Phishing | SC Media Phishing

Phishing

It’s a trap! Cybercriminals use Star Wars: Rise of Skywalker as bait

Star Wars: The Rise of Skywalker is just being released into theaters today but cybercriminals were already assembling fake websites and social media profiles to deliver malware to fans, instead of something useful like the Death Star’s plans. Kaspersky researchers have found 30 fraudulent websites and social media profiles disguised as official movie accounts advertising…

The group allegedly embedded Bluetooth-enabled skimming devices on gas pumps.

Visa warns against new POS attacks, Fin8 fingered as the culprit

Visa has identified three separate attacks that began last summer targeting gas station and hospitality merchant’s point of sale systems with the cybergang Fin8 being considered the likely perpetrator. The credit card company’s Payment Fraud Disruption department found that two unnamed “fuel dispenser merchants” and a North American company in the hospitality field were infiltrated,…

Real-time phishing alerts and stolen password warnings added to Chrome

Google yesterday announced that its latest Chrome release adds real-time phishing alerts and password breach warning capabilities to the browser. The real-time anti-phishing capabilities represents an upgrade to Google’s Safe Browsing service, which compiles an ever-changing blacklist of dangerous websites that browsers can check against. Typically, when a Chrome user visits a website, the browser…

Phishing scam uses fake giveaways to lure in Steam gaming service users

Cybercriminals are reportedly attempting to trick users of the Steam video game digital distribution service into visiting a phishing site that pretends to give away new game skins, but actually steals login credentials. Researcher “nullcookies” first reported the fraudulent giveaway promotion in a Twitter post late last month. BleepingComputer followed up on the post and…

Exploited Android flaw ‘StrandHogg’ enables phishing overlays, malicious permissions

Attackers have been actively exploiting an Android vulnerability that allows malicious apps to display dangerous permission requests and phishing overlays under the guise of a legitimate app. Dubbed StrandHogg (an old Norse Viking term), the flaw resides in Android’s taskAffinity control setting, and can be successfully abused without having to first gain root access, according…

Unsecured server exposes 4 billion records, 1.2 billion people

Two security researchers have uncovered four billion records on 1.2 billion people on an unsecured Elasticsearch server impacting what is estimated to be hundreds of millions of people. The data itself comes from the data aggregator and enrichment companies People Data Labs (PDL) and OxyData.Io and contains basic personal information, such as names, home and…

Report: Genuine HR emails trigger suspicions after accidentally using common phishing tricks

It’s one thing for employees to receive a phishing email that is purposefully crafted or spoofed to look like a genuine online communication. But when happens when people receive an actual, legitimate email that accidentally looks like a phishing scam? According to a report from TechCrunch, this exact scenario took place last week when cloud-based…

The fairly convincing phishing scam is being hosted on a compromised EA Games server.

Threat actor impersonates German, Italian and American gov’t agencies to spread malware

Since October, a threat actor has been impersonating governmental agencies in phishing emails designed to infect American, German and Italian organizations with various forms of malware, including the Cobalt Strike backdoor, Maze ransomware and the IcedID banking trojan. Business and IT services, manufacturing companies, and healthcare organizations make up a large share of the targets…

Arkansas AG reiterates need to report medical data breaches

Arkansas Attorney General (AG) Leslie Rutledge has advised the state’s medical practitioners of their responsibilities regarding when to report a data breach under the federal state’s Personal Information Protection Act (PIPA). Meanwhile, in neighboring Tennessee the state-run medical service TennCare reported that 43,847 members had their information exposed in a data breach that took place…

Next post in Data Breach