Security News

This week, threat actors hijacked Bitcoin.org, the authentic website of the Bitcoin project, and altered its parts to push a cryptocurrency giveaway scam that unfortunately some users fell for. Bitcoin.org hacked to run 'double your money' scam.

" A scarily exploitable hole in Microsoft open source code. Memory lane: cool mobile devices from the pre-iPhone era.

A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks. Before you dismiss these scams, saying that no one falls for them, similar crypto scams have been hugely successful and have generated hundreds of thousands of dollars in the past.

An IT recruitment agency says a "Phishing scam" is behind a fake email sent to its customers with details on how to apply for a "Coronavirus Digital Passport." The email - sent to applicants and clients of Concept Resourcing, based in Dudley, England, on 14 September and seen by The Reg - claimed users could "Get your Digital Coronavirus Passports today" and showed recipients a big juicy link where they could do so.

The FBI warned today that a massive spike of online romance scams this year caused Americans to lose more than $113 million since the start of 2021. The scammers behind this type of online fraud trend - which can lead to significant financial losses and devastating emotional scars - use fake online identities to gain potential victims' trust on dating or social media platforms.

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections. The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

A former Army reservist was just sentenced to 46 months in prison and ordered to pay nearly $2 million in penalties and restitution, after pleading guilty to scamming dozens of people online, including the elderly and a veteran's organization for Marines. "Among the many victims of the internet scams facilitated by Joseph Asan Jr. were elderly women and men who were callously fooled into believing they were engaging online with potential romantic interests," Manhattan U.S. Attorney Audrey Strauss said.

An open redirect on a UK council-backed property website allowed low-level miscreants to evade filters. The website operated by tech services biz Civica had an open redirect being actively abused by spammers, piggybacking off the website's domain authority so their messages weren't flagged up by scanning tools.

The US Securities and Exchange Commission has warned investors to be "Extremely wary" of potential investment scams related to Hurricane Ida's aftermath. This alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues investor alerts to warn investors about the latest investment frauds and scams.

With Kanye West's latest album, "Donda," due out imminently, cybersecurity company Kaspersky has taken the time to investigate whether cybercriminals were taking advantage of the hype to spread malicious files, a la "Black Widow." It found that, while the number of scams wasn't huge, they do exist and take several different forms. In the case of Kanye's latest release, Kaspersky found fake downloads just like those found in the days immediately preceding the release of "Black Widow." Two particular adware files were named by Kaspersky, Download-File-KanyeWestDONDA320.