Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label 2FA. Show all posts
TaxSeason
2FA Cybersecurity Data Breach GoogleAds OTP phishing QuickBooks Scam TaxSeason

Cybercriminals Target QuickBooks Users with Phishing Attacks via Google Ads Ahead of Tax Deadline

 

With the April 15 U.S. tax deadline looming, millions of users are logging in to manage their finances online—unfortunately, cybercriminals are watching too. Leveraging this surge in digital activity, attackers are exploiting trusted platforms like Google to deceive users of Intuit’s QuickBooks.

By purchasing top Google Ads placements, hackers are directing users to authentic-looking but fraudulent login pages. These fake portals are designed to steal crucial information including usernames, passwords, and even one-time passcodes (OTPs)—granting criminals access to victims’ financial data needed for filing taxes.

Understanding how this scam works is the first step toward staying safe. Phishing scams targeting accounting software are nothing new. Fraudulent support calls and infected software downloads—often traced to large-scale operations in India and nearby regions—have long been tactics in the scammer playbook.

Late last year, security experts uncovered a malicious QuickBooks installer that prompted users to call a fake support number through a deceptive pop-up.

This new scam is even more concerning. Instead of malware, attackers are now going straight for login credentials. The scam begins with a simple Google search. An ad mimicking Intuit’s branding for “QuickBooks Online” leads users to a convincing fake website.
  • Domain Name: QUICCKBOORKS-ACCCOUNTING.COM
  • Registrar URL: https://www.hostinger.com
  • Creation Date: 2025-04-07T01:44:46Z
The phishing site mirrors the actual QuickBooks login portal. Once users enter their credentials, the information is harvested in real-time and sent to cybercriminals.

"Passwords alone offer a limited level of security because they can be easily guessed, stolen through phishing, or compromised in data breaches. It is highly recommended to enhance account protection by enabling a second form of authentication like one-time passcodes sent to your device or utilizing a 2FA app for an extra layer of verification."

However, even two-factor authentication (2FA) and OTPs are being targeted. Modern phishing kits use advanced tactics like “man-in-the-middle” or “adversary-in-the-middle” (AiTM) attacks to intercept this second layer of protection.

As users unknowingly submit both their password and OTP to a fake login page, the information is relayed instantly to the attacker—who uses it before the code expires.

Cybercriminals ramp up efforts during tax season, banking on urgency and the volume of financial activity to catch users off guard. Their tools? Deceptive Google ads that closely resemble legitimate QuickBooks links. These reroute users to cloned websites that can collect sensitive data—or even install malware.

While 2FA and OTPs still offer critical protection against many threats, they must be used on verified platforms to be effective. If you land on a malicious site, even the best security tools can be bypassed.
Read more »
SaaS Ransomware
2FA Cyber crimes Operational Technology Ransomware SaaS Ransomware

Ransomware Attacks Are Increasing— How Hackers Are Adapting

 



Cybercriminals are finding new ways to launch ransomware attacks, and recent reports show a major increase in these incidents. The latest warning from security experts highlights how hackers are evolving their tactics, making these threats more dangerous than ever.  


Ransomware Attacks Have Risen Sharply  

The number of ransomware attacks has grown in early 2025, with reports showing a 132% increase compared to late 2024. At the same time, a specific type of scam known as deepfake phishing—where AI is used to trick people into giving away sensitive information—has surged by more than 1,600%. These scams often lead to ransomware infections, as hackers use them to gain access to private systems.  

Although many organizations have improved their cybersecurity measures, hackers are adapting. Cybercriminals are focusing on new methods to steal information, including bypassing two-factor authentication (2FA). In many cases, they intercept security codes or hijack login sessions, allowing them to enter accounts without needing passwords.  


Hackers Are Targeting More Systems  

A growing concern is that cybercriminals are now attacking systems that control important operations, such as industrial machines and corporate networks. These systems, known as operational technology (OT) environments, are becoming frequent targets for ransomware groups.  

Security researchers from Ontinue warn that cybercriminals are not just trying to lock files and demand payments— they are using artificial intelligence (AI) and legitimate tools to break into networks without being detected. Instead of relying solely on traditional phishing emails, hackers now interact with IT staff, tricking them into sharing confidential details that can be used for future attacks.  


Ransom Payments Are Declining— But The Threat Isn’t  

One positive trend is that fewer companies are paying ransom demands. Recent studies show that overall payments have dropped by 35%. This is partly due to stronger law enforcement efforts, international cooperation, and organizations refusing to give in to extortion.  

However, experts warn that this might not last. Cybercriminals are constantly adjusting their methods. Instead of just encrypting files, many ransomware groups now steal sensitive data and threaten to leak it unless victims pay up. Some hackers even demand multiple payments—one to prevent data from being leaked, another to unlock encrypted files, and sometimes an additional ransom for other threats.  


The Future of Ransomware Attacks  

Security professionals are seeing a shift in how ransomware works. Hackers are no longer just sending out mass phishing emails. They are carefully studying security systems, looking for vulnerabilities, and even using software-as-a-service (SaaS) platforms to deliver attacks.  

Experts recommend that businesses and individuals take extra precautions. Strengthening cybersecurity defenses, keeping software updated, and being cautious of unexpected emails or messages can help prevent falling victim to these evolving threats.

Read more »
threat report
2FA Cyber Attacks Phishing Campaign Roman Encryption threat report

Roman Encryption Employed In Nearly 9K Phishing Attacks

 

Unpredictability is a hallmark of cybersecurity work. I doubt you expected to read an article linking Julius Caesar, the ancient Roman ruler, to almost a million phishing attacks so far in 2025. But, here we are. The phishing threat continues to grow, motivated by the lure of disseminating infostealer malware and exemplified by more sophisticated efforts, as the FBI has warned. 

