Authorities apprehended four members of a fraudulent syndicate engaging in "Frankenstein" fraud, synthetic identity fraud. The suspects utilized valid IDs with authentic photos but filled with false information, deceiving banks into granting loans. The arrest occurred during an entrapment operation conducted by the NBI-Anti-Organized and Transnational Crime Division. The seized IDs displayed varying details such as names, birthdates, and addresses, shedding light on the elaborate nature of...

In recent revelations, a cybersecurity analysis has brought to light the nefarious activities of a Telegram bot known as Telekopye, utilized by threat actors, codenamed Neanderthals, to orchestrate large-scale phishing scams. ESET security researcher Radek Jizba delves into the functionality of Telekopye, explaining its capability to craft phishing websites, emails, SMS messages, and more. What adds an additional layer of sophistication to this...

The U.S. Federal Communications Commission (FCC) is taking decisive action to counteract the rising threat of SIM-swapping attacks and port-out fraud within cell phone account scams. These fraudulent activities expose consumers to risks such as unauthorized access to personal data and the compromise of sensitive information.

The new rules, initially proposed in July 2023, mandate wireless...

A faction within the well-known Lazarus Group, identified as Sapphire Sleet (also known as APT38, BlueNoroff, CageyChameleon, and CryptoCore), has recently established deceptive infrastructure mimicking skills assessment portals. Microsoft, which detected this activity, notes it as a notable shift in the persistent actor's tactics. 

Sapphire Sleet has a history of orchestrating...

Google has issued a warning regarding a potential threat wherein multiple actors are sharing a public proof-of-concept (PoC) exploit, known as the Google Calendar RAT (GCR). This tool utilizes Google Calendar Events within a Gmail account for command-and-control (C2) purposes. While it was first made public on GitHub in June 2023, it has not been observed in real-world usage as of yet. Nevertheless, Google's Mandiant threat intelligence unit has...

Google is expanding its Vulnerability Rewards Program (VRP) to reward researchers who uncover potential threats specific to generative artificial intelligence (AI) systems. This initiative aims to enhance AI safety and security by addressing concerns like unfair bias, model manipulation, and data misinterpretations associated with generative AI. The program covers various categories, including prompt injections, data leakage from training datasets,...

New information has surfaced regarding a malicious advertising campaign that exploits Google Ads to direct users searching for popular software to fake landing pages and distribute subsequent-stage malware.

Malwarebytes, the organization that uncovered this activity, noted its uniqueness in user fingerprinting and the distribution of time-sensitive payloads. This attack targets individuals...

The Android banking trojan, SpyNote, has been thoroughly examined to uncover its multifaceted data-gathering capabilities. Typically distributed through SMS phishing campaigns, this spyware tricks potential victims into installing it by luring them to click on embedded links. Once installed, SpyNote seeks invasive permissions to access call logs, the camera, SMS messages, and external storage. It excels at concealing its presence on the Android...

Google has made a significant stride in user security by implementing default passkeys for all its users. This move comes five months after the company initially rolled out support for the passwordless standard for Google Accounts, as advocated by the FIDO Alliance, across all platforms.

What this means is that the next time users log into their Google accounts, they will encounter prompts to...

There have been reports of dual ransomware attacks on US companies since July 2023. These attacks involve the use of two different ransomware strains, including AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal, in various combinations. It is unclear how widespread these attacks are, but they are believed to occur within a short timeframe, ranging from 48 hours to 10 days apart. It's important to be vigilant and take necessary...