Security News > 2022 > January
A novel modular crypto-wallet stealing malware dubbed 'BHUNT' has been spotted targeting cryptocurrency wallet contents, passwords, and security phrases. The discovery and analysis of the new BHUNT malware come from Bitdefender, who shared their findings with Bleeping Computer before publishing.
A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.
The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a "Devastating" flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information, researchers have found. MY2022 is an app mandated for use by all attendees - including members of the press and athletes - of the 2022 Olympic Games in Beijing.
The US Federal Trade Commission and Department of Justice Antitrust Division are launching a joint public inquiry as a first step to modernising merger guidelines and preventing anticompetitive deals. FTC chair Lina Khan said it was time for a merger review because the number of global deals reached in 2021 was the highest ever recorded - at a whopping $5.8 trillion - with the DoJ receiving twice the number of merger filings as in 2020.
In coordination with the Nigerian Police Force, Interpol has arrested 11 individuals suspected of participating in an international BEC ring. BEC is a type of attack conducted via email involving the spear-phishing of certain company employees responsible for approving payments to contractors, suppliers, etc.
Over the past few weeks, I've seen a bunch of writing about what seems to be fake COVID-19 testing sites. It provides tests and testing supplies, software, personal protective equipment and marketing services - online and printed - to testing sites, said a person who was formerly associated with the Center for COVID Control.
Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor, Inky's researchers have warned. Tricks used by the phishers to grab business email credentials.
A new phishing campaign is targeting aspiring government vendors with an invitation to bid on various fake federal projects with the U.S. Department of Labor. The phishing lure email texts claim that the DoL is soliciting bids for "Ongoing government projects," and included a.PDF file attached with government branding.
A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials. The phishing campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites impersonating the government agency.
Cybersecurity company Cynet puts this in perspective in a new eBook, The Guide for Threat Visibility for Lean IT Security Teams - link to this. Improving threat visibility is the first step to improving all aspects of cybersecurity.