Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems.

Don’t Fall for It: Hackers Pounce on CrowdStrike Outage With Phishing Emails | PCMag

Banks and health-care providers saw their services disrupted and TV broadcasters went offline as businesses worldwide grappled with the ongoing outage. Air travel has been hit hard, too, with planes grounded and services delayed.

What Is Bitcoin Mining? How to Prevent Bitcoin Scams? | Fortinet

Some companies pretend to provide mining services using a bitcoin mining cloud. They take your money but never mine any bitcoin for you. People often fall for the scam because they want to get their hands on the bitcoin cryptocurrency, and while there are legitimate services out there, some are fraudulent.

Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks

“These compromised accounts serve as valuable resources, enabling the group to enhance the credibility and effectiveness of their spear-phishing efforts, establish persistence within targeted organizations, and evade detection by blending in with legitimate network traffic.”

‘This happens frequently,’ AARP Alabama warns of Venmo, Cash App scams

Scammers are using payments apps, like Venmo and Cash App, to swipe innocent people’s money. AARP Alabama says there are multiple mobile payment scams going around right now, and one scam takes place directly in your app.

Warning! Most Cloud Mining Platforms Are Scams – Brave New Coin

‘Cloud mining’ schemes are among the most prevalent forms of crypto fraud. While there may be legitimate platforms, Brave New Coin’s research over several years has not identified any cloud mining operations that weren’t fraudulent. In this article, BNC profiles several dubious operations—many of which are still active—and provides a practical guide for recognizing potential crypto-cloud mining scams.

Hackers are using Facebook ads to infect Windows PCs with password-stealing malware — how to stay safe | Tom’s Guide

Clicking on one of these fake ads takes potential victims to malicious sites hosted on Google Sites or True Hosting which appear to be download pages for the themes or software advertised on Facebook. These sites have a download button that when clicked, downloads a ZIP file with a name that matches the product advertised online.

Six Types of Social Engineering Attacks

Some examples of social engineering attacks include phishing, pretexting, scareware, baiting, vishing, smishing and CEO fraud. If you are unsure what qualifies as social engineering, imagine how many ways someone can manipulate you to reveal private information. Threat actors use these psychological techniques, both in person and online, to gain access to your personal or organizational information. These bad actors can install malware on your device, steal your information and even take your identity.

Best Practices For Pen Testing

Threat actors are leaping over traditional barriers with ease, demanding sharper defenses for our widening attack surfaces. They are constantly on the move, probing IT infrastructure to identify vulnerable systems – including unpatched endpoints, network misconfigurations, unsecured APIs, and long-forgotten cloud permissions. Keeping up with network changes and closing these security gaps is a never-ending, manual endeavor that saps IT resources, time, and morale. The result: unnecessary security risk. After all, you can’t secure what you don’t know about. 

How to Identify and Protect Against Phishing Attacks

Data brokers collect your personal information from various sources and compile detailed profiles. That’s why cybercriminals love data brokers. They hoard your info from everywhere: public records (voter rolls, property ownership), online stuff (browsing history, social media profiles, newsletter signups), and even commercial sources (loyalty programs, purchases). This intel helps them craft compelling and realistic phishing scams or impersonate you or trusted sources to steal private info or money.