#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

phishing page | Breaking Cybersecurity News | The Hacker News

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers

Nov 09, 2023 Endpoint Security / Malware
A new  malvertising campaign  has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. "This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and VNC Viewer as seen in its infrastructure (domain names) and cloaking templates used to avoid detection," Malwarebytes' Jérôme Segura  said . While malvertising campaigns are known to set up replica sites advertising widely-used software, the latest activity marks a deviation in that the website mimics WindowsReport[.]com. The goal is to trick unsuspecting users searching for CPU-Z on search engines like Google by serving malicious ads that, when clicked, redirect them to the fake portal (workspace-app[.]online). At the same time, users who are not the intended victims of the campaign are served an innocuous blog with different articles, a technique known a
Use iPhone as Physical Security Key to Protect Your Google Accounts

Use iPhone as Physical Security Key to Protect Your Google Accounts

Jan 16, 2020
Great news for iOS users! You can now use your iPhone or iPad, running iOS 10 or later, as a physical security key for securely logging into your Google account as part of the Advanced Protection Program for two-factor authentication. Android users have had this feature on their smartphones since last year, but now Apple product owners can also use this advanced, phishing-resistant form of authentication as an alternative to a physical security key. Adding extra security later of two-step authentication is one of the more essential steps you can take to secure your online accounts, which makes it harder for attackers to log in to your account, especially when they steal your password. "According to a study we [Google] released last year, people who exclusively used security keys to sign into their accounts never fell victim to targeted phishing attacks," said Shuvo Chatterjee, Product Manager at Google's Advanced Protection Program. Google recently update
Don't Fall For This Dangerously Convincing Ongoing Phishing Attack

Don't Fall For This Dangerously Convincing Ongoing Phishing Attack

Jan 16, 2017
Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim's Gmail account, and once they are in, they start rifling through inboxes to launch secondary attacks in order to pass on the attack. The hackers first look for an attachment that victims have previously sent to their contacts and a relevant subject from an actual sent email. Then the criminals will start gathering up contact email addresses, who become the new targets of the attackers. After finding one, the hackers create an image (screenshot) of that attachment and include it in reply to the sender with the same or similar subject for the email, invoking recognition and automatic trust. What makes this attack so effective is that the phishing emails come from someone the victim knows. This new Gmail phishi
cyber security

Instantly See How Much Time You Can Save by Automating Compliance

websiteVantaAutomate Compliance
Get an instant calculation of how much time you could save by automating compliance with Vanta.
Unpacking 2024's SaaS Threat Predictions

Unpacking 2024's SaaS Threat Predictions

Jun 05, 2024SaaS Security / Artificial Intelligence
Early in 2024, Wing Security released its State of SaaS Security report , offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security Posture Management (SSPM) solutions have prioritized mitigation capabilities to address many of these issues, ensuring security teams have the necessary tools to face these challenges head-on. In this article, we will revisit our predictions from earlier in the year, showcase real-world examples of these threats in action, and offer practical tips and best practices to help you prevent such incidents in the future. It's also worth noting the overall trend of an increasing frequency of breaches in today's dynamic SaaS landscape, leading organizations to demand timely threat alerts as a vital capability. Industry regulations with upcoming compliance deadlines are demanding similar time-sens
'Celebgate' Hacker Gets 18 Months in Prison for Hacking Celebrity Photos

'Celebgate' Hacker Gets 18 Months in Prison for Hacking Celebrity Photos

Oct 28, 2016
The hacker who stole photographs of female celebrities two years ago in a massive data breach — famous as " The Fappening " or "Celebgate" scandal — has finally been sentenced to 18 months in federal prison, authorities said on Thursday. 36-year-old Lancaster, Pennsylvania man Ryan Collins was arrested in March and charged with hacking into "at least 50 iCloud accounts and 72 Gmail accounts," most of which owned by Hollywood stars, including Jennifer Lawrence, Kim Kardashian, and Kate Upton. Now, a judge in Harrisburg, Pennsylvania, on Wednesday sentenced Collins to 18 months in federal prison after violating the Computer Fraud and Abuse Act. Here's How Collins Stole Celebrities' Photos Federal prosecutors said Collins ran phishing scheme between November 2012 and September 2014 and hijacked more than 100 people using fake emails disguised as official notifications from Google and Apple, asking victims for their account credentials.
Expert Insights
Cybersecurity Resources