Trustwave has reported a new scheme in which threat actors are using the popular Facebook Messenger platform to steal Facebook login credentials.

According to the report, the threat actors are using a phishing email to Facebook users that employs Meta’s Messenger chatbot feature. The message states that the user’s page will be terminated because the

Actor and comedian Seth Green, best known for creating Robot Chicken and portraying Dr. Evil’s son in the Austin Powers franchise, announced on Twitter last month that phishers stole his four “Bored Ape” NFTs. Let’s break down that mouthful: NFTs are a blockchain technology that creates indisputable ownership records that the art world has embraced

This week we learned that the email and social media marketing company Mailchimp suffered a data breach that allowed an intruder to view 319 Mailchimp accounts. According to multiple sources, audience data were accessed from 102 of those accounts.

It was reported that the threat actor was able to breach Mailchimp’s systems through social engineering

Phishing, Smishing, Vishing, and QRishing. All of these schemes continue to pose risk to organizations that needs to be assessed and addressed.

Vishing made a strong debut during the pandemic [view related post], and continues to be a scheme that is surprisingly successful.

This week, Morgan Stanley Wealth Management (in the wake of another

On August 25, 2021, the FBI issued a Flash Alert to warn companies, especially in the health care industry, about the proliferation of attacks by threat actors using Hive ransomware.

According to the Flash Alert, Hive was first observed in June 2021: “Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with

If you are an organization that uses Microsoft Office 365 as your email platform, be on the lookout for a new tricky phishing attack recently used by cyber criminals. Microsoft has issued an alert to its customers warning them of the new attack, which merits mention to your users.

The phishing scheme is designed to

On July 19, 2021, the Federal Bureau of Investigations issued a Private Industry Notification to service providers and “entities associated with the Tokyo 2020 Summer Olympics that cyber actors who wish to disrupt the event could use distributed denial of service (DDoS) attacks, ransomware, social engineering, phishing campaigns, or insider threats to block or disrupt

I love seeing another win for law enforcement in the cyber context.

Servers and web domains owned by DoubleVPN, a virtual private network, were seized recently following a collaborative law enforcement effort involving the Dutch National Police, the FBI, Europol, and the U.K.’s National Crime Agency.

DoubleVPN is a security tool that has been used