7 matches found
Starkiller Phishing Suite Uses AitM Reverse Proxy to Bypass Multi-Factor Authentication
Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication MFA protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a...
Phishing scammers are posting fake “account restricted” comments on LinkedIn
Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has " engaged in activities that are not in compliance" with LinkedIn's policies and that their account has been " temporarily restricted" until they submit an appeal through a specified link in the comment...
APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR.net, a webmail and news service popular in Ukraine. The activity, observed by Recorded Future's Insikt Group between June...
New Phishing Scam Uses Google Drawings and WhatsApp Shortened Links
Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known...
Massive AdSense Fraud Campaign Uncovered - 10,000+ WordPress Sites Infected
The threat actors behind the black hat redirect malware campaign have scaled up their campaign to use more than 70 bogus domains mimicking URL shorteners and infect over 10,800 websites. "The main objective is still ad fraud by artificially increasing traffic to pages which contain the AdSense ID...
CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites
Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners...
Setting Up a Secure and Private Twitter Account
To kick off the new year, we are restarting our tutorial screencast series where we attempt to briefly walk users through the process of locking down their various online accounts. Today’s video, which is just slightly longer than we had hoped, thoroughly details the steps necessary to ensure tha...