Tag: SCAM

New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…
Read More
Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts
Summary: A sophisticated phishing campaign has been uncovered, where cybercriminals use fraudulent Google Ads to target advertisers, redirecting them to fake login pages. This operation exploits the trust in Google’s ad platform to steal credentials, which are then used to hijack accounts for malicious purposes. The scheme has been observed globally, with multiple distinct groups involved in executing the attacks.…
Read More
UK’s porn age checks to arrive in July, raising fears over security and privacy
Summary: The UK’s communications regulator Ofcom has mandated that online pornography sites must verify users’ ages by July to prevent minors from accessing adult content. Concerns have been raised by civil liberties groups about the potential cybersecurity risks associated with age verification methods. Non-compliance could lead to severe penalties, including fines and website blocking by internet service providers.…
Read More
Securonix Threat Labs 2024 Annual Autonomous Threat Sweeper Intelligence Insights
The 2024 Annual Cyber Threat Report reveals a significant increase in cyber threats, including advanced persistent threats (APTs) and evolving tactics used by attackers. Key incidents include the resurgence of LockBit ransomware, exploitation of vulnerabilities in widely-used technologies, and notable data breaches affecting major organizations. Affected: Ivanti Connect Secure, GlobalProtect, CrowdStrike, Snowflake, Palo Alto Networks

Keypoints :

Emerging threats exploit vulnerabilities in Ivanti Connect Secure and GlobalProtect VPN.…
Read More
Attackers Hijack Google Advertiser Accounts to Spread Malware
Summary: Multiple threat actors are impersonating Google Ads login pages to deceive advertisers into revealing their credentials. This sophisticated malvertising campaign has led to the hijacking of accounts, which are then used to distribute malicious advertisements and malware. Researchers have labeled this operation as one of the most egregious malvertising campaigns ever tracked, affecting thousands of customers globally.…
Read More
Hackers use Google Search ads to steal Google Ads accounts
Summary: Cybercriminals are exploiting Google search advertisements to promote phishing sites that impersonate Google Ads, tricking users into revealing their credentials. These fake ads lead victims to counterfeit login pages hosted on Google Sites, which closely mimic the official Google Ads interface. The attackers, operating from various regions, aim to steal accounts for resale and further malicious activities.…
Read More
Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes
Summary: A new malvertising campaign is targeting Google Ads users by phishing for their credentials through fraudulent ads. The attackers aim to steal advertiser accounts and use the stolen credentials to perpetuate further scams. The campaign has been active since at least mid-November 2024 and employs sophisticated techniques to evade detection.…
Read More
North Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake Domains
Summary: Cybersecurity researchers have uncovered links between North Korean threat actors involved in fraudulent IT worker schemes and a 2016 crowdfunding scam. These actors have been infiltrating companies globally under false identities to generate revenue for North Korea, while also being connected to previous scams. Recent findings highlight the evolution of their tactics and the ongoing threat they pose in cyberspace, particularly in cryptocurrency thefts.…
Read More
Illicit HuiOne Telegram Market Surpasses Hydra, Hits Billion in Crypto Transactions
Summary: HuiOne Guarantee has emerged as the largest online illicit marketplace, surpassing Hydra with over $24 billion in cryptocurrency transactions. The platform is linked to various criminal activities, including money laundering and human trafficking, and has connections to organized crime groups globally.

Threat Actor: HuiOne Guarantee | HuiOne Guarantee Victim: Global online users | online users

Key Point :

HuiOne Guarantee has received at least $24 billion in cryptocurrency, significantly more than the defunct Hydra marketplace.…
Read More
The Breach Report: My Top Picks from Christmas, January 12, 2025
In the latest cybersecurity incidents, various platforms faced significant breaches and hacks, including Litecoin and Foresight Ventures on Twitter, a vulnerability in Ivanti’s products, and a cyberattack on Russia’s oil sector by Ukraine. Additionally, Japan Airlines experienced flight disruptions due to a cyberattack, while the International Civil Aviation Organization revealed a massive data breach.…
Read More
This article discusses several recent cybersecurity threats, including vulnerabilities in Windows LDAP and Ivanti products, as well as various malware and phishing attacks targeting users and organizations. Affected: Windows, Ivanti, Chrome, Redis

Keypoints :

Windows LDAP vulnerability (CVE-2024-49113) allows unauthenticated attackers to cause denial of service or information disclosure.…
Read More
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
Summary: This week’s cybersecurity recap highlights critical vulnerabilities, ongoing exploits, and legal actions against threat actors, emphasizing the importance of proactive security measures. Staying informed about these threats and implementing protective strategies is essential for individuals and organizations alike.

Threat Actor: UNC5337 | UNC5337 Victim: Ivanti | Ivanti

Key Point :

A critical vulnerability in Ivanti Connect Secure appliances has been exploited as a zero-day, allowing for remote code execution.…
Read More
RST TI Report Digest: January 13, 2025
This week’s threat intelligence report from RST Cloud highlights significant cyber threats from various actors, including the Chinese state-sponsored group RedDelta targeting Mongolia, Taiwan, and Southeast Asia, as well as the emergence of new malware like Banshee and the Gayfemboy botnet. The report summarizes key findings from 29 threat intelligence reports, detailing tactics, techniques, and procedures (TTPs) used in these attacks, and includes numerous indicators of compromise (IoCs).…
Read More
WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Summary: Cybersecurity researchers have identified a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into database tables, allowing attackers to capture sensitive payment information. This campaign also includes phishing tactics and novel techniques to exploit Web3 wallet features for cryptocurrency theft.…
Read More
Phishing Scam Targets Job Seekers with XMRig Cryptominer
Summary: A phishing campaign impersonating CrowdStrike is distributing a cryptocurrency miner disguised as a CRM application, targeting job applicants. Additionally, a fake proof-of-concept for a Microsoft security flaw is being used to lure security researchers into downloading malware.

Threat Actor: Unknown | unknown Victim: CrowdStrike | CrowdStrike

Key Point :

The phishing email claims recipients have been shortlisted for a junior developer role, prompting them to download a malicious CRM tool.…
Read More
Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
Summary: A phishing campaign has been uncovered that impersonates CrowdStrike’s recruitment branding to distribute a cryptominer disguised as a “CRM application.” Victims are tricked into downloading malware that exploits their system resources for cryptocurrency mining.

Threat Actor: Unknown | unknown Victim: Job seekers | job seekers

Key Point :

The phishing email mimics CrowdStrike’s recruitment process to lure victims.…
Read More
Cybersecurity News Review Week 2
This article discusses recent significant developments in cybersecurity, including vulnerabilities in Ivanti products, phishing scams, data exposure issues, and new government initiatives aimed at improving cyber resilience. Affected: Ivanti Connect Secure, CrowdStrike, Motorola ALPR, Gmail, WordPress, CISA, UK Government

Keypoints :

Ivanti disclosed two high-severity vulnerabilities (CVE-2025–0282, CVE-2025–0283) affecting its products.…
Read More