phishing page | Breaking Cybersecurity News | The Hacker News

A new  malvertising campaign  has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection," Malwarebytes' Jérôme Segura  said . While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.]com. The goal is to trick unsuspecting users searching for CPU-Z on search engines like Google by serving malicious ads that, when clicked, redirect them to the fake portal (workspace-app[.]online). At the same time, users who are not the intended victims of the campaign are served an innocuous blog with different articles, a technique known a...

Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since last year, but now Apple product owners can also use this advanced, phishing-resistant form of authentication as an alternative to a physical security key. Adding extra security later of two-step authentication is one of the more essential steps you can take to secure your online accounts, which makes it harder for attackers to log in to your account, especially when they steal your password. "According to a study we [Google] released last year, people who exclusively used security keys to sign into their accounts never fell victim to targeted phishing attacks," said Shuvo Chatterjee, Product Manager at Google's Advanced Protection Program. Google recently update...

The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we'll focus on the device threat vector. The risk they pose is significant, which is why device management tools like Mobile Device Management (MDM) and Endpoint Detection and Response (EDR) are essential components of an organization's security infrastructure. However, relying solely on these tools to manage device risk actually creates a false sense of security. Instead of the blunt tools of device management, organizations are looking for solutions that deliver device trust . Device trust provides a comprehensive, risk-based approach to device security enforcement, closing the large gaps left behind by traditional device management solutions. Here are 5 of those limitations and how to ov...

Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim's Gmail account, and once they are in, they start rifling through inboxes to launch secondary attacks in order to pass on the attack. The hackers first look for an attachment that victims have previously sent to their contacts and a relevant subject from an actual sent email. Then the criminals will start gathering up contact email addresses, who become the new targets of the attackers. After finding one, the hackers create an image (screenshot) of that attachment and include it in reply to the sender with the same or similar subject for the email, invoking recognition and automatic trust. What makes this attack so effective is that the phishing emails come from someone the victim knows. This new Gmail phishi...

The hacker who stole photographs of female celebrities two years ago in a massive data breach — famous as " The Fappening " or "Celebgate" scandal — has finally been sentenced to 18 months in federal prison, authorities said on Thursday. 36-year-old Lancaster, Pennsylvania man Ryan Collins was arrested in March and charged with hacking into "at least 50 iCloud accounts and 72 Gmail accounts," most of which owned by Hollywood stars, including Jennifer Lawrence, Kim Kardashian, and Kate Upton. Now, a judge in Harrisburg, Pennsylvania, on Wednesday sentenced Collins to 18 months in federal prison after violating the Computer Fraud and Abuse Act. Here's How Collins Stole Celebrities' Photos Federal prosecutors said Collins ran phishing scheme between November 2012 and September 2014 and hijacked more than 100 people using fake emails disguised as official notifications from Google and Apple, asking victims for their account credentials. ...