SiliconANGLE reports:
[C]ode repository management firm GitLab Inc. decided to phish their own employees to see what would happen. The result was not good: One in five employees fell for the fake emails… The GitLab team behind the exercise purchased the domain name gitlab.company, then used G Suite to facilitate the delivery of the phishing email. [“Congratulations. Your IT Department has identified…
Tag: phishing
EasyJet Admits Data of Nine Million Hacked
An anonymous reader quotes a report from the BBC: EasyJet has admitted that a “highly sophisticated cyber-attack” has affected approximately nine million customers. It said email addresses and travel details had been stolen and that 2,208 customers had also had their credit card details “accessed”. The firm has informed the UK’s Information Commissioner’s Office while it investigates the breach. EasyJet first…
Google’s reCAPTCHA Is Being Used To Hide Phishing Pages
An anonymous reader quotes Infosecurity magazine:
New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users… [S]ophisticated scammers are beginning to use the Google-owned service to prevent automated URL analysis systems from accessing the actual content of phishing pages, and to make phishing sites more…
Beware of Emails Impersonating ‘Microsoft Teams’ Notifications
Researchers at the email security company Abnormal Security have discovered “a multi-prong Microsoft Teams impersonation attack” involving “convincingly-crafted emails impersonating the automated notification emails from Microsoft Teams,” reports Forbes: The aim, simply to steal employee Microsoft Office 365 login credentials. To date, the researchers report that as many as 50,000 users have been subject to this attack as of May 1….
How Spies Snuck Malware Into the Google Play Store — Again and Again
Google’s Play Store for Android apps has never had a reputation for the strictest protections from malware. Shady adware and even banking trojans have managed over the years to repeatedly defy Google’s security checks. Now security researchers have found what appears to be a more rare form of Android abuse: state-sponsored spies who repeatedly slipped their targeted hacking tools into the…
Some ‘Reopen’ Domains Could Be Phishing and Malware Campaigns
CNET reports on new research from a threat-intelligence company into the more than 540 domain names registered this month with the word “reopen” in their URL. While hundreds of them are “designed to lend credibility to anti-lockdown protests,” and 98 more were purchased to thwart that effort, there’s still many other domains that “come from suspicious sources or resellers looking to…
267 Million Facebook Profiles Being Sold For $600 On Dark Web
An anonymous reader shares a report: Threat actors are selling over 267 million Facebook profiles for $623 on dark web sites and hacker forums. While none of these records include passwords, they do contain information that could allow attackers to perform spear phishing or SMS attacks to steal credentials. Last month, security researcher Bob Diachenko discovered an open Elasticsearch database that…
Google is Blocking 18 Million Coronavirus Scam Emails Every Day
1.5 billion people use Gmail, according to a recent article in the BBC. And every day millions of them receive an email about a coronavirus scam: Scammers are sending 18 million hoax emails about Covid-19 to Gmail users every day, according to Google… The company said it was blocking more than 100 million phishing emails a day. Over the past week,…
U.S. Government: Update Chrome 80 Now, Multiple Security Concerns Confirmed
Part of America’s Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency (CISA) “has advised users to update Google Chrome as new high-rated security vulnerabilities have been found,” reports Forbes: In an April 1 posting, CISA confirmed that Google Chrome version 80.0.3987.162 “addresses vulnerabilities that an attacker could exploit to take control of an affected system,” be that Windows, Mac…
Facebook Sues Namecheap For Letting Scammers Register Lookalike Domains
Facebook filed a lawsuit this week against Namecheap, claiming the domain name registrar has refused to cooperate in an investigation into a series of malicious domains that have been registered through its service and which impersonated the Facebook brand. ZDNet reports: Christen Dubois, Director and Associate General Counsel at Facebook, said today that Facebook engineers tracked down 45 suspicious Facebook lookalike…