The majority of cybercriminals involved in phishing assaults are not malicious coding experts; rather, they are what you might refer to as low-level chancers, with little expertise but high aspirations for a lucrative payout. Phishing-as-a-service platforms, which eliminate the need for all that bothersome technical expertise, aid them in this evil undertaking. According to recently published research, Tycoon 2FA is the most popular of these platforms and that's where Julius Caesar comes in.

It should come as no surprise that phishing is a persistent menace to both consumers and organisations. These are no longer the simple "you've won the Canadian lottery" or "I'm a Nigerian Prince and want to give you money" hoaxes of the past, but, thanks to AI, they've become much more difficult to detect and, as a result, much tougher to resist. As previously stated, the use of phishing-as-a-service platforms to accelerate attack formulation and deployment is especially problematic. 

Barracuda Networks security researchers released a report on March 19 outlining a whopping one million attacks in January and February alone. This figure becomes even more concerning when you consider that one platform, Tycoon 2FA, accounted for 89% of them. 

Nuch of this seems to be recent, with an outbreak in the middle of February, according to Deerendra Prasad, an associate threat analyst in Barracuda Network's threat analyst team, who stated that an investigation "revealed that the platform has continued to develop and enhance its evasive mechanisms, becoming even harder to detect.”

The malicious scripts used to prevent defenders from analysing the phishing pages have been updated to help evade discovery, Prasad said. The new script is not in plain text, but—wait for it—encrypted using a shifting substitution cipher. Indeed, there is something called a Caesar Cipher. This works by replacing every plaintext letter in a string with another that is a specified number of letters down the alphabet. 

To be honest, it's about as simple as it gets, because decrypting such messages requires only the shift number. It is named after Julius Caesar, who was known to use encryption to keep his personal communication private while in transit. "This script is responsible for several processes," Prasad told me, "such as stealing user credentials and exfiltrating them to an attacker-controlled server.”
Read more »
Social Media
2FA Action Fraud Data Leaks phishing Social Media

Huge Spike in Social Media and Email Hacks – Simple Ways to Protect Yourself

 


There has been a worrying rise in the number of people losing control of their social media and email accounts this year. According to recent data from Action Fraud, the UK’s national cybercrime reporting center, over 35,000 cases were reported in 2024. This is a huge increase compared to the 22,000 cases recorded the previous year.

To address this growing problem, Action Fraud has teamed up with Meta to start an online safety campaign. Their main goal is to help people secure their accounts by turning on two-step verification, also known as 2FA. This extra security step makes it much harder for hackers to break into accounts.

Hackers usually target social media or email profiles for money. Once they gain access, they often pretend to be the real user and reach out to the person’s friends or followers. Many times, they use these stolen accounts to promote fake investment schemes or sell fake event tickets. In other cases, hackers simply sell these hacked accounts to others who use them for illegal activities.

One trick commonly used by hackers is messaging the account owner’s contacts and convincing them to share security codes. Since the message appears to come from a trusted person, many people unknowingly share sensitive information, giving hackers further control.

Another method involves stealing login information through phishing scams or data leaks. If people use the same password for many sites, hackers can easily access multiple accounts once they crack one.

The good news is that there are simple ways to protect yourself. The most important step is enabling two-step verification on all your accounts. This adds an extra barrier by asking for a unique code when someone tries to log in, making it much tougher for hackers to get through even if they know your password.

Meta has also introduced face recognition technology to help users recover hacked accounts. Still, experts say prevention is always better than trying to fix the damage later.


Here are a few easy tips to protect your online accounts:

1. Always enable two-step verification wherever it is available.

2. Create strong and unique passwords for each account. Avoid using the same password more than once.

3. Be careful if someone you know suddenly asks for a security code — double-check if it’s really them.

4. Stay alert for suspicious links or emails asking for your login details — they could be phishing traps.

5. Keep an eye on your accounts for unusual activity or login attempts from unknown places.


With online scams increasing, staying careful and following these safety steps can help you avoid falling victim to account hacks. Taking action now can save you a lot of trouble later.

Read more »
QR code security
2FA Cyber Security cybercriminals Gmail Google Google Security Tools QR code QR code security

Google to Introduce QR Codes for Gmail 2FA Amid Rising Security Concerns

 

Google is set to introduce QR codes as a replacement for SMS-based two-factor authentication (2FA) codes for Gmail users in the coming months. While this security update aims to improve authentication methods, it also raises concerns, as QR code-related scams have been increasing. Even Google’s own threat intelligence team and law enforcement agencies have warned about the risks associated with malicious QR codes. QR codes, short for Quick Response codes, were originally developed in 1994 for the Japanese automotive industry. Unlike traditional barcodes, QR codes store data in both horizontal and vertical directions, allowing them to hold more information. 

A QR code consists of several components, including finder patterns in three corners that help scanners properly align the code. The black and white squares encode data in binary format, while error correction codes ensure scanning remains possible even if part of the code is damaged. When scanned, the embedded data—often a URL—is extracted and displayed to the user. However, the ability to store and quickly access URLs makes QR codes an attractive tool for cybercriminals. Research from Cisco Talos in November 2024 found that 60% of emails containing QR codes were spam, and many included phishing links. While some emails use QR codes for legitimate purposes, such as event registrations, others trick users into revealing sensitive information. 

According to Cisco Talos researcher Jaeson Schultz, phishing attacks often use QR codes for fraudulent multi-factor authentication requests to steal login credentials. There have been multiple incidents of QR code scams in recent months. In one case, a 70-year-old woman scanned a QR code at a parking meter, believing she was paying for parking, but instead, she unknowingly subscribed to a premium gaming service. Another attack involved scammers distributing printed QR codes disguised as official government severe weather alerts, tricking users into downloading malicious software. Google itself has warned that Russian cybercriminals have exploited QR codes to target victims through the Signal app’s linked devices feature. 

