Chinese-Speaking Cybercriminals Launch Large-Scale iMessage Smishing Campaign in U.S.

A new large-scale smishing campaign is targeting the U.S. by sending iMessages from compromised Apple iCloud accounts with an aim to conduct identity theft and financial fraud. "The Chinese-speaking threat actors behind this campaign are operating a package-tracking text scam sent via iMessage to...

Malicious ad for USPS fishes for banking credentials

We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse a...

SourceCodester Travel Management System File Upload Vulnerability

SourceCodester Travel Management System is a software application. An automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in SourceCodester Travel Management System v1.0, which can b...

Malicious Package in asymc

All versions of asymc typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process was...

Ineffective Package Tracking Facilitates Fraud

This article discusses an e-commerce fraud technique in the UK. Because the Royal Mail only tracks packages to the postcode -- and not to the address - it's possible to commit a variety of different frauds. Tracking systems that rely on signature are not similarly vulnerable...

Malicious Package

Overview All versions of requset typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

Malicious Package

Overview All versions of calk typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the...

Malicious Package

Overview All versions of commnader typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether th...

Threat Outbreak Alert: Fake Package Tracking Information Email Messages on February 6, 2014

Medium Alert ID: 32759 First Published: 2014 February 6 19:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain package tracking information for the recipient. The text in the email message attempts to convince the recipie...

Threat Outbreak Alert: Fake Package Tracking Notification Email Messages on November 25, 2013

Medium Alert ID: 31902 First Published: 2013 November 26 20:45 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a package tracking notification for the recipient. The text in the email message attempts to convince the...