Cybersecurity

In the Market for a New Car? Beware Not to Get on the Phishing Bandwagon

In an earlier post, we looked at how cybersquatters took advantage of the popularity of seven car manufacturers to lure unwitting victims to fake sites. Since then, we were alerted to a phishing campaign this time targeting several German car dealers via age-old but still effective phishing.

Blurring the Lines between APTs and Cybercrime: Cobalt Mirage Uses Ransomware to Target U.S. Organizations

In the past, security experts typically made a distinction between a cybercrime and an advanced persistent threat (APT). While cybercrime focused on obtaining financial gain, APTs trailed their sights on specific organizations, often to steal nation-state secrets.

Online Shopping Danger? 13K+ Cybersquatting Properties of Top E-Commerce Sites Discovered

AliExpress is among the most visited business-to-customer (B2C) e-commerce sites globally, with millions of visitors daily. Therefore, a recent cybersquatting campaign targeting the platform could lure many victims into buying counterfeit products, divulging their login credentials, downloading malware, and many other actions that could jeopardize their data and devices.

A Look into New Cybersquatting and Phishing Domains Targeting Facebook, Instagram, and WhatsApp

When Facebook changed its parent company name to Meta in October 2021, we detected more than 5,500 newly registered domains (NRDs) a week after the announcement. In more recent news, a judge dismissed the company's cybersquatting and trademark infringement case against Namecheap.

Beware of Frappo and Related Cybersquatting Domains

There's a new phishing-as-a-service (PaaS) solution in town, and it's called "Frappo." This new phishing toolkit enabled threat actors to launch impersonation attacks on at least 19 companies in the financial, entertainment, and telecommunications industries.

Cardano Joins the List of Favored Crypto Scam Targets

Twitter was recently abuzz with news regarding an ongoing Cardano scam via a downloadable phishing app. Posing as a giveaway promo, which is how cybercriminals have frequently been victimzing cryptocurrency owners these days, users who get tricked into downloading the rogue app end up with stolen credentials instead.

These DeFi Domains Might Be Risky to Investors

Non-fungible token (NFT) companies like Dapper Labs and Yuga Labs were recently seen performing defensive domain registration. While this strategy is only a part of a broader brand protection program, large companies in other industries implement it as well.

Website Defacement: Age-Old but Still Works as Ongoing Campaigns Show

Threat actors the world over have long been employing website defacement as a tactic to further their political, environmental, or even personal agenda. They essentially replace the content of target sites to display their messages through various means, including SQL injection, cross-site scripting (XSS), and other initial compromise techniques.

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection

It is quite natural to get prompts from software manufacturers saying you need to update your installed apps every so often for better security or to fix bugs. But you should know, too, that threat actors often use program update notifications as malware distribution vehicles.

Behind the Bylines of Fake News and Disinformation Pages

Fake news and disinformation have been significant issues for some time now, even urging the U.S. government to push back against proliferators who, some opine, do the malicious deed for political or financial gain. Amid this scenario, many have begun doubting what's real and what's not on the Web not just in the U.S. but worldwide.