Despite these risks, users can protect themselves by following basic security practices. It is essential to verify where a QR code link leads before clicking. A legitimate QR code should provide additional context, such as a recognizable company name or instructions. Physical QR codes should be checked for tampering, as attackers often place fraudulent stickers over legitimate ones. Users should also avoid downloading apps directly from QR codes and instead use official app stores. 

Additionally, QR-based payment requests in emails should be verified through a company’s official website or customer service. By exercising caution, users can mitigate the risks associated with QR codes while benefiting from their convenience.
Read more »
Youtube
2FA Data Breach Emails Google Youtube

Google Fixes YouTube Security Flaw That Exposed User Emails

 



A critical security vulnerability in YouTube allowed attackers to uncover the email addresses of any account on the platform. Cybersecurity researchers discovered the flaw and reported it to Google, which promptly fixed the issue. While no known attacks exploited the vulnerability, the potential consequences could have been severe, especially for users who rely on anonymity.


How the Vulnerability Worked

The flaw was identified by researchers Brutecat and Nathan, as reported by BleepingComputer. It involved an internal identifier used within Google’s ecosystem, known as the Gaia ID. Every YouTube account has a unique Gaia ID, which links it to Google’s services.

The exploit worked by blocking a YouTube account and then accessing its Gaia ID through the live chat function. Once attackers retrieved this identifier, they found a way to trace it back to the account’s registered email address. This loophole could have exposed the contact details of millions of users without their knowledge.


Google’s Reaction and Fix

Google confirmed that the issue was present from September 2024 to February 2025. Once informed, the company swiftly implemented a fix to prevent further risk. Google assured users that there were no reports of major misuse but acknowledged that the vulnerability had the potential for harm.


Why This Was a Serious Threat

The exposure of email addresses poses various risks, including phishing attempts, hacking threats, and identity theft. This is particularly concerning for individuals who depend on anonymity, such as whistleblowers, journalists, and activists. If their private details were leaked, it could have led to real-world dangers, not just online harassment.

Businesses also faced risks, as malicious actors could have used this flaw to target official YouTube accounts, leading to scams, fraud, or reputational damage.


Lessons and Preventive Measures

The importance of strong security measures and rapid responses to discovered flaws cannot be emphasized more. Users are encouraged to take precautions, such as enabling two-factor authentication (2FA), using secure passwords, and being cautious of suspicious emails or login attempts.

Tech companies, including Google, must consistently audit security systems and respond quickly to any potential weaknesses.

Although the security flaw was patched before any confirmed incidents occurred, this event serves as a reminder of the omnipresent risks in the digital world. By staying informed and following security best practices, both users and companies can work towards a safer online experience.



Read more »
Passwords
2FA Data Breach Grubhub Passwords

Grubhub Data Breach Exposes Customer and Driver Information

 



Food delivery service Grubhub has suffered a security breach that exposed sensitive information belonging to customers, drivers, and merchants. The breach, caused by unauthorized access through a third-party service provider, compromised personal details, hashed passwords, and partial credit card information.  

Grubhub detected suspicious activity within its system, which was later traced to an account used by a third-party customer support provider. The company quickly revoked access to this account and removed the provider from its platform to prevent further unauthorized entry.  

What Information Was Compromised?

Hackers gained access to various user data, including:  

1. Full names, email addresses, and phone numbers  

2. Hashed passwords (which are encrypted for security)  

3. Partial credit card details (only the card type and last four digits)  

The breach affected individuals who had previously interacted with Grubhub’s customer support or used its campus dining services. However, full payment card details and bank account information were not accessed.  

Steps Taken by Grubhub  

In response to the breach, Grubhub has implemented several security measures:  

  • Resetting passwords for affected accounts  
  • Blocking access to the compromised third-party account  
  • Enhancing security protocols to prevent similar incidents in the future  

Although the exact number of affected users and the timeline of the breach have not been disclosed, Grubhub is working to strengthen its security systems. 

This breach comes as Grubhub prepares for a major business transition. Its parent company, Just Eat, is finalizing a $650 million sale of Grubhub to food hall startup Wonder. The deal, announced in November 2024, is expected to be completed by early 2025.  

How Users Can Stay Safe

If you have a Grubhub account, consider taking the following precautions:  

1. Update your password immediately, especially if you use the same password on other platforms.  

2. Turn on two-factor authentication (2FA) for extra security.  

3. Be cautious of phishing emails pretending to be from Grubhub.  

4. Monitor your credit card and bank statements for unusual activity.  

This incident underscores the risks associated with third-party service providers in handling user data. As cyber threats continue to rise, companies must implement stronger security measures to protect customer information and prevent future breaches.

Read more »
PayPal
2FA Data Breach financial services Passwords PayPal

PayPal Fined $2 Million for Data Breach: A Wake-Up Call for Cybersecurity

 


PayPal has been fined $2 million by the New York State Department of Financial Services (DFS) for failing to protect customer data, resulting in a significant security breach. The incident, which occurred in December 2022, exposed sensitive information, including social security numbers, names, and email addresses of thousands of users. This breach has raised serious concerns about PayPal’s cybersecurity practices and its ability to safeguard customer data.

How Did the Breach Happen?

The breach occurred during an update to PayPal’s system to grant access to IRS Form 1099-Ks, which is used to report income. The employees responsible for implementing these changes lacked proper cybersecurity training, leaving the system vulnerable to exploitation. Cybercriminals used a technique called credential stuffing, where stolen login credentials from previous breaches are tested on other platforms. Since many users reuse passwords across multiple sites, this method often succeeds.

