Phishing


Okta Phishing Attack Facilitated By CryptoChameleon!

Okta Phishing Attack Facilitated By CryptoChameleon!

 

Hacking instances are rampant across the globe, and this time, the target is none other than the Federal Communications Commission or FCC. There’s a new kid on the block named CryptoChameleon, and this brand-new phishing kit is being used to attack the FCC employees. Basically, the threat actors are using CryptoChameleon to come up with SSO pages that resemble Okta to a great extent. 

(more…)

How do Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography?

How do Multi-Stage Phishing Attacks Exploit QRs, CAPTCHAs, and Steganography?

 

Cybercriminals have always managed to stay ahead of the cyber security experts in terms of their ability to swiftly adapt to the everchanging technological dynamics. Phishing attacks are getting more sophisticated with time- thanks to the advent of artificial intelligence and its easy accessibility.

(more…)

Threat Actors Target Western Digital, Cripple Its My Cloud Service

Threat Actors Target Western Digital, Cripple Its My Cloud Service

Undoubtedly, famous public cloud services providers like Amazon, Google, Microsoft, and Western Digital offer a more secure cloud environment than on-premise servers. But what if the hackers target them, locking you out and hampering productivity? Follow this article to learn about the latest attack on Western Digital.

Western Digital recently announced today that an unauthorized party breached its network, gaining access to its multiple company systems. After discovering the breach, the firm launched an investigation into the incident (which is in the early stages) and informed the law enforcement authorities.

(more…)

Sensitive Information at Risk as a Security Breach Hits US Marshals Service

Sensitive Information at Risk as a Security Breach Hits US Marshals Service

A major security breach has recently hit the US Marshals Service, putting sensitive information at risk, according to senior law enforcement officials. Learn more about the details of the breach, how it happened, the data at risk, and the steps being taken to address it.

The US Marshals Service was hit by a major security breach this month, with hackers breaking into and stealing data from a computer system that contained personal information about investigative targets and agency employees, as confirmed by a spokesman for the service on Monday.

(more…)

TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info

TELUS Launches Investigation After Potential Data Breach Leaks Source Code and Employee Info

TELUS, the Canadian telecom giant, is investigating a potential data breach after a threat actor leaked what appears to be employee data and source code. TELUS has initiated an investigation in response to the breach to assess the scope of the incident and safeguard its customers and staff from any potential risks. Stay updated with the latest developments on this incident with this article as we share what happened, how it happened, and what TELUS is doing.

(more…)

Threat Actors use NameCheap’s Email to Execute Metamask and DHL Phishing Attacks.

Threat Actors use NameCheap’s Email to Execute Metamask and DHL Phishing Attacks.

The recent security breach and phishing campaign that occurred at Namecheap, a domain registrar, serves as a stark reminder of the persistent and evolving threats posed by cybercriminals. In this post, we will delve into the details of the breach and the phishing campaign and offer some essential tips to help protect against phishing scams.

The web hosting company and domain registrar Namecheap recently suffered a security breach when its email account was hacked. This breach resulted in a phishing campaign that targeted the cryptocurrency wallet MetaMask and the logistics company DHL, intending to obtain personal and cryptocurrency wallet information from susceptible users.

(more…)

Threat Actors Breach Reddit and Access Internal Documents, Code, and Business Systems

Threat Actors Breach Reddit and Access Internal Documents, Code, and Business Systems

Threat actors managed to infiltrate the popular social media platform Reddit and access internal documents, code, and some internal business systems, highlighting the need for individuals and organizations to take robust measures to safeguard their information. This text shares the details of the attack, what information was accessed, what Reddit is doing, and how to stay protected.

(more…)

Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000

Find Out About the Latest Case of Threat Actors Utilizing Phishing-as-a-Service to Steal $120,000

Threat actors made away $120,000 from an innocent victim by duping them with a sophisticated scam. This text shares the details of the cyberattack and shows how you can protect yourself.

As technology advances at a dizzying pace, so does the cunning of those seeking to exploit it for their nefarious purposes. One such example of this unfortunate reality can be seen in the recent surge of ‘Phishing-as-a-service‘ kits, which provide a turnkey solution for would-be thieves to engage in digital fraud and easily steal sensitive information. This malign development is fueling an alarming uptick in incidents of theft, with victims ranging from individuals to large corporations.

(more…)

Microsoft Disables Verified Microsoft Partner Network Accounts Used In Malicious Third-Party OAuth App Campaign

Microsoft Disables Verified Microsoft Partner Network Accounts Used In Malicious Third-Party OAuth App Campaign

The latest online status symbol is getting verified on popular platforms like Instagram, Apple AppStore, or Twitter. Users trust verified accounts more; similarly, third-party OAuth app publishers get verified by Microsoft. However, researchers recently discovered the latest malicious third-party OAuth app campaign abusing Microsoft’s “verified publisher” status. Read on to learn more about the story.

Microsoft recently disabled many fraudulent, verified MPN (Microsoft Partner Network) accounts for designing malicious OAuth apps that breached business cloud environments to steal emails.

(more…)

Massive Google Fi Data Breach Opens up Individuals to SIM Swapping Attacks

Massive Google Fi Data Breach Opens up Individuals to SIM Swapping Attacks

The Google Fi platform was breached due to one of its unsecured network providers, opening the platform’s customers up to SIM-swapping attacks. This text describes the data breach, how it happened, what data was taken, the details of the SIM swapping attacks, and how to protect yourself against these.

Your private information may be at risk as a massive Google Fi data breach has opened the doors to a dangerous new threat – SIM swapping attacks. Google’s US-only telecommunications and mobile internet service, Google Fi, has informed its customers that one of its private network providers suffered a data breach leading to the exposure of personal data that led to SIM swapping attacks.

(more…)