September 17, 2024 at 10:21AM The security landscape faces an unknown challenge: adversarial use of AI. BlackBerry’s whitepaper delves into AI and its threat, including deepfakes, gen-AI malware, and phishing. The paper stresses the need for effective AI detection and prevention systems to counter the evolving AI threats and the urgency of global, societal solutions. … Read more
August 26, 2024 at 09:07AM Nearly 2.7 TB of sensitive data, including invoices, contracts, HIPPA patient consent forms, belonging to various businesses, has been exposed due to a non-password protected database. The exposed files, traced by security researcher Jeremiah Fowler, belonged to ServiceBridge and contained personal information from numerous clients. The database has since been … Read more
August 21, 2024 at 12:54PM ESET warns of new phishing tactic targeting iOS and Android users with web applications mimicking banking software to steal login credentials. Cybercriminals use Progressive Web Applications and WebAPKs to bypass security measures. The attacks combine voice calls, social media malvertising, and SMS messages to distribute links, mainly targeting mobile banking … Read more
August 7, 2024 at 11:35AM Researchers discovered a method to hide the ‘First Contact Safety Tip’ in Microsoft 365, potentially increasing the risk of users opening malicious emails. Despite reporting the flaw to Microsoft, the tech giant decided not to address it at this time. The technique involves manipulating HTML and CSS to hide the … Read more
July 23, 2024 at 10:36AM CrowdStrike warns of a new Daolpu malware, falsely distributed as a Windows recovery tool after the recent Falcon update struggles. This stealer targets account credentials and browser data from Chrome, Edge, Firefox, and Cốc Cốc. Attackers use malicious document macros to trigger the malware. CrowdStrike advises vigilance against phishing and … Read more
July 8, 2024 at 10:01AM Roblox disclosed a data breach affecting attendees of its 2022-2024 Developer Conferences. The breach involved vendor FNTech’s systems being compromised, revealing attendees’ full names, email addresses, and IP addresses. Though not immediately risky, the exposed data raises phishing attack potential. Roblox has taken measures to prevent future breaches, acknowledging previous … Read more
April 25, 2024 at 10:15AM Netcraft warns of threat actors using compromised email accounts to send phishing emails with links to malicious PDF files on Autodesk Drive. Attackers tailor their emails with legitimate senders’ information to appear credible. Recipients are directed to phishing pages and prompted to provide Microsoft account credentials. The attacks are highly … Read more
April 18, 2024 at 11:00AM LastPass warns of a malicious campaign targeting users with the CryptoChameleon phishing kit, tied to cryptocurrency theft and combining social engineering tactics. The kit previously targeted FCC employees and cryptocurrency platforms, impersonating various services. LastPass discovered its inclusion in the phishing kit and urges vigilance against suspicious communications, advising not … Read more
April 15, 2024 at 10:58AM Hackers breached a telephony provider used by Cisco Duo, potentially compromising SMS and VoIP MFA logs. No message contents were accessed, but data like phone numbers and location could be used for phishing. The breach was identified, and security measures have been taken. Customers are urged to be vigilant against … Read more
April 12, 2024 at 03:02PM The FBI issued a warning about a large-scale SMS phishing attack targeting Americans, with scammers posing as road toll collection services. The attacks, ongoing since March 2024, have received over 2,000 complaints. The phishing messages claim recipients owe unpaid tolls and include fake links. Several toll services and law enforcement … Read more