August 25, 2023

Bleeping Computer: Google Workspace will require two admins to sign off on critical changes

Bleeping Computer: Google Workspace will require two admins to sign off on critical changes. “Google announced today new cybersecurity defense controls that will allow security teams to thwart social engineering attacks like phishing targeting Workspace users and prevent account takeover attempts. Prominently among these new capabilities is the ability to add an additional layer of protection that requires sensitive Google Workspace actions to be signed off by two admins.”

Security & Legal Issues 0
August 21, 2023

Krebs on Security: Karma Catches Up to Global Phishing Service 16Shop

Krebs on Security: Karma Catches Up to Global Phishing Service 16Shop. “The international police organization INTERPOL said last week it had shuttered the notorious 16Shop, a popular phishing-as-a-service platform launched in 2017 that made it simple for even complete novices to conduct complex and convincing phishing scams. INTERPOL said authorities in Indonesia arrested the 21-year-old proprietor and one of his alleged facilitators, and that a third suspect was apprehended in Japan.”

Security & Legal Issues 0
June 12, 2023

PsyPost: Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams

PsyPost: Younger, more extroverted, and more agreeable individuals are more vulnerable to email phishing scams. “New research published in Applied Cognitive Psychology suggests that the older you are, the less susceptible you are to phishing scams. In addition, highly extroverted and agreeable people are more susceptible to this style of cyber attack.”

Security & Legal Issues 0
November 30, 2022

El País: Cybercriminals take advantage of Twitter chaos to step up phishing campaigns

El País: Cybercriminals take advantage of Twitter chaos to step up phishing campaigns. “According to the US cybersecurity company Proofpoint, its researchers have observed a considerable increase in phishing campaigns. Specifically, the company said, cybercriminals are using account verification and the new Twitter Blue product as lures to steal Twitter credentials.”

Security & Legal Issues 0
September 24, 2022

News Australia: Older Aussies are exposed by shift to online banking

News Australia: Older Aussies are exposed by shift to online banking. “Data shows phishing attacks on senior Australians are on the rise in a big way, with the ACCC’s Scamwatch reporting Australians over 65 have lost more money to phishing scams this year than all other age groups combined – totalling over $6.5 million in the first eight months of the year. And that could just be the tip of the iceberg.”

Security & Legal Issues 0
September 17, 2022

Bleeping Computer: Death of Queen Elizabeth II exploited to steal Microsoft credentials

Bleeping Computer: Death of Queen Elizabeth II exploited to steal Microsoft credentials. “Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to sites that steal their Microsoft account credentials. Besides Microsoft account details, the attackers also attempt to steal their victims’ multi-factor authentication (MFA) codes to take over their accounts.”

Security & Legal Issues 0
August 30, 2022

Axios: Anatomy of a text message phishing scam

Axios: Anatomy of a text message phishing scam. “The growth of text-based phishing scams hit close to home for Axios last week when several employees got fake text messages claiming to be from company president and co-founder Roy Schwartz…. We dug into the recent campaign targeting Axios employees to learn more about how these scams operate — especially as reports about text message scams continue to outpace reports about email scams this year for the first time, per the Federal Trade Commission.”

Security & Legal Issues 0
August 18, 2022

Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts

Motherboard: How a Third-Party SMS Service Was Used to Take Over Signal Accounts. “Last week, hackers broke into the systems of Twilio, a cloud communications company that provides infrastructure to other companies to automate sending text messages to their users. By breaking into Twilio systems, hackers could have sent text messages to victims, and read their text messages as well. This potentially gave the hackers a chance to take over any victim’s accounts that were tied to their phone number on services that use Twilio. Crucially, Twilio provides text verification services for the encrypted messaging app Signal.”

Security & Legal Issues 0
August 17, 2022

Ars Technica: I’m a security reporter and got fooled by a blatant phish

Ars Technica: I’m a security reporter and got fooled by a blatant phish . “I also have long held the belief that phishers aren’t all that bright, else they’d rely on more technical means of breaching a target’s security. That gave me a sense of invincibility. The person behind the DM almost certainly relied on a script that either monitored new Twitter verifications or my timeline and swooped in almost immediately after the verification went into effect, probably with the use of an automated script. In retrospect, that’s an obvious thing for a phisher to do, but it hadn’t occurred to me before that someone would be this determined and resourceful.”

Security & Legal Issues 0
July 27, 2022

Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings

Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings. “What makes this so devious is that, though the public has somewhat learned to filter out the common email phishing attempts, disguising all of this as a copyright infringement issue pointed at website owners is likely to ensnare more people than a common phish attempt.”

Security & Legal Issues 0

The ResearchBuzz Firehose is regular RB content presented as individual posts.
For digest-type posts a couple of times a day, please visit ResearchBuzz.

Want to know how to best use the Firehose for content discovery?
Check out this handy article.

Get RB Firehose Via EMail

Enter your email address to subscribe to ResearchBuzz Firehose and get a firehose of new posts straight to your email.

Join 2,020 other subscribers

Recent Posts

Popular Posts

Latest ResearchBuzz Gizmos

Stephen’s Cloud Seeder
Search Mastodon Instances for Two Hashtags at a Time
Search Wikipedia for Mastodon Accounts with WMT
RSStodon v2
Mastodon Username Helper

Brought to you by Calishat.