Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report. As outgoing President Donald Trump continues to dominate headlines, cybercriminals have decided to horn in on the much-gossiped-about — and yet to . . . Read more
Facebook shut down accounts and Pages used by two separate threat groups to spread malware and conduct phishing attacks. Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat . . . Read more
Cybercriminals are leveraging the recent rollout of the COVID-19 vaccines globally in various cyberattacks – from stealing email password to distributing the Zebrocy malware. Cybercriminals are tapping into the impending rollout of COVID-19 vaccines with everything from simple phishing scams all the way up to sophisticated Zebrocy malware campaigns. Security . . . Read more
Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram. Event-discovery application Peatix has disclosed a data breach, after ads for stolen user-account information were reportedly being circulated on Instagram and Telegram. In a data breach notice to affected users, . . . Read more
The TA416 APT has returned in spear phishing attacks against a range of victims – from the Vatican to diplomats in Africa – with a new Golang version of its PlugX malware loader.
After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery. As pharmaceutical companies such as Pfizer race to develop a vaccine for COVID-19, mobile phishing gangs are swapping up their tactics in hopes to get their hands . . . Read more
With more online shoppers this year due to COVID-19, cybercriminals are pulling the trigger on new scams ahead of Black Friday and Cyber Monday. The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, . . . Read more
More than 200 Google Forms impersonate top brands – including Microsoft OneDrive, Office 365, and Wells Fargo – to steal victims’ credentials. Researchers are warning of phishing attacks that leverage Google Forms as a landing page to collect victims’ credentials. The forms masquerade as login pages from more than 25 different . . . Read more
Cannabis journaling platform GrowDiaries exposed more than 3.4 million user records online, many from countries where pot is illegal. A database linked to GrowDiaries, an online community of cannabis growers, has exposed more than a million users’ email addresses, passwords, IP address records and posts. GrowDiaries is a robust online community of . . . Read more
Attackers are compromising email accounts from popular universities, including Purdue and Oxford, to launch attacks that get around DMARC and SPF.