FreshRSS

πŸ”’
β–³ πŸ”ƒ
☐ β˜† βœ‡ The first stop for security news | Threatpost

Tentacles of β€˜0ktapus’ Threat Group Victimize 130 Firms

By Nate Nelson β€” August 29th 2022 at 14:56
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
☐ β˜† βœ‡ The first stop for security news | Threatpost

iPhone Users Urged to Update to Patch 2 Zero-Days

By Elizabeth Montalbano β€” August 19th 2022 at 15:25
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
☐ β˜† βœ‡ The first stop for security news | Threatpost

APT Lazarus Targets Engineers with macOS Malware

By Elizabeth Montalbano β€” August 17th 2022 at 15:07
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Black Hat and DEF CON Roundup

By Threatpost β€” August 15th 2022 at 13:56
β€˜Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.
☐ β˜† βœ‡ The first stop for security news | Threatpost

New Hacker Forum Takes Pro-Ukraine Stance

By Elizabeth Montalbano β€” August 11th 2022 at 15:14
A uniquely politically motivated site called DUMPS focuses solely on threat activity directed against Russia and Belarus
☐ β˜† βœ‡ The first stop for security news | Threatpost

Cisco Confirms Network Breach Via Hacked Employee Google Account

By Threatpost β€” August 11th 2022 at 12:51
Networking giant says attackers gained initial access to an employee’s VPN client via a compromised Google account.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Virtual Currency Platform β€˜Tornado Cash’ Accused of Aiding APTs

By Elizabeth Montalbano β€” August 9th 2022 at 17:58
U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Phishers Swim Around 2FA in Coinbase Account Heists

By Elizabeth Montalbano β€” August 8th 2022 at 15:26
Attackers are spoofing the widely used cryptocurrency exchange to trick users into logging in so they can steal their credentials and eventually their funds.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Open Redirect Flaw Snags Amex, Snapchat User Data

By Elizabeth Montalbano β€” August 5th 2022 at 13:17
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

By Elizabeth Montalbano β€” July 28th 2022 at 17:24
Cybercriminals turn to container files and other tactics to get around the company’s attempt to thwart a popular way to deliver malicious phishing payloads.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Messaging Apps Tapped as Platform for Cybercriminal Activity

By Elizabeth Montalbano β€” July 27th 2022 at 16:57
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Phishing Attacks Skyrocket with Microsoft and Facebook as Most Abused Brands

By Nate Nelson β€” July 26th 2022 at 13:05
Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Hackers for Hire: Adversaries Employ β€˜Cyber Mercenaries’

By Elizabeth Montalbano β€” July 21st 2022 at 12:59
Also known as the Atlantis Cyber-Army, the emerging organization has an enigmatic leader and a core set of admins that offer a range of services, including exclusive data leaks, DDoS and RDP.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Magecart Serves Up Card Skimmers on Restaurant-Ordering Systems

By Elizabeth Montalbano β€” July 20th 2022 at 12:14
300 restaurants and at least 50,000 payment cards compromised by two separate campaigns against MenuDrive, Harbortouch and InTouchPOS services.
☐ β˜† βœ‡ The first stop for security news | Threatpost

FBI Warns Fake Crypto Apps are Bilking Investors of Millions

By Elizabeth Montalbano β€” July 19th 2022 at 15:20
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Journalists Emerge as Favored Attack Target for APTs

By Elizabeth Montalbano β€” July 14th 2022 at 15:08
Since 2021, various state-aligned threat groups have turned up their targeting of journalists to siphon data and credentials and also track them.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Large-Scale Phishing Campaign Bypasses MFA

By Elizabeth Montalbano β€” July 13th 2022 at 11:45
Attackers used adversary-in-the-middle attacks to steal passwords, hijack sign-in sessions and skip authentication and then use victim mailboxes to launch BEC attacks against other targets.
☐ β˜† βœ‡ The first stop for security news | Threatpost

β€˜Callback’ Phishing Campaign Impersonates Security Firms

By Elizabeth Montalbano β€” July 12th 2022 at 11:43
Victims instructed to make a phone call that will direct them to a link for downloading malware.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Popular NFT Marketplace Phished for $540M

By Nate Nelson β€” July 11th 2022 at 20:06
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.
☐ β˜† βœ‡ The first stop for security news | Threatpost

Hack Allows Drone Takeover Via β€˜ExpressLRS’ Protocol

By Nate Nelson β€” July 7th 2022 at 11:31
A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.
❌