A recent research has shown that various tracking, marketing and analytics companies have collected the of users who fill out web forms before their responses are sent and without prior consent. For this research, by experts from Radbound University and the University of Lausanne, we looked at how web forms on 100,000 popular websites manage the data received on their forms. In this project, the team developed software capable of measuring the collection of email data and passwords from web forms. In case you don’t remember, a web form is an input box through which users of a website can enter ..read more

Cybersecurity specialists reported the detection of a new cyberattack method that would allow threat actors to deliver phishing emails inadvertently for security mechanisms, exploiting a key difference in the way inboxes and browsers read a URL. According to the report, presented by security firm Perception Point, malicious hackers should only create a link using the “@” symbol in the middle; while email security filters will interpret this symbol as a comment, for web browsers, this indicates a legitimate web domain. Consequently, emails arrive seamlessly in the inbox and, if a user clicks on ..read more

The Federal Bureau of Investigation (FBI) has deployed multiple operations against business email compromise (BEC) schemes, employed by threat actors primarily to divert legitimate bank transfers made between companies. The most recent of these special tasks was identified as Operation Eagle Sweep, deployed over three months and which led to the arrest of a total of 65 BEC suspects in the U.S. and foreign countries such as Nigeria, South Africa and Canada. This threat remains a severe risk to public and private organizations globally. According to the FBI’s Internet Crime Complaint Center (IC3 ..read more

Russia and Ukraine are fighting great battles in the streets, political forums and, of course, in cyberspace. Hacking groups and activists are acting for both sides seeking to wreak considerable damage in the country they consider rival using denial of service (DoS) attacks, malware infections and data theft campaigns. Recent reports indicate that some organizations in Europe have been receiving malicious emails sent from accounts apparently belonging to active members of Ukraine’s military, in what many have associated with a cybercriminal campaign deployed by the Russian military. Just a cou ..read more

In its latest security alert, the U.S. Federal Trade Commission (FTC) warned citizens that online romance scams increase sharply during Valentine’s Day, with scammers around the world posing as so-called “sugar daddy,” “sugar mommy” or “sugar baby” in order to trick victims and get easy money. As you may recall, a romance scam occurs when a user is contacted via email or social media platforms by a stranger who feigns a romantic interest in the potential victim, trying to gain their trust and employing all sorts of lies to obtain bank transfers, gift cards, and other benefits. Threat actors a ..read more

After a huge increase in phishing case reports, banks in Singapore will begin implementing a new set of security mechanisms, including removing all links attached to emails sent to their customers in the next two weeks. Among the new security measures are a delay of 12 hours before the activation of a new software token on a mobile device, notifications via email or SMS messages each time the client requests to change their contact details, and a new team dedicated exclusively to analyzing potential cases of electronic fraud. In addition, banking institutions will try to ensure that customers ..read more

This week the Australian and U.S. governments signed an agreement to make it easier for their justice departments to access phone numbers and related to judicial investigations. U.S. Attorney General Merrick Garland and Australian Home Affairs Minister Karen Andrews believe the deal will allow both countries quick access to electronic information vital to serious crime investigations. Under U.S. law, the agreement will allow telecommunications companies in the other country to be asked to access the electronic communications of some suspects, thus avoiding problematic court proceedings, workin ..read more

Researchers specializing in phishing campaigns detail the discovery of a new technique that allows threat actors to evade detection of these attacks, all thanks to the use of mathematical symbols in forged logos. This new method was detected during the investigation of a hacking campaign against some customers of the telecommunications firm Verizon, in which the attackers used a square root symbol (√) and other characters in the company’s logo in order to evade anti-spam mechanisms on the affected systems. According to experts, the company’s current logo employs an asymmetric “V” after the wor ..read more

In their latest research, Microsoft security teams detected a phishing campaign using more than 300,000 unique subdomains used in all sorts of attacks. The detection of these domains eventually led to the discovery of BulletProofLink, a phishing-as-a-service (PhaaS) platform dedicated to selling attack kits, email templates, hosting and other services for a relatively low price. Also known as BulletProftLink or Anthrax, this is the operation responsible for many of the most ambitious phishing campaigns recently detected, offering various cybercriminal groups access to their malicious resource ..read more

A representative of the U.S.-based optometric clinics chain Simon Eye confirmed that its security teams detected a data breach that could affect more than 140,000 users after a group of threat actors managed to access the of some employees during some days in middle-May. In this regard, the representative mentions that the threat actors tried unsuccessfully to make bank transfers from the company’s accounts, although he acknowledges that confidential records such as patient names, diagnoses and other details could have been compromised. The company added that other sensitive records of a very ..read more