Phishing Watchdog – Stay Safe with Instant Alerts

Flipboard says hackers stole user details

29th May 2019 | Website: Flipboard Reported Here

The news aggregation site, Flipboard, has disclosed that their databases had been hacked and unauthorized users have potentially downloaded the data contained within them. This data included the personal account information and digital tokens for some of their over 100 million users.

According to emails seen by BleepingComputer and a security incident notice published on their site, Flipboard stated that hackers gained access to some of their databases during two different time periods.The first time was between June 2nd, 2018 and March 23, 2019 and the second was between April 21st and 22nd, 2019.

It is not known if these were the same users accessing the databases at different periods or two separate data breaches.


[above via BleepingComputer post] – Update 1 / Update 2


Australian ‘unicorn’ Canva hacked

24th May 2019 | Website: Canva Reported Here

Australian graphic-design-as-a-service company Canva has alerted its users to an attack that has seen “a number of our community’s usernames and email addresses … accessed.”

The attack was detected on Saturday, Australian time. The company’s letter to users also adds “The hackers also obtained passwords in their encrypted form (for technical people: all passwords were salted and hashed with bcrypt). This means that our user passwords remain unreadable by external parties.”


[above via CRN post] – Update 1 / Update 2


WhatsApp Hack – Hackers Installed Spyware By Placing A Phone Call

14th May 2019 | Software: WhatsApp Reported Here

WhatsApp pressed users to update its messaging service, following a report that a vulnerability in the software allowed attackers to hack into people’s phones using commercial Israeli spyware. The chat app, owned by Facebook Inc., said it had discovered a vulnerability in early May that could enable attackers to insert and execute code on mobile devices.


[above via Bloomberg post] – Update 1 / Update 2


Hackers Steal $40 Million Worth of Bitcoin From Binance Exchange

7th May 2019 | Website: Binance Reported Here

Hackers have stolen $41m (£31m) worth of Bitcoin in a major crypto-currency heist.

The Binance exchange, which stores Bitcoin and other crypto-currencies for members, said hackers took 7,000 bitcoins in one go. Withdrawals have now been suspended on the platform.

“We beg for your understanding in this difficult situation,” Binance said.

However, the exchange said it would replace the lost cash with the help of its emergency insurance fund.

According to Binance, the attackers used a variety of techniques to break in. They deployed viruses and used phishing attacks to get security information.


[above via BBC post] – Update 1 / Update 2


Phishing Method Which Can Trick Google Chrome Users With Fake Address Bar

29th April 2019 | Application: Google Chrome Reported Here

Why display the URL bar on a mobile device when you can give users more screen space by hiding it?

Google Chrome for Android does just that after a page has loaded, concealing information about the URL and expanding the screen space available to display content from the web page.

The feature is handy for users, but developer James Fisher is drawing attention to the possibility that phishing attackers can abuse it to catch users off guard when browsing.


[above via Zdnet post] – Update 1 / Update 2


Virgin Media Phishing Email

17th April 2019 | Site: My Virgin Media First Reported Here

A phishing email sent to Virgin Media customers, telling them their payment for latest Virgin Media bill has failed and asking them to update billing details.



The Nasty List Phishing Scam

15th April 2019 | Site: Instagram Reported Here

A new phishing scam called the “The Nasty List” is sweeping through Instagram and is targeting victim’s login credentials.

  • If a user falls victim, the hackers will utilize their accounts to further promote the phishing scam.
  • The Nasty List scam is being spread through hacked accounts that send messages to their followers stating that they were spotted on a so-called “Nasty List”.
  • These profile descriptions also include a link that supposedly allows you to see this Nasty List and why you are on it.
  • To avoid falling for an Instagram phishing scam like the Nasty List, if you are at a page that does not belong to the web site, never enter your login credentials.
  • If you have been hacked by the “Nasty List” phishing scam and you still have access to your account, the first thing you should do is verify that your account is using the correct phone number and email address.


[above via Reddit post]


Wells Fargo Bank – Wellsfargo Online Customer Service

10th April 2019 | Site: Wells Fargo Bank Reported Here

Here is another good example of a phishing email that is presently being circulated. It makes for compelling reading, but it is a scam. Phishing emails, by which scammers and identity thieves attempt to lure you into either clicking on links contained within the email which will download malware or providing personal information that will be used to make you a victim of identity theft, are nothing new.


[above via Scamicide post] – Update 1


Fake cancerous nodes in CT scans

3th April 2019 | Target: Hospital Reported Here

A computer virus that can add fake tumours to medical scan images has been created by cyber-security researchers.

In laboratory tests, the malware altered 70 images and managed to fool three radiologists into believing patients had cancer.

The altered images also managed to trick automated screening systems.

The team from Israel developed the malicious software to show how easy it is to get around security protections for diagnostic equipment.

The program was able to convincingly add fake malignant growths to images of lungs taken by MRI and CT scanning machines.


[above via BBC post] – Update 1 / Update 2


American Express – Important Security Message

20th March 2019 | Company: American Express Reported Here

Microsoft’s Office 365 Threat Research uncovered an active American Express (Amex) email phishing campaign that emerged over the weekend. The Amex phishing campaign is especially dangerous as it prompts the recipient for their credit card numbers, account logins, as well as other common password reset questions.


[above via AskCyberSecurity post] – Update 1