BleepingComputer reports that thousands of Instagram users are being targeted in an ongoing phishing campaign that uses blue-badge offers as lures.
Attackers commenced the campaign on July 22, with more than 1,000 phishing messages sent on July 28 and Aug. 9, a report from Vade showed.
Instagram and Facebook logos were included in the phishing emails informing recipients regarding their blue badge eligibility. Individuals given the messages have been urged to click on an embedded link that would redirect to a submission form hosted on the "teamcorrectionbadges" domain in a bid to establish legitimacy.
Researchers observed a three-stage form used in the attack, which separately seek for users' username, name, email, phone number, and password. Completion of the process would prompt a verification message that also includes a fake case ID, researchers added. Combatting such scams requires increased awareness of Instagram's verification program, which only grants blue badges to celebrities, brands, and notable public figures who directly apply using the official platform.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news