Security News

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections. The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

A former Army reservist was just sentenced to 46 months in prison and ordered to pay nearly $2 million in penalties and restitution, after pleading guilty to scamming dozens of people online, including the elderly and a veteran's organization for Marines. "Among the many victims of the internet scams facilitated by Joseph Asan Jr. were elderly women and men who were callously fooled into believing they were engaging online with potential romantic interests," Manhattan U.S. Attorney Audrey Strauss said.

An open redirect on a UK council-backed property website allowed low-level miscreants to evade filters. The website operated by tech services biz Civica had an open redirect being actively abused by spammers, piggybacking off the website's domain authority so their messages weren't flagged up by scanning tools.

The US Securities and Exchange Commission has warned investors to be "Extremely wary" of potential investment scams related to Hurricane Ida's aftermath. This alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues investor alerts to warn investors about the latest investment frauds and scams.

With Kanye West's latest album, "Donda," due out imminently, cybersecurity company Kaspersky has taken the time to investigate whether cybercriminals were taking advantage of the hype to spread malicious files, a la "Black Widow." It found that, while the number of scams wasn't huge, they do exist and take several different forms. In the case of Kanye's latest release, Kaspersky found fake downloads just like those found in the days immediately preceding the release of "Black Widow." Two particular adware files were named by Kaspersky, Download-File-KanyeWestDONDA320.

Atlas VPN analyzed financial hacks over the last two-and-a-half years and found that DeFi hacks represent 76% of all major hacks for the first half of 2021.The problem has jumped from basically zero dollars lost to DeFi hacks in 2019 to $129 million in 2020 and $361 million in the first half of this year.

An IoT bug that could be exploited for video snooping and more. A hacker steals $600m and then makes a song and dance out of giving it back.

Kaspersky has been busily tracking cryptocurrency scams since the beginning of 2021, and is now reporting its findings, chief among them that this year's scams are incredibly detailed, putting even computer-savvy individuals at risk. Kaspersky said it has detected more than 1,500 different scams aimed at cryptocurrency investors and miners operating in the first half of 2021.

Scammers are now targeting people who have filed for unemployment insurance through a phishing campaign designed to capture sensitive information. In a warning posted on Wednesday, the FTC warned of a new series of deceptive text messages and emails that lead you to websites spoofing your state's workforce agency.

In a new report, Proofpoint details how the group TA456, associated with the Iranian Revolutionary Guard, invested years in developing the false profile of a fantasy woman named Marcella Flores, an impossibly shiny haired aerobics instructor from the U.K., to rein in unsuspecting targets. Starting about eight months ago, Proofpoint found TA456 used the Marcella Flores profile to slowly build a relationship with someone who worked for a subsidiary of an aerospace defense contractor in the U.S. Over the months, Marcella shared many emails, pictures and even a video to build trust.