Due to these security flaws, hackers gained access to sensitive customer data, putting affected users at risk of identity theft, financial fraud, and phishing scams. The breach highlights the critical importance of robust cybersecurity measures and well-trained personnel.

Following an investigation, DFS concluded that PayPal lacked qualified cybersecurity personnel and failed to provide adequate training to its workforce. These shortcomings directly contributed to the breach. Adrienne A. Harris, Superintendent of DFS, emphasized the need for companies handling financial data to prioritize cybersecurity.

"Qualified cybersecurity personnel are the first line of defense against potential data breaches. Companies must invest in proper training and effective security policies to protect sensitive data and mitigate risks," Harris stated.

Data breaches like this one can have severe consequences for users. When personal information such as social security numbers and email addresses is leaked, cybercriminals can exploit it for identity theft, financial fraud, or phishing attacks.

Expert Recommendations for Users

To protect themselves from similar breaches, cybersecurity experts recommend the following steps:

  1. Enable Two-Factor Authentication (2FA): Adding an extra layer of security can significantly reduce the risk of unauthorized access.
  2. Use Unique Passwords: Avoid reusing passwords across multiple accounts to prevent credential stuffing attacks.
  3. Monitor Financial Activity: Regularly check bank statements and credit reports for any suspicious transactions.

The Bigger Picture: Cybersecurity in Financial Institutions

This incident underscores a growing problem in the financial sector: inadequate cybersecurity measures. Despite being a global payment giant, PayPal’s failure to implement reasonable security measures left its users vulnerable to cyberattacks. Financial institutions must prioritize cybersecurity by investing in advanced technologies, hiring skilled professionals, and providing comprehensive employee training.

DFS has been taking strict action against companies that fail to meet cybersecurity standards. This case serves as a reminder that regulatory bodies are increasingly holding organizations accountable for lapses in data protection.

While PayPal has yet to issue an official response to the fine, the company is expected to strengthen its security policies and enhance its cyber defenses to avoid future penalties. This incident should serve as a wake-up call for all companies handling sensitive customer information. In an era of escalating cyber threats, cybersecurity cannot be an afterthought—it must be a top priority.

The PayPal data breach highlights the critical need for robust cybersecurity measures in the financial sector. Companies must invest in skilled personnel, advanced technologies, and employee training to protect customer data effectively. For users, adopting best practices like enabling 2FA and using unique passwords can help mitigate risks. As cyber threats continue to evolve, both organizations and individuals must remain vigilant to safeguard sensitive information.

Read more »
Phishing Scams
2FA Cyber Attacks cybersecurity challenges Google Google Ads Hackers MalwareBytes Online Advertising Online Scams phishing kit Phishing Scams

Google Ads Phishing Scam Reaches New Extreme, Experts Warn of Ongoing Threat


Cybercriminals Target Google Ads Users in Sophisticated Phishing Attacks

Cybercriminals are intensifying their phishing campaigns against Google Ads users, employing advanced techniques to steal credentials and bypass two-factor authentication (2FA). This new wave of attacks is considered one of the most aggressive credential theft schemes, enabling hackers to gain unauthorized access to advertiser accounts and exploit them for fraudulent purposes.

According to cybersecurity firm Malwarebytes, attackers are creating highly convincing fake Google Ads login pages to deceive advertisers into entering their credentials. Once stolen, these login details allow hackers to fully control compromised accounts, running malicious ads or reselling access on cybercrime forums. Jérôme Segura, Senior Director of Research at Malwarebytes, described the campaign as a significant escalation in malvertising tactics, potentially affecting thousands of advertisers worldwide.

How the Attack Works

The attack process is alarmingly effective. Cybercriminals design fake Google Ads login pages that closely mimic official ones. When advertisers enter their credentials, the phishing kits deployed by attackers capture login details, session cookies, and even 2FA tokens. With this information, hackers can take over accounts instantly, running deceptive ads or selling access to these accounts on the dark web.

Additionally, attackers use techniques like cloaking to bypass Google’s ad policies. Cloaking involves showing different content to Google’s reviewers and unsuspecting users, allowing fraudulent ads to pass through Google's checks while leading victims to harmful websites.

Google’s Response and Recommendations

Google has acknowledged the issue and stated that measures are being taken to address the threat. “We have strict policies to prevent deceptive ads and actively remove bad actors from our platforms,” a Google spokesperson explained. The company is urging advertisers to take immediate steps if they suspect their accounts have been compromised. These steps include resetting passwords, reviewing account activity, and enabling enhanced security measures like security keys.

Cybersecurity experts, including Segura, recommend advertisers exercise caution when clicking on sponsored ads, even those that appear legitimate. Additional safety measures include:

  • Using ad blockers to limit exposure to malicious ads.
  • Regularly monitoring account activity for any unauthorized changes.
  • Being vigilant about the authenticity of login pages, especially for critical services like Google Ads.

Despite Google’s ongoing efforts to combat these attacks, the scale and sophistication of phishing campaigns continue to grow. This underscores the need for increased vigilance and robust cybersecurity practices to protect sensitive information and prevent accounts from being exploited by cybercriminals.

Read more »
Online Privacy
2FA chat records Cyber Breaches Cyber Security data deletion Data Privacy data security Digital Footprint Online Privacy

How to Declutter and Safeguard Your Digital Privacy

 

As digital privacy concerns grow, taking steps to declutter your online footprint can help protect your sensitive information. Whether you’re worried about expanding government surveillance or simply want to clean up old data, there are practical ways to safeguard your digital presence. 

One effective starting point is reviewing and managing old chat histories. Platforms like Signal and WhatsApp, which use end-to-end encryption, store messages only on your device and those of your chat recipients. This encryption ensures governments or hackers need direct access to devices to view messages. However, even this security isn’t foolproof. 

