A phishing campaign by an actor group has been spotted taking advantage of the increasing interest of the security community in the Flipper Zero tool, a multi-functional portable cybersecurity tool. They are creating fake shops to fool security experts into giving up their personal details and cryptocurrency is nothing new.
Besides email, hackers are now shifting toward other delivery methods such as video conferencing platforms, workforce messaging apps, cloud-based file-sharing platforms, and SMSs. Hackers are actively using multi-stage cloud phishing techniques that combine traditional phishing with second-phase or even third-phase actions.
Research by Emsisoft revealed that ransomware attacks in 2022 affected 105 counties, 45 school districts, 44 universities, and 24 healthcare providers in the U.S. Overall, the number of incidents and the overall impact was more than that observed in 2021. Organizations are encouraged to implement the recommendations from CISA and the FBI to stay safe.
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server.
While the agencies emphasized that banks are not discouraged from providing services to crypto-asset customers, they said it is vital the risks related to this sector “that cannot be mitigated or controlled do not migrate to the banking systems.”
Five Guys appears to have started informing customers on December 29, when it also notified state authorities about the incident. The exposed information includes names, Social Security numbers, and driver’s license numbers.
Xiaoqing Zheng, 59, of Niskayuna, New York, was convicted of conspiracy to commit economic espionage, after a four-week jury trial that ended in March last year, according to the Department of Justice (DoJ).
Slack suffered a security incident over the holidays affecting some of its private GitHub repositories. The incident involves threat actors gaining access to its externally hosted GitHub repositories via a “limited” number of stolen employee tokens.
The NIST has published the final version of its guidance on applying the Cybersecurity Framework to the ground segment of space operations, specifically satellite command and control.
Cybersecurity solutions provider Fortinet this week announced patches for several vulnerabilities across its product portfolio and informed customers about a high-severity command injection bug in FortiADC.