Security News

Microsoft has warned of emerging threats in the Web3 landscape, including "Ice phishing" campaigns, as a surge in adoption of blockchain and DeFi technologies emphasizes the need to build security into the decentralized web while it's still in its early stages. The company's Microsoft 365 Defender Research Team called out various new avenues through which malicious actors may attempt to trick cryptocurrency users into giving up their private cryptographic keys and carry out unauthorized fund transfers.

Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining. Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.

Just since Feb. 1, analysts have watched phishing email attacks impersonating LinkedIn surge 232 percent, attempting to trick job seekers into giving up their credentials. The phishing emails themselves were convincing dupes, built in HTML templates with the LinkedIn logo, colors and icons, the report added.

Meta has filed a joint lawsuit with Chime, a financial technology and digital banking company, against two Nigerian individuals who allegedly used Instagram and Facebook accounts to impersonate Chime and target its users in phishing attacks. The two defendants, Arafat Eniola Arowokoko and Arowokoko Afeez Opeyemi, presumably used a network of at least five Facebook accounts and over 800 Instagram accounts to impersonate the fintech company, attempting to take over customers' accounts.

The Medusa Android banking Trojan is seeing increased infection rates as it targets more geographic regions to steal online credentials and perform financial fraud. Today, researchers at ThreatFabric have published a new report detailing the latest tricks employed by the Medusa malware and how it continues to evolve with new features.

February 2022 Patch Tuesday forecast: A rough start for 2022January 2022 Patch Tuesday was a rough one for Microsoft - and us. Samba bug may allow code execution as root on Linux machines, NAS devicesA critical vulnerability in Samba, a widely used open source implementation of the Server Message Block networking protocol, could allow attackers to execute arbitrary code as root on affected Samba installations.

The increased use of multi-factor authentication has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. Proofpoint researchers have flagged three such phishing kits: Modlishka, Muraena/Necrobrowser, and Evilginx2.

More and more phishing kits are focusing on bypassing multi-factor authentication methods, researchers have warned - typically by stealing authentication tokens via a man-in-the-middle attack. According to an analysis from Proofpoint, MFA-bypass phishing kits are proliferating rapidly, "Ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, Social Security numbers and credit-card numbers."

Then we had two-factor authentication - and now Proofpoint reckons criminals online are able to start bypassing them with transparent reverse proxies. In a blog post Proofpoint said it sees "Numerous MFA phishing kits ranging from simple open-source kits with human readable code and no-frills functionality to sophisticated kits utilizing numerous layers of obfuscation and built-in modules that allow for stealing usernames, passwords, MFA tokens, social security numbers and credit card numbers."

Accounting and tax software provider Intuit has notified customers of an ongoing phishing campaign impersonating the company and trying to lure victims with fake warnings that their accounts have been suspended. Intuit's alert follows reports received from customers who were emailed and told that their Intuit accounts were disabled following a recent server security upgrade.