threat Landscape

The financial sector is the most impacted by phishing worldwide and is increasingly targeted by QR code phishing.

Phishing-as-a-service model is being massively adopted in 2023, with phishing kits sold to cybercriminals.

QR code phishing campaigns are on the rise in the financial sector. [ more ]

Engadget

3 weeks ago

Information security

Twilio hack leaves Authy users exposed to text-messaging scams

Update Authy app immediately for security [ more ]

TechCrunch