K
Kathleen Martin
Guest
Cybercriminals have developed different avenues for trying to access personal information. You will often hear that they have breached servers to steal information, perhaps through technical means such as exploiting a security vulnerability.
But one of the most common methods cybercriminals deploy to gather personal data is through phishing attacks. Cybercriminals will deploy many different types of malicious email techniques to coerce potential victims into handing over anything from account credentials and payments, to actual data points, such as dates of birth and address.
Phishing scheme seeks out Verified Twitter users
What we know: Unknown threat actors have begun posing as Twitter Verified, the platform the social media company uses to determine whether an account meets the threshold for a blue check mark. Verified Twitter users have reported receiving phishing emails asking them to click on a link to address issues with their accounts, or else they will be suspended from the platform.
Once clicking on the “Check notifications” button in the email, users are then asked to enter their credentials twice. After entering the credentials, a phishing kit will reset the user’s password, after which a page will prompt the victim to enter a login verification code, which the hacker will use to complete the process and lock the victim out of their account. From there, cybercriminals may spread scams and malware to other Twitter users under their name.
Recommendations: First, it’s important to note that Twitter, nor any other organization for that matter, will ever send you a message asking for your credentials. If you receive any message of that nature, it’s best to delete it immediately. Also, be on the lookout for other hallmarks of a phishing scheme, including messages that contain a call to action with a sense of urgency, misspellings or are from senders that you do not recognize.
Vulnerability leaves millions of IoT devices, routers at risk
What we know: A recently discovered vulnerability leaves millions of internet-of-things devices and routers at risk. Researchers at Nozomi Networks said the flaw leaves the devices open to DNS poisoning attacks, which gives cybercriminals the ability to redirect victims to malicious websites or servers they control, rather than their intended location. The vulnerability may be present in devices manufactured by popular router vendors, including Netgear, Axis and Linksys.
Recommendations: Currently, there is no patch in circulation to address this vulnerability, but the stakeholders involved are working to develop one as quickly as possible. If you have a device from one of the vendors listed, or are concerned you may have a vulnerable device, keep your eyes open for the patch once it’s released. While you can attempt to update the device yourself, it’s highly recommended that you allow an IT professional to perform the task to ensure that you are protected.
Continue reading: https://securityboulevard.com/2022/05/phishing-scheme-targets-verified-twitter-users-vulnerability-leaves-millions-of-routers-iot-devices-at-risk/
But one of the most common methods cybercriminals deploy to gather personal data is through phishing attacks. Cybercriminals will deploy many different types of malicious email techniques to coerce potential victims into handing over anything from account credentials and payments, to actual data points, such as dates of birth and address.
Phishing scheme seeks out Verified Twitter users
What we know: Unknown threat actors have begun posing as Twitter Verified, the platform the social media company uses to determine whether an account meets the threshold for a blue check mark. Verified Twitter users have reported receiving phishing emails asking them to click on a link to address issues with their accounts, or else they will be suspended from the platform.
Once clicking on the “Check notifications” button in the email, users are then asked to enter their credentials twice. After entering the credentials, a phishing kit will reset the user’s password, after which a page will prompt the victim to enter a login verification code, which the hacker will use to complete the process and lock the victim out of their account. From there, cybercriminals may spread scams and malware to other Twitter users under their name.
Recommendations: First, it’s important to note that Twitter, nor any other organization for that matter, will ever send you a message asking for your credentials. If you receive any message of that nature, it’s best to delete it immediately. Also, be on the lookout for other hallmarks of a phishing scheme, including messages that contain a call to action with a sense of urgency, misspellings or are from senders that you do not recognize.
Vulnerability leaves millions of IoT devices, routers at risk
What we know: A recently discovered vulnerability leaves millions of internet-of-things devices and routers at risk. Researchers at Nozomi Networks said the flaw leaves the devices open to DNS poisoning attacks, which gives cybercriminals the ability to redirect victims to malicious websites or servers they control, rather than their intended location. The vulnerability may be present in devices manufactured by popular router vendors, including Netgear, Axis and Linksys.
Recommendations: Currently, there is no patch in circulation to address this vulnerability, but the stakeholders involved are working to develop one as quickly as possible. If you have a device from one of the vendors listed, or are concerned you may have a vulnerable device, keep your eyes open for the patch once it’s released. While you can attempt to update the device yourself, it’s highly recommended that you allow an IT professional to perform the task to ensure that you are protected.
Continue reading: https://securityboulevard.com/2022/05/phishing-scheme-targets-verified-twitter-users-vulnerability-leaves-millions-of-routers-iot-devices-at-risk/
