By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

An online black market offering cybercrime goods and services was found on Facebook, spreading over 74 groups and totaling around 385,000 members, according to a report by Cisco Talos security researchers. "The majority of these groups use fairly obvious group names, including 'Spam Professional,' 'Spammer & Hacker Professional,' 'Buy Cvv On THIS SHOP PAYMENT BY BTC,' and 'Facebook hack (Phishing),' says Cisco Talos. More to the point, the members of these Facebook groups sell, buy, and exchange anything from account credentials and phishing tools and services credit card info and fake IDs. "Others products and services were also promoted. We saw spammers offering access to large email lists, criminals offering assistance moving large amounts of cash, and sales of shell accounts at various organizations, including government," also said the Cisco Talos researchers. What's even more surprising is that it is very simple to find and join these cybercrime-focused Facebook groups, especially since Facebook's algorithms will automatically suggest joining similar groups from the same network designed to promote illegal cybercrime tools and services. While Cisco Talos first tried to take down the groups using the social network's abuse report feature, the security researchers had to eventually reach out to Facebook and disclosed their findings after their initial attempts weren't fully successful. This led to the eventual takedown of most of the Facebook groups involved in the virtual black market, but, as reported by Cisco Talos, new groups have been created and some of them are still active and need to be closed by the social network's security team. Read more on OUR FORUM.

A common phone call scam that people have been receiving states that your Social Security number is suspended for suspicious activity. It then prompts you to speak to a government agent in order to receive help resolving the issue. This scam has been going on for over a year, if not longer, and are robocalls that pretend to be from a government official who states that suspicious or fraudulent activity associated with your social security number has been detected. The robocall then prompts you to call back or speak to an agent in order to resolve the issue. As the FTC notes, Social Security numbers cannot be suspended, so any calls stating that they are is simply a scam. The attackers are just trying to trick you into providing your birth date, bank account numbers, social security numbers, and other sensitive information. "Thing is, Social Security numbers do not get suspended," the FTC states in an advisory. "This is just a variation of a government imposter scam that’s after your SSN, bank account number, or other personal information. In this variation of the scheme, the caller pretends to be protecting you from a scam while he’s trying to lure you into one." Visit OUR FORUM to read and hear the scam messages.

Microsoft today announced Windows 10 May 2019 Update, along with a new strategy for Windows Update release schedule and more transparency in this regards. Microsoft also officially announced the release date of the next feature update for Windows 10 and it won’t arrive this month. Windows 10 May 2019 Update comes with a series of improvements to Start menu, Action Center, Settings app and more. It also introduces a new Windows light theme experience, Windows Sandbox, and several other features. Windows 10 May 2019 Update is expected to begin rolling out for free to compatible devices in late May 2019. Insiders have been testing Windows 10 version 1903 over the last several months and the update is finally ready for the Release Preview Ring. After a month of testing with Release Preview Ring Insiders, the fully baked update will be ready for public consumption by the end of May. “I’m pleased to announce that the Windows 10 May 2019 Update will start to be available next week in the Release Preview Ring for those in the Windows Insider Program. We will begin broader availability in late May for commercial customers, users who choose the new May 2019 Update for their Windows 10 PC via “check for updates,” and customers whose devices are nearing the end of support on a given release,” Microsoft said in a blog post. Follow this and further releases on OUR FORUM.

Phishing campaigns, some launched as recently as March, aimed at stealing credentials from Verizon mobile customers by spoofing the company's support service. Being mobile-focused and using an identifier for an official service from Verizon is what prompted researchers to categorize it as sophisticated above average. The link delivering the phishing kit includes the abbreviation 'ecrm,' which Verizon uses as a sub-domain - ecrm.verizonwireless[.]com - for its Electronic Customer Relationship Management platform. Researchers at Lookout mobile security company noticed one such attack in late November 2018; another one occurred in February this year and the activity intensified in March when three waves were recorded in two consecutive days. Loaded on the desktop, the phishing page looks suspicious, but on mobile devices, it renders as if it were genuine and could easily fool the receiver into sending the attacker the login credentials (phone number or user ID, and password) for the Verizon account. "This kit targeted Verizon customers through malicious links masquerading as Verizon Customer Support. This shows that the attackers did their research," writes Jeremy Richards, a principal security researcher at Lookout. Verizon customers are constantly targeted by phishing campaigns and the company is perfectly aware of this. A page is available with variations of the fraud attempts to warn users to be on guard. Customers of AT&T have also been targeted in a phishing campaign that was active on Monday. Microsoft researchers found it via Windows Defender Advanced Threat Protection platform. For more including domain names visit OUR FORUM.

Cybersecurity is in a terrible state, possibly the worst it's ever been. Literally not a day goes by without another report of a security breach or a data spill or a hack spilling corporate secrets. There is plenty of blame to go around, of course. Let's start with the obvious ones, the crooks and scammers – from petty criminals to organized crime – who are able to extort us with ransomware or steal corporate data or our credit-card details with phishing attacks. Few police forces have the time, money and skill to catch these groups or bring them to justice. Then there are state-backed hackers who switch between espionage and cyber warfare – and the governments that either turn a blind eye to their activities or positively encourage them. Who else to blame? Perhaps the tech companies that are desperate to rush a new product to market to beat their rivals, and think that cutting corners on testing security is a good way to do it. And it's not just startups, either; witness the constant stream of security patches that flow from all the big tech companies every month, fixing problems with software that simply wasn't secure enough when it was sold. What about the enterprise? There are software patches for all of the most regularly abused software flaws, just as there was a patch for the flaw that allowed WannaCry to spread. And yet those flaws go unpatched because firms don't want to spend the time and money fixing those flaws and patching those systems. Follow up on OUR FORUM.

Those who remember earlier days of the internet are familiar with the “Nigerian Prince letter,” also known as the 419 scam. While that fraud typically runs from personal email accounts, another one uses an official Nigerian government website to host a phishing page for the DHL international courier service. Nigeria has a large culture of fraud, which is defined in the country's criminal code at number '419,' under Chapter 38: Obtaining Property by false pretenses; Cheating," but this is ridiculous. For over two weeks, the Nigerian National Assembly (NASS) site has been serving a fraudulent page that asks for DHL account credentials. This is just a landing location, most likely pushed through spam. The phishing resource is "u.php" and it is present on multiple legitimate websites that have been hacked to host it. We also found it on domains that look like they've been registered specifically for DHL phishing purposes. At the moment of writing, loading most of them triggered the "Deceptive site" warning in Chrome and Firefox, but not all of them have been indexed as unsafe, yet. Security researcher MalwareHunterTeam found the phishing page on the NASS website and noticed a history of malicious URLs available on the official domain. Read more on OUR FORUM.

 

GTranslate