Non-encrypted platforms like Slack, Facebook Messenger, and Google Chat store messages on cloud servers. While these may be encrypted to prevent theft, the platforms themselves hold the decryption keys. This means they can access your data and comply with government requests, no matter how old the messages. Long-forgotten chats can reveal significant details about your life, associations, and beliefs, making it crucial to delete unnecessary data. 

Kenn White, security principal at MongoDB, emphasizes the importance of regular digital cleaning. “Who you were five or ten years ago is likely different from who you are today,” he notes. “It’s worth asking if you need to carry old inside jokes or group chats forward to every new device.” 

Some platforms offer tools to help you manage old messages. For example, Apple’s Messages app allows users to enable auto-deletion. On iOS, navigate to Settings > Apps > Messages, then select “Keep Messages” and choose to retain messages for 30 days, one year, or forever. 

Similarly, Slack automatically deletes data older than a year for free-tier users, while paid plans retain data indefinitely unless administrators set up rolling deletions. However, on workplace platforms, users typically lack control over such policies, highlighting the importance of discretion in professional communications. 

While deleting old messages is a key step, consider extending your cleanup efforts to other areas. Review your social media accounts, clear old posts, and minimize the information shared publicly. Also, download essential data to offline storage if you need long-term access without risking exposure. 

Finally, maintain strong security practices like enabling two-factor authentication (2FA) and regularly updating passwords. These measures can help protect your accounts, even if some data remains online. 

Regularly decluttering your digital footprint not only safeguards your privacy but also reduces the risk of sensitive data being exposed in breaches or exploited by malicious actors. By proactively managing your online presence, you can ensure a more secure and streamlined digital life.
Read more »
Shopping Scam
2FA Cyber Security Dark Web dark web breaches Fake Website Hacker attack Malware Attack Online Shopping phishing Shopping Scam

The Dark Web’s Role in Phishing and 2FA Security Breaches

 


Black Friday and Cyber Monday may have passed, but the dangers of online scams and cyberattacks persist year-round. Cybercriminals continue to exploit digital shoppers, leveraging sophisticated tools such as phishing kits, fake websites, and cookie grabbers that bypass two-factor authentication (2FA). These tools, widely available on dark web marketplaces, turn online shopping into a risky endeavour, particularly during the peak holiday season.

Cybercriminal Tools: A Growing Threat

Dark web marketplaces operate like legitimate businesses, offering everything from free phishing kits to subscription-based malware services. According to NordStellar threat intelligence:

  • Phishing kits: Often free or low-cost, enable hackers to replicate authentic websites.
  • Fake website templates: Start at $50, tricking users into sharing personal information.
  • Malware subscriptions: Priced at $150 per month, provide hackers with advanced tools.
  • Cookie grabber pages: Sell for $400 or more, enabling access to user accounts by bypassing login credentials and 2FA.

These illicit tools are increasingly accessible, with some even offered at discounted rates during the holiday season. The result is an alarming rise in phishing scams targeting fake shopping sites, with 84% of victims interacting with these scams and nearly half losing money.

The Role of Stolen Cookies in Cybercrime

Session cookies, particularly authentication cookies, are a prized asset for hackers. NordStellar reports over 54 billion stolen cookies available on the dark web, including:

  • 154 million authentication cookies, 23.5 million of which remain active.
  • 37 million login cookies, with 6.6 million still usable.
  • 30 million session cookies capable of bypassing 2FA.

These cookies allow attackers to impersonate legitimate users, gaining unauthorized access to accounts without requiring passwords or verification codes. This capability makes cookie-grabber pages one of the most valuable tools in the hacker’s arsenal.

Protecting Yourself from Cyber Threats

Google has introduced measures like passkeys to combat these threats, offering a more secure alternative to traditional 2FA methods. A Google spokesperson emphasized that passkeys reduce phishing risks and strengthen security against social engineering attacks. Consumers can take additional steps to safeguard their online accounts:

  • Scrutinize links and websites to avoid phishing scams.
  • Switch to advanced authentication methods such as passkeys where available.
  • Stay informed about emerging cyber threats and adopt proactive security practices.

By remaining vigilant and embracing stronger authentication technologies, shoppers can minimize the risks posed by cybercriminals and their evolving arsenal of dark web tools.

Read more »
Gmail Hack
2FA 2FA bypass Cyber Security Data Recovery email database discovery Gmail checkmark system Gmail Hack

How to Recover a Hacked Gmail Account Even After a Security Breach

 

Having your Gmail account hacked can feel like a nightmare, especially when recovery details like phone numbers and email addresses have been changed by a hacker. Fortunately, recovering a compromised account is still possible, even if most security and recovery options have been altered. Google’s account recovery system is designed to assist users in situations where hackers manage to bypass protections, such as two-factor authentication (2FA). The key is to begin the process from a device and location you frequently use to access your Gmail account. This could be your home or workplace, using the same browser or device. Providing as much accurate information as possible, such as previous passwords, is critical to proving ownership of the account and speeding up the process. 

There’s also a delay system in place that can put recovery requests on hold for a few hours or even several days, depending on the level of risk involved. While frustrating, this measure is a security feature designed to protect accounts from unauthorized access. If acted upon quickly, users may still be able to recover their account using the original recovery information, such as a phone number or email address, for up to seven days after the details are changed. 

If recovery through Google’s automated system is proving difficult, users with linked YouTube accounts have sometimes found success by contacting YouTube support. Social media channels have also proven helpful in expediting the recovery process in more complex cases.  

