Tag Archives: phishing

Russia takes unusual route to hack Starlink-connected devices in Ukraine

“Microsoft assesses that Secret Blizzard either used the Amadey malware as a service (MaaS) or accessed the Amadey command-and-control (C2) panels surreptitiously to download a PowerShell dropper on target devices,” Microsoft said. “The PowerShell dropper contained a Base64-encoded Amadey payload appended by code that invoked a request to Secret Blizzard C2 infrastructure.” The ultimate objective… Read More »

5 charged in “Scattered Spider,” one of the most profitable phishing scams ever

Prosecutors allege that the phishing attacks ran from at least September 2021 to April 2023. During that time, the defendants sent text messages to mobile phones of employees of the targeted companies that purported to come from the IT departments of their employers. The text messages often falsely warned that the employees’ accounts would be… Read More »

Ever wonder how crooks get the credentials to unlock stolen phones?

Getty Images reader comments 19 A coalition of law-enforcement agencies said it shut down a service that facilitated the unlocking of more than 1.2 million stolen or lost mobile phones so they could be used by someone other than their rightful owner. The service was part of iServer, a phishing-as-a-service platform that has been operating… Read More »

Novel technique allows malicious apps to escape iOS and Android guardrails

Getty Images reader comments 13 Phishers are using a novel technique to trick iOS and Android users into installing malicious apps that bypass safety guardrails built by both Apple and Google to prevent unauthorized apps. Both mobile operating systems employ mechanisms designed to help users steer clear of apps that steal their personal information, passwords,… Read More »

Google’s threat team confirms Iran targeting Trump, Biden, and Harris campaigns

Enlarge / Roger Stone, former adviser to Donald Trump’s presidential campaign, center, during the Republican National Convention (RNC) in Milwaukee on July 17, 2024. Getty Images reader comments 62 Google’s Threat Analysis Group confirmed Wednesday that they observed a threat actor backed by the Iranian government targeting Google accounts associated with US presidential campaigns, in… Read More »

“MFA Fatigue” attack targets iPhone owners with endless password reset prompts

Enlarge / They look like normal notifications, but opening an iPhone with one or more of these stacked up, you won’t be able to do much of anything until you tap “Allow” or “Don’t Allow.” And they’re right next to each other. Kevin Purdy reader comments 61 Human weaknesses are a rich target for phishing… Read More »

Deepfake scammer walks off with $25 million in first-of-its-kind AI heist

reader comments 48 On Sunday, a report from the South China Morning Post revealed a significant financial loss suffered by a multinational company’s Hong Kong office, amounting to HK$200 million (US$25.6 million), due to a sophisticated scam involving deepfake technology. The scam featured a digitally recreated version of the company’s chief financial officer, along with… Read More »

The growing abuse of QR codes in malware and payment scams prompts FTC warning

Enlarge / A woman scans a QR code in a café to see the menu online. reader comments 27 The US Federal Trade Commission has become the latest organization to warn against the growing use of QR codes in scams that attempt to take control of smartphones, make fraudulent charges, or obtain personal information. Short… Read More »

How China gets free intel on tech companies’ vulnerabilities

Wired staff; Getty Images reader comments 46 with For state-sponsored hacking operations, unpatched vulnerabilities are valuable ammunition. Intelligence agencies and militaries seize on hackable bugs when they’re revealed—exploiting them to carry out their campaigns of espionage or cyberwar—or spend millions to dig up new ones or to buy them in secret from the hacker gray… Read More »