A new phishing tool called GoIssue is being used to target GitHub users with fake emails designed to steal login details. The tool, created by a hacker known as cyberdluffy, collects email addresses from public GitHub profiles and sends mass emails that look legitimate, tricking users into sharing their personal information or giving access to their code. Priced as low as $150, GoIssue allows attackers to reach many people at once, increasing the chances of success.

In some cases, these fake emails ask developers to approve dangerous requests that could steal their code or lock them out, demanding a ransom. This attack is part of a growing trend where scammers use trusted platforms to fool people. Experts recommend GitHub users stay cautious, use strong security features like two-factor authentication, and avoid clicking on unfamiliar links or approving unknown requests.

Source: November 13, 2024 19:09 (on 11/14/24) |  0 | 1 minute read

Regularly monitor your bank and credit card transactions, paying attention to even small, unfamiliar charges, as cybercriminals often test stolen card details with low-value transactions. Set up transaction alerts with your financial institution to get notified of any activity in real time. Catching these suspicious charges early can help prevent larger financial losses and protect your accounts from further fraud.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Fake job ads can install malware, leading to data theft.

Mitigation Steps:

• Verify Job Ads: Ensure they're from legitimate companies.
• Avoid Downloads: Don't download files from suspicious sources.
• Use Security Software: Keep antivirus updated.
• Enable Two-Factor Authentication: Add extra security to accounts.
• Report Suspicious Ads: Notify the platform immediately.

Stay cautious and protect your data.

To secure your e-wallet, enable Two-Factor Authentication (2FA) and use a strong, unique password. Regularly monitor transactions for unusual activity, be wary of phishing attempts, and keep your app updated. Always log out after use, especially on shared devices, and consider changing your MPIN periodically. Remember, e-wallets don’t offer the same security as banks, so avoid storing large amounts of money in your account. Taking these steps will help protect your digital funds. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Be cautious with videos, images and audio online, as they can be fake or manipulated. Do not immediately believe what you see or hear, always fact-check sensitive content, especially when it involves money or important decisions. Don’t act without confirmation, use trusted sources or tools to verify what you see and hear before taking action.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Treat text messages with the same caution as emails, especially those related to e-wallet companies. Scammers often impersonate trusted services to steal your information. Always verify the sender and avoid clicking on links or sharing personal details. Stay vigilant against phishing and fraud, even in messages that appear to be from familiar sources. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Cybercriminals use fake websites and scams to steal usernames and passwords, often selling them online. To protect yourself, always verify the website is secure, look for https:// and a padlock symbol, use a password manager for strong, unique passwords, and enable two-factor authentication (2FA) to add an extra layer of security.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

A new strain of Android banking malware called ToxicPanda has infected over 1,500 Android devices, enabling cybercriminals to carry out fraudulent banking transactions.

According to researchers Michele Roviello, Alessandro Strino, and Federico Valentini from Cleafy, the main goal of ToxicPanda is to steal money by taking over bank accounts on compromised devices. This is done using a method known as on-device fraud (ODF), where the malware bypasses security measures banks use to verify users' identities and detect suspicious activities.

The researchers believe ToxicPanda is likely created by a Chinese-speaking hacker group. The malware shares similarities with another Android malware called TgToxic, which was discovered by Trend Micro in early 2023. TgToxic can steal credentials and funds from cryptocurrency wallets, showing a similar pattern of attack.

Source: November 6, 2024 16:32 (on 11/7/24) |  0 | 1 minute read

Keep track of end-of-life dates for your software and systems, as they will no longer receive security updates after that point. Transitioning to supported versions ensures you maintain robust security against vulnerabilities. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Video files can hide serious risks. Cybercriminals may embed malicious code or links, leading to harmful downloads or suspicious apps that compromise your device’s security.

Do's:

• Download from trusted sites.
• Scan files with antivirus software.
• Keep OS and apps updated.
• Be cautious of unusual formats or large files.

Avoid:

• Ignoring security warnings.
• Clicking on unsolicited links.
• Installing apps from unknown sources.
• Opening files from unknown senders without checking.