Information

19 Apr

eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe

Information

Video Almost 400 people in India and Pakistan have fallen victim to an ongoing Android espionage campaign called eXotic Visit 12 Apr 2024 Could your messaging app of choice have been authored by a threat actor known as Virtual Invaders? As described by ESET researchers this week, this is what happened to the victims of an ongoing and targeted Android espionage campaign called eXotic Visit that began in late 2021 and pose as messaging services.…

Read More
19 Apr

The ABCs of how online ads can impact children’s well-being

Information

Kids Online From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe. Imogen Byers 16 Apr 2024  •  , 5 min. read In today’s digital world, ads are practically unavoidable. From pop-up ads on your daily Wordle to sneaky affiliate posts on your favorite social media accounts, we are constantly bombarded with targeted marketing messages promoting products and services – and children are…

Read More
19 Apr

The many faces of impersonation fraud: Spot an imposter before it’s too late

Information

Scams What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be? Phil Muncaster 18 Apr 2024  •  , 5 min. read Our world is becoming more impersonal as it becomes more digital-centric. And because we can’t see the person or organization at the other end of an email, social media message or text, it’s easier for…

Read More
16 Apr

Who Stole 3.6M Tax Records from South Carolina?

Data Breaches, Information, Insights

For nearly a dozen years, residents of South Carolina have been kept in the dark by state and federal investigators over who was responsible for hacking into the state’s revenue department in 2012 and stealing tax and bank account information for 3.6 million people. The answer may no longer be a mystery: KrebsOnSecurity found compelling clues suggesting the intrusion was carried out by the same Russian hacking crew that stole of millions of payment card…

Read More
15 Apr

Crickets from Chirp Systems in Smart Lock Key Leak

Information, Insights

The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7,…

Read More
11 Apr

Why CISA is Warning CISOs About a Breach at Sisense

Data Breaches, Information, Insights

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening. New York City based…

Read More
10 Apr

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Information, Insights

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com, which until very recently rendered as fedex.com in tweets. The message displayed when one visits carfatwitter.com, which Twitter/X displayed as carfax.com in tweets and messages. A search at DomainTools.com…

Read More
09 Apr

April’s Patch Tuesday Brings Record Number of Fixes

Information, Insights

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software. Yes, you read that right. Microsoft today released updates to address 147 security holes…

Read More
04 Apr

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Information, Insights

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers. The real Privnote, at privnote.com. Launched…

Read More
03 Apr

‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Information, Insights

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called “The Manipulaters,” a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding…

Read More