Tag: SCAM

Phishing Scam Targets Job Seekers with XMRig Cryptominer
Summary: A phishing campaign impersonating CrowdStrike is distributing a cryptocurrency miner disguised as a CRM application, targeting job applicants. Additionally, a fake proof-of-concept for a Microsoft security flaw is being used to lure security researchers into downloading malware.

Threat Actor: Unknown | unknown Victim: CrowdStrike | CrowdStrike

Key Point :

The phishing email claims recipients have been shortlisted for a junior developer role, prompting them to download a malicious CRM tool.…
Read More
Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding
Summary: A phishing campaign has been uncovered that impersonates CrowdStrike’s recruitment branding to distribute a cryptominer disguised as a “CRM application.” Victims are tricked into downloading malware that exploits their system resources for cryptocurrency mining.

Threat Actor: Unknown | unknown Victim: Job seekers | job seekers

Key Point :

The phishing email mimics CrowdStrike’s recruitment process to lure victims.…
Read More
Cybersecurity News Review Week 2
This article discusses recent significant developments in cybersecurity, including vulnerabilities in Ivanti products, phishing scams, data exposure issues, and new government initiatives aimed at improving cyber resilience. Affected: Ivanti Connect Secure, CrowdStrike, Motorola ALPR, Gmail, WordPress, CISA, UK Government

Keypoints :

Ivanti disclosed two high-severity vulnerabilities (CVE-2025–0282, CVE-2025–0283) affecting its products.…
Read More
The Feed 2025-01-10

“`html

Check Point Research has identified a new version of the Banshee macOS stealer malware, which has been evading detection since September 2024. The malware targets macOS users, stealing sensitive information and utilizing an encryption algorithm similar to Apple’s XProtect. Despite the shutdown of its original operations after a code leak, Banshee continues to be distributed through phishing websites and malicious GitHub repositories.…
Read More
New PayPal Phishing Scam Bypasses Security Measures
Summary: A new sophisticated PayPal phishing tactic has emerged, which effectively bypasses traditional phishing detection methods, as detailed by Fortinet’s CISO, Carl Windsor. This attack tricks users into linking their accounts to attackers by using seemingly legitimate emails and URLs.

Threat Actor: Unknown | unknown Victim: Individuals using PayPal | PayPal

Key Point :

The phishing email appears legitimate, with a valid sender address and genuine-looking URL.…
Read More
Neglected Domains Used in Malspam to Evade SPF and DMARC Security Protections
Summary: Cybersecurity researchers have identified ongoing malspam campaigns where threat actors spoof sender email addresses, often using neglected domains to bypass security measures. These campaigns include phishing attempts and extortion schemes targeting various sectors, utilizing tactics like QR codes and impersonation of trusted brands.

Threat Actor: Muddling Meerkat | Muddling Meerkat Victim: Various sectors including legal, government, and construction | Various sectors

Key Point :

Threat actors are using old, neglected domains to spoof sender addresses and evade security checks.…
Read More
Cyber Briefing: January 7, 2025
This article discusses various recent cyber threats and incidents, including advanced backdoor attacks targeting AI models, data-stealing plugins, critical vulnerabilities in routers, and cyber espionage campaigns. It highlights the need for vigilance and updated security measures across multiple sectors. Affected Platform: Android, WordPress, Discord, various routers, telecommunications companies

Keypoints :

BARWM is a new backdoor attack method targeting deep learning models on mobile devices.…
Read More
Report: Scammers Drain 0M From Crypto Wallets in a Year
Summary: In 2024, victims lost nearly $500 million due to wallet drainer attacks, marking a significant increase in thefts from crypto wallets. The report highlights the evolving tactics of cybercriminals and the importance of security awareness in the Web3 space.

Threat Actor: Wallet Drainers | wallet drainers Victim: Crypto Users | crypto users

Key Point :

Victims lost approximately $494 million from wallet drainers in 2024, a 67% increase from the previous year.…
Read More

Summary: In 2024, cyber threats targeting SaaS platforms surged dramatically, with significant increases in password attacks and phishing attempts resulting in billions in losses. Security teams must prioritize risk assessments and adopt monitoring tools to defend against evolving threats from notable cybercriminals.

Threat Actor: ShinyHunters | ShinyHunters Victim: Snowflake | Snowflake

Key Point :

ShinyHunters exploited a misconfiguration to breach over 165 organizations, emphasizing the importance of proper security measures.…
Read More

Summary: Recent developments in cybersecurity reveal significant vulnerabilities in trusted software like browser extensions and voice assistants, exposing sensitive user data to malicious actors. This week’s focus highlights the ongoing risks associated with digital convenience and the importance of vigilance in online activities.

Threat Actor: Flax Typhoon (Chinese state-sponsored) | Flax Typhoon Victim: Cyberhaven | Cyberhaven

Key Point :

Dozens of Google Chrome extensions were found stealing sensitive data from 2.6 million devices.…
Read More

Summary: In 2024, scammers executed wallet drainer attacks resulting in $494 million in losses, primarily targeting Ethereum wallets. Despite a modest increase in the number of victims, the average loss per victim rose significantly, highlighting the growing sophistication of phishing tactics in the cryptocurrency space.

Threat Actor: Scammers | scammers Victim: Cryptocurrency Users | cryptocurrency users

Key Point :

Scammers stole $494 million from over 300,000 wallet addresses, marking a 67% increase from 2023.…
Read More