Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings

Techdirt: Phishing Attacks On WordPress Site Owners Disguised As Copyright Infringement Warnings. “What makes this so devious is that, though the public has somewhat learned to filter out the common email phishing attempts, disguising all of this as a copyright infringement issue pointed at website owners is likely to ensnare more people than a common phish attempt.”

The Block: How a fake job offer took down the world’s most popular crypto game

The Block: How a fake job offer took down the world’s most popular crypto game. “Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. While the US government later tied the incident to North Korean hacking group Lazarus, full details of how the exploit was carried out have not been disclosed.”

Bleeping Computer: OpenSea discloses data breach, warns users of phishing attacks

Bleeping Computer: OpenSea discloses data breach, warns users of phishing attacks. “OpenSea, the largest non-fungible token (NFT) marketplace, disclosed a data breach on Wednesday and warned users of phishing attacks that could target them in the coming days. The online NFT marketplace says it has more than 600,000 users and a transaction volume that surpassed $20 billion.”

Engadget: Bored Ape Yacht Club’s Instagram compromised in $2.4 million NFT phishing scam

Engadget: Bored Ape Yacht Club’s Instagram compromised in $2.4 million NFT phishing scam. “Bored Ape Yacht Club creator Yuga Labs is investigating a phishing attack after a hacker stole nearly $2.5 million worth of NFTs through the official Bored Ape Instagram account. The company disclosed the hack on Monday morning in a tweet warning followers not to click on links or mint new tokens.”

Bleeping Computer: Russian govt impersonators target telcos in phishing attacks

Bleeping Computer: Russian govt impersonators target telcos in phishing attacks. “A previously unknown and financially motivated hacking group is impersonating a Russian agency in a phishing campaign targeting entities in Eastern European countries. The phishing emails pretend to come from the Russian Government’s Federal Bailiffs Service and are written in the Russian language, with the recipients being telecommunication service providers and industrial firms in Lithuania, Estonia, and Russia.”

The Verge: Hackers breached Mailchimp to phish cryptocurrency wallets

The Verge: Hackers breached Mailchimp to phish cryptocurrency wallets. “Mailchimp, the veteran email marketing platform, has confirmed that hackers used an internal tool to steal data from more than 100 of its clients — with the data being used to mount phishing attacks on the users of cryptocurrency services. The breach was confirmed to the press by Mailchimp on Monday, but it had come to light over the weekend when users of the Trezor hardware cryptocurrency wallet reported being targeted by sophisticated phishing emails.”

CNN: Hackers tried to breach email accounts of election officials in 9 states, FBI says

CNN: Hackers tried to breach email accounts of election officials in 9 states, FBI says. “Unidentified hackers tried to breach the email accounts of election officials in nine states last October in an apparent ‘coordinated effort’ to target election officials, the FBI said Tuesday while asking election officials to be on guard for hacking attempts as the midterms approach.”

Ubergizmo: Fake Chrome Windows Make It Easier To Phish For Your Credentials

Ubergizmo: Fake Chrome Windows Make It Easier To Phish For Your Credentials. “One piece of advice that you usually hear and read to prevent yourself from being phished is to check the URL of the website you’re visiting. This is because if you’re trying to log into Facebook but the URL says something different, there is a very good chance that you’re being phished. You can also check URLs of popup windows used for single sign-ons like Google, Apple, Facebook, and so on, but thanks to security researcher mr.d0x, he has created a new Browser-in-the-Browser attack which in theory would let hackers recreate SSOs that display the ‘correct’ URL, thus fooling users into possibly handing over their login credentials.”

SecurityWeek: Meta Sues Two Nigerians Who Lured Facebook Users to Phishing Sites

SecurityWeek: Meta Sues Two Nigerians Who Lured Facebook Users to Phishing Sites. “Between March 2020 and October 2021, the social media giant says, the two individuals – Arafat Eniola Arowokoko and Arowokoko Afeez Opeyemi – lured Facebook and Instagram users to phishing websites in an attempt to harvest credentials and compromise their financial services accounts. To make sure they can perform the nefarious activities unhindered, the defendants employed a network of more than 800 fake Facebook and Instagram accounts.”

Ransomware and phishing: Google Drive will now warn you about suspicious files (ZDNet)

ZDNet: Ransomware and phishing: Google Drive will now warn you about suspicious files. “Users of the Google Drive file and syncing app will now start to see warning banners if they open a potentially dodgy file. The new alerts are rolling out to Workspace Google Drive users globally today and aim to help protect users and their organizations from malware, phishing and ransomware.”