News is breaking that delivery firm Yodel, is suffering from a cyber-attack disrupting their services. The full nature of the attack is still unclear, although prominent cyber security expert Kevin Beaumont has suggested the attack was caused by ransomware.
ISBuzz Team
Cybersecurity researchers at Proofpoint have today released their 2022 Social Engineering report, which analyses the key trends and techniques of socially engineered cyber threats observed over the past year. The report reveals how popular and trusted services such as Google Drive and Discord are frequently abused by threat actors to convince victims; how Proofpoint sees millions of messages directing people to make phone calls as part of their attacks; and why techniques like thread hijacking can be so effective. The report also found that threat actors are holding extended conversations with their intended victims to build trust. The report references…
A flaw in the popular fitness app Strava has recently allowed threat actors to uncover the location and movements of Israeli officials at secret bases. The full story can be read here: https://www.bbc.co.uk/news/world-middle-east-61879383 FakeReporter, an Israeli group that combats malicious online activity, reported that a suspicious user named “Ez Shehl” had exploited these functions to upload fake GPS data to create route segments inside secret facilities associated with Israel’s military.
Flagstar Bank, a Michigan-based financial services provider and one of the largest banks in the United States, has disclosed a data breach impacting 1.5 million customers.
Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. The identified resources in one of the malicious campaigns impersonate various services appearing to be legitimately created on the “azurefd.net” domain – This allows the bad actors to trick users and spread phishing content to intercept credentials from business applications and e-mail accounts. Notably, most phishing resources were designed to target SendGrid, Docusign and Amazon customers.
Following the news that: 93% of Kubernetes users struggle with security 2022 state of Kubernetes security report (redhat.com)
Derived from News Release Summary: The U.S. DOJ, together with law enforcement partners in Germany, the Netherlands and the United Kingdom, have dismantled the infrastructure of a Russian botnet known as RSOCKS which hacked millions of computers and other electronic devices around the world. the RSOCKS botnet, operated by Russian cybercriminals, comprised millions of hacked devices worldwide.The botnet initially targeted Internet of Things (IoT) devices, then expanded into additional types of devices, including Android devices and conventional computers.the RSOCKS botnet offered access to IP addresses assigned to hacked devices.Cybercriminals could navigate to a web-based “storefront” which allowed the customer to…
CNBC – SAN FRANCISCO — Fraudsters who exploit LinkedIn to lure users into cryptocurrency investment schemes pose a “significant threat” to the platform and consumers, according to Sean Ragan, the FBI’s special agent in charge of the San Francisco and Sacramento, California, field offices. “It’s a significant threat,” Ragan said in an exclusive interview. “This type of fraudulent activity is significant, and there are many potential victims, and there are many past and current victims.” The scheme works like this: A fraudster posing as a professional creates a fake profile and reaches out to a LinkedIn user. The scammer starts…
As reported by Security Brief, a two-month-long investigation by INTERPOL between March and May this year involved 76 countries and clamped down on organised crime groups behind telecommunications and social engineering scams. INTERPOL says police in participating countries raided national call centres suspected of telecommunications or scamming fraud, particularly telephone deception, romance scams, email deception, and connected financial crime. Preliminary figures reached so far include: 1,770 locations raided worldwide3,000 suspects identified2,000 operators, fraudsters and money launderers arrested4,000 bank accounts frozenUSD $50 million worth of illicit funds intercepted
As reported by Neowin, couple of weeks ago, people started noticing that apps such as Outlook, Thunderbird, and other email clients started prompting them for their Google passwords. When they would re-enter their Google password, it would get rejected saying it was incorrect. Google started locking down its email service and how it connects to third-party email clients, finally retiring “less secure apps”. When enabled, it allowed you to use your main Google email address and password to sign into an email client, weakening the overall security of your Google account. You can still use Google on third-party apps, but…