Security News

Microsoft is warning of a coronavirus themed malware distribution campaign with a bit of a twist. We're tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros.

Edison Mail, a popular third-party email app, has warned thousands of iOS users that their emails may have been compromised after a security flaw exposed emails to complete strangers. Several Edison Mail users took to Twitter to complain that they were seeing up to 100 unread email messages from strangers' accounts under their own Edison Mail inboxes.

Another "Package delivery notification" scam. Delivery scams often entice you by telling you what cool "Item" is on its way, such as a mobile phone that someone is sending you as a gift.

Phishing emails typically try to ensnare their victims by impersonating well-known companies, brands, products, and other items used by a lot of people. The phishing email itself tries to look legitimate by copying the content and images of real emails from DocuSign.

BEC attacks are targeted at businesses that do a lot of invoicing or wire transfers, with the goal of scamming them using social engineering into sending money to attackers. BEC attacks can use malware to gain access to computers used by invoice approvers and other financial decision-makers and use their credentials to wire themselves money, as well as harvest other kinds of personal information for use in other scams.

Adult live-streaming site CAM4 has spilt millions of users' private chats, emails, names, email addresses, sexual preferences, password hashes, IP addresses and more. A streaming site for amateurs to watch live, explicit performances, it offers customers the ability to buy virtual tokens if they want to tip performers or watch private shows.

Twenty years have passed since cybercrooks demonstrated the role exploiting human psychology could play in spreading malware. While not the first worm to cause a headache for computer users, it was the first to truly demonstrate the potential role of social engineering online.

Most people often still have only two email addresses, one for work and a personal address, and they are often sitting targets for spammers, scammers and nuisance emailers in the digital equivalent of 'we know where you live'. When a form requires your email address, click the relay button to give an alias instead. We will forward emails from the alias to your real inbox.

Phishers are using fake Microsoft Teams notification emails to trick users into sharing their Microsoft Teams and Office 365 login credentials. "Should the recipient fall victim to this attack, this user's credentials would be compromised. Additionally, since Microsoft Teams is linked to Microsoft Office 365, the attacker may have access to other information available with the user's Microsoft credentials via single-sign on," Abnormal Security warns.

Short-video biz Quibi, airline JetBlue, shopping site Wish, and several other companies leaked million of people's email addresses to ad-tracking and analytics firms through HTTP request headers, it is claimed. Netizens using web browsers that prioritize defenses against ad tracking, such as Brave, Firefox, and Safari, or who have installed suitable privacy extensions in other browsers, may have avoided having their email addresses spirited away.