The question remains, how do hackers bypass Gmail’s security systems? One common method is session cookie theft, which involves stealing the data that keeps users logged in after 2FA has already been verified. By taking over these session cookies, hackers can change your account’s security settings without needing to go through 2FA again. 

To protect against these types of attacks in the future, Google recommends steps like using passkeys, which are more secure than SMS-based 2FA. Passkeys are resistant to phishing and hacking attempts that steal session cookies. Additionally, Google has implemented protective measures like frequent cookie rotation and device-bound session credentials to limit the effectiveness of such attacks. Taking proactive steps like enabling these features and always monitoring account activity can help you avoid falling victim to similar hacking attempts in the future.
Read more »
Password
2FA Data Breach Identity Protection Login Security Password

Four Steps to Steer Clear of Data Leaks

 



Within the last few months, we have witnessed the scale of data breaches soar to millions of victims. The most vulnerable victims are usually major companies that process individual data; National Public Data, Medicare, and MC2 Data are all illustrative examples where hundreds of billions of records were leaked and several people become a victim of identity theft, fraud, and other destructive scandals.

Although data leaks are getting alarming day by day, there is also something you can do to protect your personal information. The four key actions that you can undertake to strengthen your online defences and not be a target will be discussed in the following:


Strengthen Your Login Security

As more and more passwords leak out on the web, hackers can use weak or reused passwords much more easily. Since a leaked password leaves cybercriminals with the same password, it can be used to perform credential stuffing attacks, trying the same password combination against different accounts. Risk can be minimised by using different strong passwords for all accounts. This can be achieved using a password manager that keeps them safe.

However, the best password ever designed can still be cracked or guessed, so there is a need for extra layers of security. Two-factor authentication, or 2FA, places a huge barrier to entry, requiring a second form of verification before an account access is given. Two most popular means of 2FA are by email or SMS, but those forms of verification can be intercepted. However, more secure methods include authentication apps or hardware security keys such as YubiKey, whereby gaining possession of the device requires one to log in to any of their accounts.

Other ways to log in include passkeys, which will eventually outpace the usage of passwords. The passkeys are encrypted, specific to your device, and not vulnerable to phishing attacks, thus adding more protection for your accounts. You will also have the opportunity to backup your passkeys or create a back login like the 2FA in case your account loses your device


Secure Your Financial Information

Examples of typical personal information that would be exposed and increase the risk of identity theft in a data breach include a Social Security number. Protecting your financial life comes down to freezing your credit and banking reports. This will prevent someone else from opening accounts in your name. You should check regularly for any suspicious activity on your credit report.

Locking an Identity Protection PIN on the IRS will put further layers of security on your tax filings, so that no one except you can file under your name. It's something that you can get done in days, and a few hours of your time to pay to save yourself from costly and time-consuming fraud.


Be on Your Guard About Communications

The dark web contains so much stolen personal information, making it pretty easy for scammers to write very convincing messages and dial numbers in your name. They could also call pretending to be your bank or a credit card company, as well as someone you know to try and get some more sensitive details. It's really important that you don't have any trust towards unsolicited communications, no matter how truthful they may sound.

If you do receive a message that says an account has been breached, do not click any links and do not provide sensitive personal data over the phone. Reach out to the organisation using official contact channels.

If you are receiving messages supposedly from family or friends, use other communication channels to confirm the request as their accounts may have been hacked.


Don't Rely on Trust Alone

As advanced scams with the aid of artificial intelligence rise, be doubly careful with all your dealings in the digital world. Because scammers are evolving their patterns all the time, it would be even more challenging to distinguish the real one from the fake. Such proactive steps, like securing all accounts, protecting financial information, and confirming any communication, can reduce the danger a person has to face when becoming victimised by cybercrime.

Nothing is foolproof in this changing digital world, but by doing all these, you are making it very difficult for hackers to access your information. Self-protection today may save you from the costly and stressful aftermaths in the future.


Read more »
SQL
2FA CVE CVE vulnerability CVEs Cyber Security E-Commerce Websites Patchstack PII Plugin Plugin Flaws SQL

Critical Vulnerability in TI WooCommerce Wishlist Plugin Exposes 100K+ Sites to SQL Attacks

 

A critical vulnerability in the widely-used TI WooCommerce Wishlist plugin has been discovered, affecting over 100,000 WordPress sites. The flaw, labeled CVE-2024-43917, allows unauthenticated users to execute arbitrary SQL queries, potentially taking over the entire website. With a severity score of 9.3, the vulnerability stems from a SQL injection flaw in the plugin’s code, which lets attackers manipulate the website’s database. This could result in data breaches, defacement, or a full takeover of the site. As of now, the plugin remains unpatched in its latest version, 2.8.2, leaving site administrators vulnerable. 

Cybersecurity experts, including Ananda Dhakal from Patchstack, have highlighted the urgency of addressing this flaw. Dhakal has released technical details of the vulnerability to warn administrators of the potential risk and has recommended immediate actions for website owners. To mitigate the risk of an attack, website owners using the TI WooCommerce Wishlist plugin are urged to deactivate and delete the plugin as soon as possible. Until the plugin is patched, leaving it active can expose websites to unauthorized access and malicious data manipulation. If a website is compromised through this flaw, attackers could gain access to sensitive information, including customer details, order histories, and payment data. 

This could lead to unauthorized financial transactions, stolen identities, and significant reputational damage to the business. Preventing such attacks requires several steps beyond removing the vulnerable plugin. Website administrators should maintain an updated security system, including regular patching of plugins, themes, and the WordPress core itself. Using a Web Application Firewall (WAF) can help detect and block SQL injection attempts before they reach the website. It’s also advisable to back up databases regularly and ensure that backups are stored in secure, off-site locations. Other methods of safeguarding include limiting access to sensitive data and implementing proper data encryption, particularly for personally identifiable information (PII). 

