FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims

Posted on August 15, 2025September 3, 2025 by esimantiras

FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims

source: infosecurity-magazine.com | image: fbi.gov

The FBI has updated its alert about fake lawyers defrauding victims of cryptocurrency scams, adding due diligence measures to help victims.

The FBI’s Internet Crime Complaint Center (IC3) has previously warned that fraudsters were posing as lawyers from fictitious law firms and using social media and messaging services to defraud victims of cryptocurrency scams.

In this sophisticated scheme, the malicious actors target vulnerable populations, particularly the elderly, and offer to recover funds from a previous scam but instead steal personal information and sometimes money from them. Continue reading “FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims” →

Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools

Posted on July 18, 2025July 14, 2025 by esimantiras

Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools

source: technewsworld.com | image: pexels.com

Unapproved use of ChatGPT and other generative AI tools is creating a growing cybersecurity blind spot for businesses. As employees adopt these technologies without proper oversight, they may inadvertently expose sensitive data — yet many managers still underestimate the risk and delay implementing third-party defenses.

This type of unsanctioned technology use, known as shadow IT, has long posed security challenges. Now, its AI-driven counterpart — shadow AI — is triggering new concerns among cybersecurity experts. Continue reading “Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools” →

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Posted on July 18, 2025July 14, 2025 by esimantiras

UK Arrests Four in ‘Scattered Spider’ Ransom Group

source: krebsonsecurity.com | image: pexels.com

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multiple airlines. Continue reading “UK Arrests Four in ‘Scattered Spider’ Ransom Group” →

McDonald’s AI Hiring Bot Exposed Millions…

Posted on July 18, 2025July 14, 2025 by esimantiras

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

source: wired.com | image: pexels.com

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

IF YOU WANT a job at McDonald’s today, there’s a good chance you’ll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions. Continue reading “McDonald’s AI Hiring Bot Exposed Millions…” →

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Posted on July 18, 2025July 14, 2025 by esimantiras

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

source: threatpost.com | image: pexels.com

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

Continue reading “Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms” →

TeleMessage has been hacked

Posted on May 16, 2025May 12, 2025 by esimantiras

TeleMessage, a modified Signal clone used by US government officials, has been hacked

source: techcrunch.com (contributed by FAN, Steve Page) | image: pexels.com

A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported.

TeleMessage came into the spotlight last week after it was reported that former U.S. national security adviser Mike Waltz was using TeleMessage’s modified version of Signal. Israel-based TeleMessage, owned by Smarsh, offers its clients a way to archive messages, including voice notes, from encrypted apps. Continue reading “TeleMessage has been hacked” →

Countries shore up their digital defenses…

Posted on May 2, 2025April 27, 2025 by esimantiras

Countries shore up their digital defenses as global tensions raise the threat of cyberwarfare

source: apnews.com | image: pexels.com

WASHINGTON (AP) — Hackers linked to Russia’s government launched a cyberattack last spring against municipal water plants in rural Texas. At one plant in Muleshoe, population 5,000, water began to overflow. Officials had to unplug the system and run the plant manually.

The hackers weren’t trying to taint the water supply. They didn’t ask for a ransom. Authorities determined the intrusion was designed to test the vulnerabilities of America’s public infrastructure. It was also a warning: In the 21st century, it takes more than oceans and an army to keep the United States safe.

A year later, countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes — and the chances that a cyberattack could cause significant economic damage, disrupt vital public systems, reveal sensitive business or government secrets, or even escalate into military confrontation. Continue reading “Countries shore up their digital defenses…” →

Russia is upping hybrid attacks against Europe, Dutch intelligence says

Posted on May 2, 2025April 27, 2025 by esimantiras

Russia is upping hybrid attacks against Europe, Dutch intelligence says

source: nbcnews.com (contributed by FAN, Steve Page) | image: pexels.com

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” the director of the Dutch military intelligence agency said.

THE HAGUE, Netherlands — Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service, Dutch military intelligence agency MIVD said Tuesday.

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” MIVD director Peter Reesink said in the agency’s annual report. Continue reading “Russia is upping hybrid attacks against Europe, Dutch intelligence says” →

Secret comms in danger as Second Phone Number iOS app leaks user texts

Posted on May 2, 2025April 27, 2025 by esimantiras

Secret comms in danger as Second Phone Number iOS app leaks user texts

source: cybernews.com | image: pexels.com

A virtual phone number iOS app with millions of downloads in the US has exposed its users’ data, including messages, media, and sender and recipient details.

While there are many reasons to have a virtual phone number, privacy is the most common. This is not lost on Second Phone Number app creators, as its App Store description starts with “Need a second phone number for private calls and texts?”

However, users expecting privacy are in for a surprise. The Cybernews research team has found that the popular iPhone app’s misconfigured Firebase instance exposed user details likely not meant for the outside world. Continue reading “Secret comms in danger as Second Phone Number iOS app leaks user texts” →

China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report

Posted on April 18, 2025April 12, 2025 by esimantiras

China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report

source: securityweek.com | image: pexels.com

In a secret meeting that took place late last year between Chinese and American officials, the former confirmed that China had conducted cyberattacks against US infrastructure as part of the campaign known as Volt Typhoon, according to The Wall Street Journal.

The meeting took place at a Geneva summit in December and involved members of the outgoing Biden administration. The US officials who were present were startled by China’s admission, people familiar with the matter told WSJ [paywalled article]. Continue reading “China Admitted to Volt Typhoon Cyberattacks on US Critical Infrastructure: Report” →