Security News

Data breach of NFT marketplace OpenSea may expose customers to phishing attacks. The breach was caused by an employee at Customer.io, the email delivery vendor for OpenSea.

An employee of OpenSea's email delivery vendor Customer.io "Misused" their access to download and share OpenSea users' and newsletter subscribers' email addresses "With an unauthorized external party," Head of Security Cory Hardman warned on Wednesday. "If you have shared your email with OpenSea in the past, you should assume you were impacted," Hardman continued.

Have you ever found phishing emails confusing? You aren't alone. Kaspersky found as part of its Security Awareness Platform and phishing simulator data the emails that users find the most difficult to understand when it comes to attempted phishing attacks.

OpenSea, the largest non-fungible token marketplace, disclosed a data breach on Wednesday and warned users of phishing attacks that could target them in the coming days. The company's Head Of Security, Cory Hardman, said that an employee of Customer.io, the platform's email delivery vendor, downloaded email addresses belonging to OpenSea users and newsletter subscribers.

The Ukrainian cyberpolice force arrested nine members of a criminal group that operated over 400 phishing websites crafted to appear like legitimate EU portals offering financial assistance to Ukrainians. The threat actors used forms on the site to steal visitors' payment card data and online banking account credentials and perform fraudulent, unauthorized transactions like moving funds to accounts under their control.

The latest APWG's Phishing Activity Trends Report reveals that in the first quarter of 2022 there were 1,025,968 total phishing attacks-the worst quarter for phishing observed to date. This quarter was the first time the three-month total has exceeded one million.

Resecurity, Inc. has identified a spike in phishing content delivered via Azure Front Door, a cloud CDN service provided by Microsoft. According to experts, such tactics confirm how the bad actors are continuously looking to enhance their tactics and procedures to avoid phishing detection using world-known cloud services.

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.

A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases. The phishing email, appearing to be sent from MetaMask support, spoofs a Know Your Customer verification request and features convincing branding and no typos or other obvious scam giveaways.

Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering. Dutch police haven't ruled out additional arrests.