Rail firm TransPennine Express has since removed QR codes from all of its station car parks.
Help desk staff duped into resetting MFA on Okta super admin accounts, allowing threat actors to move laterally across targeted organizations.
A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser.
Interest in OpenAI’s latest version of its interactive language model has spurred a new wave of scam apps looking to cash in on the hype
Fake hardware cryptowallet, and how bitcoins were stolen from it.
We’ve seen spam campaigns in the open-source ecosystems in the past year, but this month was by far the worst one we’ve seen yet. Apparently, attackers found the unvetted open-source ecosystems as an…
Attackers are distributing malware disguised as a ChatGPT desktop client for Windows offering “precreated accounts”
A recent cryptocurrency scam has highlighted a need for fraud awareness. The new scam - called “pig butchering” - includes a sophisticated new twist that combines a romance scam with an investment spin. According to the Federal Bureau of Investigation (FBI), the term “pig butchering” refers to a time-tested, heavily scripted, and contact intensive process to fatten up the prey before slaughter.
Years-old domains, compromised JS libraries and worldwide-localized content among tactics of this sophisticated attacker.
Recently, we identified a new BEC group leveraging blind third-party impersonation tactics to swindle companies around the world. The group, which we call Crimson Kingsnake, impersonates real attorneys, law firms, and debt recovery services to deceive accounting professionals into quickly paying bogus invoices.
A Sydney man, 19, has been charged for allegedly attempting to misuse stolen Optus customer data in a text message blackmail scam.
Une campagne de phishing d’Instagram cible spécifiquement les utilisateurs de la plateforme afin de subtiliser leurs informations personnelles et identifiants de compte.
Yesterday, August 8, 2022, Twilio shared that they’d been compromised by a targeted phishing attack. Around the same time as Twilio was attacked, we saw an attack with very similar characteristics also targeting Cloudflare’s employees. While individual employees did fall for the phishing messages, we were able to thwart the attack through our own use of Cloudflare One products, and physical security keys issued to every employee that are required to access all our applications.
Companies including GoDaddy are making it easy for criminals to scoop up websites for dangerous coronavirus scams, researchers say.
Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.
Earlier today, I received a scam email that impersonates the Ukrainian Red Cross. It attempts to solicit donations via Bitcoin. The email is almost certainly not related to any valid Red Cross effort.
There are some legitimate efforts to collect donations for Ukraine using crypto-currencies. This scam may take advantage of these efforts.