Website administrators should also audit user roles and permissions to ensure that unauthorized users do not have access to critical parts of the site. Implementing two-factor authentication (2FA) for site logins can add an extra layer of protection against unauthorized access. The repercussions of failing to address this vulnerability could be severe. Aside from the immediate risk of site takeovers or data breaches, businesses could face financial loss, including costly recovery processes and potential fines for not adequately protecting user data. Furthermore, compromised sites could suffer from prolonged downtime, leading to lost revenue and a decrease in user trust. Rebuilding a website and restoring customer confidence after a breach can be both time-consuming and costly, impacting long-term growth and sustainability.  

In conclusion, to safeguard against the CVE-2024-43917 vulnerability, it is critical for website owners to deactivate the TI WooCommerce Wishlist plugin until a patch is released. Administrators should remain vigilant by implementing strong security practices and regularly auditing their sites for vulnerabilities. The consequences of neglecting these steps could lead to serious financial and reputational damage, as well as the potential for legal consequences in cases of compromised customer data. Proactive protection is essential to maintaining business continuity in the face of ever-evolving cybersecurity threats.
Read more »
Online Banking
2FA Banking Security Cyber Security CyberCriminal data security Mobile App Online Banking

Is Online Banking Truly Safe? Understanding the Safety Loopholes in Bank Websites

 

In today's increasingly digital landscape, ensuring the security of online banking platforms is paramount. With cyber threats evolving and becoming more sophisticated, financial institutions face the constant challenge of fortifying their systems against unauthorized access and data breaches. 

Recently, Which?, a respected consumer advocate, conducted an extensive investigation into the security measures implemented by major current account providers. This evaluation carried out with the assistance of independent computer security experts, aimed to scrutinize the efficacy of banks' online banking systems in safeguarding customer data and preventing fraudulent activities. 

The assessment, conducted over two months in January and February 2024, focused on examining the apps and websites of 13 prominent current account providers. While the evaluation did not encompass testing of back-end systems, it honed in on four critical areas essential for ensuring robust security protocols: security best practices, login processes, account management, and navigation & logout functionalities. 

Through rigorous testing, the investigation revealed significant variations among providers, with some demonstrating commendable security measures while others fell short of expectations. Among the findings, TSB and the Co-operative Bank emerged as the lowest-ranked institutions in both mobile app and online security. 

Notably, TSB's app exhibited a serious vulnerability, allowing sensitive data to be accessed by other applications on the device, raising concerns about data integrity and privacy. Similarly, the Co-operative Bank's failure to enforce two-factor authentication (2FA) on a test laptop highlighted potential weaknesses in their security infrastructure, necessitating urgent attention and remediation. 

Conversely, NatWest and Starling emerged as frontrunners in online banking security, earning an impressive score of 87%. Their robust security protocols and stringent authentication processes set them apart as leaders in safeguarding customer information. 

Meanwhile, HSBC and Barclays led the pack in mobile banking security, with HSBC notably eschewing SMS-based login verification, opting for more secure alternatives to protect user accounts. In addition to holding financial institutions accountable for maintaining rigorous security standards, consumers must also take proactive steps to protect their financial data when banking online. 

Which? recommends six essential tips for enhancing online security, including protecting mobile devices, using strong and unique passwords, and promptly reporting any suspicious activity. By adopting these best practices and remaining vigilant, consumers can mitigate the risks associated with online banking and thwart the efforts of cybercriminals seeking to exploit vulnerabilities. 

In an era where digital transactions are ubiquitous, prioritizing security is imperative to safeguarding personal and financial information from unauthorized access and fraudulent activities.
Read more »
Social Media
2FA data security Discord Privacy Social Media

Discord Users' Privacy at Risk as Billions of Messages Sold Online

 

In a concerning breach of privacy, an internet-scraping company, Spy.pet, has been exposed for selling private data from millions of Discord users on a clear web website. The company has been gathering data from Discord since November 2023, with reports indicating the sale of four billion public Discord messages from over 14,000 servers, housing a staggering 627,914,396 users.

How Does This Breach Work?

The term "scraped messages" refers to the method of extracting information from a platform, such as Discord, through automated tools that exploit vulnerabilities in bots or unofficial applications. This breach potentially exposes private chats, server discussions, and direct messages, highlighting a major security flaw in Discord's interaction with third-party services.

Potential Risks Involved

Security experts warn that the leaked data could contain personal information, private media files, financial details, and even sensitive company information. Usernames, real names, and connected accounts may be compromised, posing a risk of identity theft or financial fraud. Moreover, if Discord is used for business communication, the exposure of company secrets could have serious implications.

Operations of Spy.pet

Spy.pet operates as a chat-harvesting platform, collecting user data such as aliases, pronouns, connected accounts, and public messages. To access profiles and archives of conversations, users must purchase credits, priced at $0.01 each with a minimum of 500 credits. Notably, the platform only accepts cryptocurrency payments, excluding Coinbase due to a ban. Despite facing a DDoS attack in February 2024, Spy.pet claims minimal damage.

How To Protect Yourself?

Discord is actively investigating Spy.pet and is committed to safeguarding users' privacy. In the meantime, users are advised to review their Discord privacy settings, change passwords, enable two-factor authentication, and refrain from sharing sensitive information in chats. Any suspected account compromises should be reported to Discord immediately.

What Are The Implications?

Many Discord users may not realise the permanence of their messages, assuming them to be ephemeral in the fast-paced environment of public servers. However, Spy.pet's data compilation service raises concerns about the privacy and security of users' conversations. While private messages are currently presumed secure, the sale of billions of public messages underscores the importance of heightened awareness while engaging in online communication.

