TMT BEC scammers arrested after compromising 50,000 companies

Following a year-long investigation led by Interpol, three members of a prolific cybergang with a confirmed victim count of about 50,000 organizations have been arrested recently in Lagos, Nigeria. The suspects are likely part of a larger organized group involved in business email compromise (BEC) attacks since at least 2017. Around 500,000 orgs targeted Cybersecurity … Continue reading TMT BEC scammers arrested after compromising 50,000 companies

FBI warns of recently registered domains spoofing its sites

The U.S. Federal Bureau of Investigation (FBI) is warning the general public of the risks behind recently registered FBI-related domains that spoof some of the federal law enforcement agency's official websites. The warning comes in the form of a public service announcement issued through the FBI's Internet Crime Complaint Center (IC3) earlier today. "The Federal … Continue reading FBI warns of recently registered domains spoofing its sites

Hacked Security Software Used in Novel South Korean Supply-Chain Attack

Lazarus Group is believed to be behind a spate of attacks that leverage stolen digital certificates tied to browser software that secures communication with government and financial websites in South Korea. The Lazarus cybercriminal group is using a novel supply-chain attack against visitors to websites operated by the South Korean government and financial firms, in … Continue reading Hacked Security Software Used in Novel South Korean Supply-Chain Attack

The North Face website suffered a credential stuffing attack

Retail giant The North Face has reset the passwords for some of its customers in response to a successful credential stuffing attack. Outdoor retail giant The North Face has forced a password reset for a number of its customers following a successful credential stuffing attack that took place on October 8th and 9th. Credential stuffing … Continue reading The North Face website suffered a credential stuffing attack

New tool lets attackers easily create reply-chain phishing emails

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. By slipping content in the normal email flow, the utility can help bypass protections that verify messages traveling to their destination mail server. Lowering … Continue reading New tool lets attackers easily create reply-chain phishing emails