10 matches found
Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds
Phishers and scammers can’t get enough of sending their feeble attempts to Malwarebytes’ employees. For which we can’t thank them enough because it means we can warn you, our readers. This time the scammers tried to impersonate Best Wallet—an app that lets people store, send, and receive...
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index PyPI repository have issued a warning about an ongoing phishing attack that's targeting users in an attempt to redirect them to fake PyPI sites. The attack involves sending email messages bearing the subject line "PyPI Email verification" that are sent...
A week in security (February 26 – March 3)
Last week on Malwarebytes Labs: PikaBot malware on the rise: What organizations need to know Malicious meeting invite fix targets Mac users Pig butchering scams, how they work and how to avoid them Airbnb scam sends you to a fake Tripadvisor site, takes your money Facebook bug could have allowed...
“Free UK visa” offers on WhatsApp are fakes
A student friend recently shared a WhatsApp message, unsure if it was scam. The message claims to offer an easy to route to free visas, housing, accommodation, and medicine access. Heres how we know it was a scam, and where it lead. It read as follows: UK GOVERNMENT JOB RECRUITMENT 2022: This is...
Nintendo warns of imitation websites and suspicious hardware
Brave indeed is the soul who decides to take on Nintendo with scam-filled behaviour online. The console legends have a long history of crunching down on fraud, as well as gaming past-times some would consider to be harmless. Whether you create fan-made games, offer up plundered ROMs for use in...
CVE-2019-4035
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IB...
100 channels and nothing on, except TV Licensing phishes
We’ve seen a lot of people referencing fake TV Licensing emails they’ve received over the last few days. The majority so far appear to be fake refund notices, asking potential victims to log in to a phony TV License website and provide payment details for refunds. It's definitely keeping customer...
LocalTapiola: HTML Injection in email /webApp/lahti (viestinta.lahitapiola.fi)
Steps to reproduce 1. Open link http://viestinta.lahitapiola.fi/webApp/lahti 2. Set "Etunimi" Welcome 3. Set "Sähköposti" to victim email 4. Other fields may be arbitrary 5. Submit form F134348 Result Victim receive an email from [email protected] which contains a link to a...
Beware of False Firefox Adware Site
Adware slingers have taken advantage of the buzz around the latest version of Firefox to establish a fake browser download site. Read the full article. The Register...
PHPWIND & DISCUZ! CSRF vulnerability-vulnerability warning-the black bar safety net
PHPWIND & DISCUZ! CSRF vulnerability affects versions: Discuz! 6.0.0 & 6.1.0 & 7.0.0 PHPWIND 6.0 & 6.3 & 7.0 Vulnerability description: PHPWIND & DISCUZ! The presence of CSRF vulnerabilities, triggering PHPWIND & DISCUZ! CSRF WORM! ... d/b31e4d2e6270c384 reference ... d/b31e4d2e6270c384 Safety...