Category: Infosec

FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims

Posted on by esimantiras

FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims

source: infosecurity-magazine.com | image: fbi.gov

 

The FBI has updated its alert about fake lawyers defrauding victims of cryptocurrency scams, adding due diligence measures to help victims.

The FBI’s Internet Crime Complaint Center (IC3) has previously warned that fraudsters were posing as lawyers from fictitious law firms and using social media and messaging services to defraud victims of cryptocurrency scams.

In this sophisticated scheme, the malicious actors target vulnerable populations, particularly the elderly, and offer to recover funds from a previous scam but instead steal personal information and sometimes money from them. Continue reading “FBI Shares Tips to Spot Fake Lawyer Schemes Targeting Crypto Scam Victims”

Have You Turned Off Your Virtual Oven?

Posted on by esimantiras

 

Have You Turned Off Your Virtual Oven?

sosurce: thehackernews.com  |  image: pixabay.com

 

You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse.

Your external-facing IT infrastructure deserves the same methodical attention. External Attack Surface Management (EASM) and Digital Risk Protection (DRP) tools provide that same peace of mind for your digital “home,” automating the everyday safety checks that prevent costly incidents. Continue reading “Have You Turned Off Your Virtual Oven?”

UK Arrests Four in ‘Scattered Spider’ Ransom Group

Posted on by esimantiras

UK Arrests Four in ‘Scattered Spider’ Ransom Group

source: krebsonsecurity.com  |  image: pexels.com

 

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multiple airlines. Continue reading “UK Arrests Four in ‘Scattered Spider’ Ransom Group”

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

Posted on by esimantiras

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

source: threatpost.com  |  image: pexels.com

 

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

Continue reading “Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms”

Secret comms in danger as Second Phone Number iOS app leaks user texts

Posted on by esimantiras

Secret comms in danger as Second Phone Number iOS app leaks user texts

source: cybernews.com  |  image: pexels.com

 

A virtual phone number iOS app with millions of downloads in the US has exposed its users’ data, including messages, media, and sender and recipient details.

While there are many reasons to have a virtual phone number, privacy is the most common. This is not lost on Second Phone Number app creators, as its App Store description starts with “Need a second phone number for private calls and texts?”

However, users expecting privacy are in for a surprise. The Cybernews research team has found that the popular iPhone app’s misconfigured Firebase instance exposed user details likely not meant for the outside world. Continue reading “Secret comms in danger as Second Phone Number iOS app leaks user texts”

Russia is upping hybrid attacks against Europe, Dutch intelligence says

Posted on by esimantiras

Russia is upping hybrid attacks against Europe, Dutch intelligence says

source: nbcnews.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” the director of the Dutch military intelligence agency said.

THE HAGUE, Netherlands — Russia is increasing its hybrid attacks aimed at undermining society in the Netherlands and its European allies, and Russian hackers have already targeted the Dutch public service, Dutch military intelligence agency MIVD said Tuesday.

“We see the Russian threat against Europe is increasing, including after a possible end to the war against Ukraine,” MIVD director Peter Reesink said in the agency’s annual report. Continue reading “Russia is upping hybrid attacks against Europe, Dutch intelligence says”

Critical Vulnerability Found in Canon Printer Drivers

Posted on by esimantiras

Critical Vulnerability Found in Canon Printer Drivers

source: securityweek.com  |  image: pixabay.com

Microsoft’s offensive security team has warned Canon about a critical vulnerability affecting some printer drivers. 

According to an advisory published last week by Canon, drivers associated with several production printers, office multifunction printers, and laser printers are affected by an out-of-bounds vulnerability. Continue reading “Critical Vulnerability Found in Canon Printer Drivers”

A New Era of Attacks on Encryption Is Starting to Heat Up

Posted on by esimantiras

A New Era of Attacks on Encryption Is Starting to Heat Up

source: wired.com  |  image: pixabay.com

 

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say.

OVER THE PAST decade, encrypted communication has become the norm for billions of people. Every day, Signal, iMessage, and WhatsApp keep billions of messages, photos, videos, and calls private by using end-to-end encryption by default—while Zoom, Discord, and various other services all have options to enable the protection. But despite the technology’s mainstream rise, long-standing threats to weaken encryption keep piling up.

Over the past few months, there has been a surge in government and law enforcement efforts that would effectively undermine encryption, privacy advocates and experts say, with some of the emerging threats being the most “blunt” and aggressive of those in recent memory. Officials in the UK, France, and Sweden have all made moves since the start of 2025 that could undermine or eliminate the protections of end-to-end encryption, adding to a multiyear European Union plan to scan private chats and Indian efforts that could damage encryption. Continue reading “A New Era of Attacks on Encryption Is Starting to Heat Up”

X is blocking links to Signal

Posted on by esimantiras

X is blocking links to Signal

source: theverge.com (contributed by FAN, Steve Page)  |  image: pexels.com

Users attempting to add their Signal.me URL to posts, DMs, and bio descriptions are being met with error messages.

X users are currently unable to post links to Signal.me, which are used to quickly and securely send direct messages to Signal users. A variety of failure notifications are being reported when X users attempt to post Signal links on the platform, some of which identify the blocked message as containing spam, harmful content, or malicious activity. Continue reading “X is blocking links to Signal”

We’re In for a Rude Awakening on Cybersecurity

Posted on by esimantiras

We’re In for a Rude Awakening on Cybersecurity

source: city-journal.org (contributed by FAN, Steve Page)  |  image: pexels.com

America remains ill-prepared for Chinese hackers targeting critical infrastructure.

It’s a crisis that almost no one is talking about. The Chinese Communist Party is now the world’s preeminent practitioner of cyber warfare. Once notoriously loud and clumsy, the CCP’s hackers have become stealthy and sophisticated. They’re intercepting the calls and texts of our leaders and infiltrating servers at our ports, power plants, and water-treatment facilities. Yet hardly anyone seems to care. When Congress held hearings on cybersecurity late last year, only a handful of journalists bothered to cover them. Continue reading “We’re In for a Rude Awakening on Cybersecurity”