Security News

Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes, according to a public service announcement issued today by the Federal Bureau of Investigation. In cryptocurrency scams, the fraudsters will approach victims via dating platforms, messaging apps, or social media platforms to build trust and introduce them to an investment scheme that will eventually allow them to empty the targets' crypto wallets.

Phishing attempts targeting victims in the Middle East increased 100 percent last month in the lead up to the World Cup in Qatar, according to security shop Trellix. Trellix's phishing net also caught emails spoofing Snoonu, the official food delivery partner of the World Cup, that offered fake free match tickets and contained a malicious xlsm attachment.

As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap. Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates.

Telegram messaging has taken a pivotal role in the ongoing conflict between Russia and Ukraine, as it is being massively used by hacktivists and cybercriminals alike. According to a report from cybersecurity company Check Point, the number of Telegram groups has increased sixfold since February 24 and some of them, dedicated to certain topics, have ballooned in size, in some cases counting more than 250,000 members.

The attacks, which lead to 2FA defeat and account takeover, have accelerated by several hundred percent in one year, leading to thousands of drained bank accounts. SIM-swapping - the practice of duping mobile carriers into switching a target's phone services to an attacker-controlled phone - is on the rise, the Feds are warning - leading to millions in losses for consumers who found their bank accounts drained and other accounts taken over.

Zerodium has jacked up its offering price for Microsoft Outlook zero-day exploits. "We are temporarily increasing our payout for Microsoft Outlook RCEs from $250,000 to $400,000. We are looking for zero-click exploits leading to remote code execution when receiving/downloading emails in Outlook, without requiring any user interaction such as reading the malicious email message or opening an attachment. Exploits relying on opening/reading an email may be acquired for a lower reward." -Zerodium.

Outseer has published its latest quarterly Fraud & Payments report, confirming a troubling and massive spike in worldwide brand abuse attacks. According to the report, brand abuse attacks have continued to dominate fraud actor tactics, growing 274% in Q3 2021 annually and comprising 45% of all attacks detected and investigated.

With millions of Log4j-targeted attacks clocking in per hour since the flaw's discovery last month, there's been a record-breaking peak of 925 cyberattacks a week per organization, globally. The number comes out of a Monday report from Check Point Research, which found Log4Shell attacks to be a major contributor to a 50-percent increase year-over-year in overall attacks per week on corporate networks for 2021.

A fake Walmart press release stating that the retail chain would begin accepting Litecoin caused the cryptocurrency to jump by almost 35% this morning. The fake Walmart press release [archive] was released this morning at 9:30 AM and included made-up quotes from Walmart's CEO Doug McMillon and Litecoin creator Charlie Lee about the partnership.

The FBI Internet Crime Complaint Center has warned of a massive increase in sextortion complaints since the start of 2021, resulting in total financial losses of more than $8 million until the end of July. The federal agency received over 16,000 sextortion complaints until July 31, almost half of them coming from victims in the 20-39 age group.