Security News

Forget crypto spam accounts, Twitter's got another problem which involves bots and accounts promoting adult content and infiltrating Direct Messages and interactions on the platform. In a tweet, security research group, MalwareHunterTeam exposed multiple Twitter accounts that are spam bots injecting themselves within interactions in the form of likes.

Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. BleepingComputer confirmed the malicious campaign was live, and had targeted additional scholastic websites including that of the University of Michigan.

A recruitment business that sent out an eye watering 107 million spam emails is now nursing a £130,000 fine from Britain's data watchdog. "It's an issue many of us face - opening up our email inboxes and it being filled with emails we did not ask for or consent to," said Andy Curry, ICO head of investigations.

In what's a continuing assault on the open source ecosystem, over 15,000 spam packages have flooded the npm repository in an attempt to distribute phishing links. "The packages were created using automated processes, with project descriptions and auto-generated names that closely resembled one another," Checkmarx researcher Yehuda Gelb said in a Tuesday report.

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. This ongoing issue was confirmed by countless Outlook users who have reported that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

India's Telecom Regulatory Authority has announced a fresh crackdown on TXT spam - this time using artificial intelligence, after a previous blockchain-powered effort delivered mixed results. The TRAI's approach to managing spam - or Unsolicited Commercial Communication as it prefers to describe it - saw the regulator create a mandatory register of telemarketers and telecoms service providers, and require them to secure opt-ins from message recipients.

To get successful access to those cloud environments, the attackers have deployed credential stuffing attacks: They attempted to reuse valid credentials they obtained from other services or applications. Once all these steps were done, the attackers could easily access the malicious application, even in the case of a password change from the compromised administrator account.

Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. Cobalt Strike is a penetration testing suite that is frequently used by threat actors for lateral movement and to drop additional payloads.

Phishers, scammers and malware peddlers are ready to take advantage of the summer holiday season: According to Bitdefender security analysts, the deluge of travel-themed spam has started in March and is expected to reach its peak in June. Security analyst Alina Bizga told Help Net Security that they haven't seen any really sophisticated travel-themed scams, phishing or attempts at impersonating popular booking platforms as they have seen in the past, but that the summer holiday season is just starting.

A new wave of phishing campaigns has been observed spreading a previously documented malware called SVCReady. "The malware is notable for the unusual way it is delivered to target PCs - using shellcode hidden in the properties of Microsoft Office documents," Patrick Schläpfer, a threat analyst at HP, said in a technical write-up.