Malicious code in tealove-lady44 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f97f9049f7c4da2ac57ed5985d49626d7ed6559e28608089a797ff2237080cd This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

American Express warns customers about third party data breach

American Express has sent affected customers a warning that “a third party service provider engaged by numerous merchants experienced unauthorized access to its system.” In a subsequent update, American Express explained that it was not a service provider, but a merchant processor that suffered t...

The dark side of Black Friday: decoding cyberthreats around the year’s biggest shopping season

As the annual Black Friday approaches, the digital landscape experiences an unprecedented surge in e-commerce and online shopping activity. Major sales aside, e-commerce is still a huge market. In 2022, global e-commerce retail revenue was estimated to reach $5.7 trillion worldwide, marking nearl...

Sharing Netflix, Disney+, other passwords is illegal, according to new guidance

The Intellectual Property Office IPO, the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebooks parent company. The general issue on piracy is...

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a...

What the Zola Hack Can Teach Us About Password Security

Password security is only as strong as the password itself. Unfortunately, we are often reminded of the danger of weak, reused, and compromised passwords with major cybersecurity breaches that start with stolen credentials. For example, in May 2022, the popular wedding planning site, Zola, was th...

Spanish Police Arrest SIM Swappers Who Stole Money from Victims Bank Accounts

Spain's National Police Agency, the Policía Nacional, said last week it dismantled an unnamed cybercriminal organization and arrested eight individuals in connection with a series of SIM swapping attacks that were carried out with the goal of financial fraud. The suspects of the crime ring...

Bogus Cryptomining Apps Infest Google Play

Google has removed eight deceptive mobile apps from the Play Store that masquerade as cryptocurrency cloud-mining applications but which really exist to lure users into expensive subscription services and other fraudulent activity. They may have been removed, but researchers at Trend Micro noted...

How Fake Accounts and Sneaker-Bots Took Over the Internet

Recently, one of my friends from my submarine days sent me a friend request on Facebook. The weird thing is, I was already connected with this friend. Looking further at the profile, I noticed a few of the same pictures but only 11 friends. So I knew this was some scammer and, being me, I message...

Facebook Sues 4 Vietnamese for Hacking Accounts and $36 Million Ad Fraud

Facebook on Tuesday revealed it filed two separate legal actions against perpetrators who abused its ad platform to run deceptive advertisements in violation of the company's Terms and Advertising Policies. "In the first case, the defendants are a California marketing company and its agents...

Exposed Database Reveals 100K+ Compromised Facebook Accounts

Researchers have uncovered a wide-ranging global scam targeting Facebook users, after finding an unsecured database used by fraudsters to store the usernames and passwords of at least 100,000 victims. Researchers said that the cybercriminals behind the scam were tricking Facebook victims into...

Scams and how to spot them

We’re in strange times at the moment. Some things dont change though e.g. the scams and fraudulent activity designed to separate people from their money or identity. When dealing with these scams the main thing to remember is: If it seems too good to be true, it probably is. While that statement ...

Fraudulent Unemployment, COVID-19 Relief Claims Earn BEC Gang Millions

An infamous business email compromise BEC gang has submitted hundreds of fraudulent claims with state-level U.S. unemployment websites and coronavirus relief funds. Researchers who tracked the fraudulent activity said cybercriminals may have made millions so far from the fraudulent activity. Behi...

Fake Coronavirus ‘Vaccine’ Website Busted in DoJ Takedown

The Department of Justice has raised its first federal court action against online fraud relating to the coronavirus pandemic, on Sunday taking steps to shutter a fraudulent website that claimed to give away free coronavirus vaccines. The website, “coronavirusmedicalkit.com,” was purporting to gi...

Loyalty Cards Targeted in Tesco Clubcard Attack

U.K. supermarket giant Tesco is warning on a credential-stuffing attack that potentially affects 600,000 members of its Clubcard loyalty program. It said that it detected cybercriminals trying out different name and password combos, gleaned from a database of stolen usernames and passwords for...

Tragedy-Related Scams

In the wake of the recent Texas school shooting, NCCIC advises users to watch out for possible malicious cyber activity seeking to capitalize on this tragic event. Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources...

Hurricane-Related Scams

As the peak of the 2017 hurricane season approaches, US-CERT warns users to be watchful for various malicious cyber activity targeting both disaster victims and potential donors. Users should exercise caution when handling emails that relate to recent hurricanes, even if those emails appear to...

3 Mobile UK Hacked – 6 Million Customers' Private Data at risk

Three, one of UK's biggest mobile operators, has become the latest victim of a massive data breach that reportedly left the personal information and contact details of 6 Million of its customers exposed. The company admitted the data breach late Thursday, saying that computer hackers gained acces...

Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend. As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it...

Sally Beauty Investigating Second Data Breach

Sally Beauty Supply, a seller of beauty products in the U.S., says it is investigating reports of fraudulent activities involving payment cards used at some of the chain’s retail locations. In March 2014, Sally Beauty admitted that hackers compromised its payment systems, exposing the sensitive...