The discovery of Spy.pet's actions is a clear signal of how vulnerable online platforms can be and underscores the critical need for strong privacy safeguards. It's crucial for Discord users to stay alert and take active measures to safeguard their personal data in response to this breach. As inquiries progress, the wider impact of this privacy violation on internet security and data protection is a substantial concern that cannot be overlooked.


Read more »
Roku
2FA Credential Stuffing Data Breach Password Roku

Roku Security Breach Exposes Over 500,000 User Accounts to Cyber Threats

 


In a recent set of events, streaming giant Roku has disclosed an eminent security breach affecting over half a million user accounts. Following a recent data breach, Roku has uncovered additional compromised accounts, totaling approximately 576,000 users affected by the breach.

Security Breach Details

Last month, Roku announced that around 15,000 customers might have had their sensitive information, including usernames, passwords, and credit card details, stolen by hackers. These stolen credentials were then utilised to gain unauthorised access to other streaming platforms and even to purchase streaming gear from Roku's website. Subsequently, the compromised Roku accounts were sold on the dark web for a mere $0.50 each.

Method of Attack

The hackers employed a tactic known as "credential stuffing" to gain access to the jeopardised accounts. This method relies on using stolen usernames and passwords from other data breaches to gain unauthorised access to various accounts. It highlights the importance of avoiding password reuse across different platforms, no matter how convenient the idea of having one go-to password may seem. 

Proactive Measures by Roku

Roku took proactive steps in response to the security incidents. While investigating the initial breach, the company discovered a second similar incident affecting over 500,000 additional accounts. Roku clarified that there's no evidence indicating that their systems were directly laid on the line. Instead, the hackers likely obtained the credentials from external sources, such as previous data breaches or leaks.

Protecting Your Roku Account

To safeguard users' accounts, Roku has implemented several measures. Firstly, the company has reset the passwords for all affected accounts and initiated direct notifications to affected customers. Additionally, Roku is refunding or reversing any unauthorised charges made by hackers. Furthermore, two-factor authentication (2FA) has been enabled for all Roku accounts, adding an extra layer of security.

User Precautions

Despite Roku's efforts, users are advised to take additional precautions. It's crucial to use strong, unique passwords for each online account, including Roku. Password managers can assist in generating and securely storing complex passwords. Additionally, users should remain watchful for any suspicious activity on their accounts and monitor their bank statements closely.

As Roku continues its investigations, users are urged to stay cautious online. There's a possibility of hackers attempting targeted phishing attacks using stolen information. Therefore, users should exercise caution when interacting with emails purportedly from Roku and verify the authenticity of any communication from the company.

The recent security breaches bear down on the critical need for strong cybersecurity practices by both companies and users. While Roku has taken considerable steps to address the issue, users must remain proactive in protecting their accounts from potential threats. Stay informed and take necessary precautions to safeguard your online ecosystem. 

Read more »
SIM swap
2FA Bitcoin Cyber Fraud Identity Theft SIM swap

Look Out For SIM Swap Scams: Tips for Bitcoin Security

 




In today's digitised world, safeguarding personal information and digital assets is of great importance. One emerging threat is the SIM swap scam, a sophisticated form of identity theft where fraudsters manipulate mobile carriers to transfer a victim's phone number to a SIM card under their control. This can lead to unauthorised access to accounts, especially those reliant on SMS-based two-factor authentication (2FA).


Bitcoin Security at Risk

For Bitcoin users, SIM swap scams pose an even greater risk, particularly on centralised exchanges using SMS-based 2FA. Unauthorised access to these accounts could result in substantial financial loss. However, utilising self-custodial wallets, where users control their private keys, significantly reduces this risk by eliminating reliance on telecom-based authentication methods.


Protective Measures and Best Practices

1. Switch to Authenticator Apps: Transitioning from SMS-based 2FA to authenticator apps like Google Authenticator or Authy enhances security by eliminating the vulnerability to SIM swap attacks.

2. Implement Additional Security Measures: Make use of platform-provided security features such as withdrawal address whitelisting and multi-factor authentication whenever possible to add layers of protection to your assets.

3. Stay Careful Against Phishing: Be cautious of unsolicited communications and verify the authenticity of requests for personal information or urgent actions related to your accounts.

4. Inform Your Mobile Carrier: Make your mobile carrier aware of the risks associated with SIM swap scams and inquire about additional security measures to safeguard your account.

5. Prioritise Non-Custodial Wallets: Opt for storing Bitcoin in hardware or reputable software wallets where you control your private keys, ensuring maximum security.


Striving for Practical Security

While achieving perfect security may seem daunting, taking practical steps such as enabling authenticator apps and transitioning to non-custodial wallets significantly reduces vulnerability to SIM swap scams. Rather than pursuing perfection, adopting proactive security measures is key to mitigating risks and protecting valuable assets.


In the face of multiplying threats like SIM swap scams, prioritising security measures is essential, especially for Bitcoin holders. By following best practices and embracing non-custodial solutions, individuals can shield their digital assets and minimise the risk of falling victim to cyberattacks. Stay informed, stay vigilant, and take proactive steps to protect yourself in the digital realm.


Read more »
Scam
2FA Cash App Cyber Security Data protection Financial Fraud Holiday Scam Identity Theft Money Transfer Scam

Fallen Victim to Zelle Scams During the Holiday Season

Identity theft is a serious concern at a time of rapid technology development and digital commerce. It becomes essential to strengthen our defenses against potential cyber threats as we negotiate the complexities of internet platforms and financial services. Identity protection must be prioritized immediately, as shown by several recent instances. 

A thorough analysis by CNET states that as more people become aware of the significance of protecting their personal information online, there is a growing demand for identity theft protection services. The paper emphasizes that because hackers have become more skilled, protecting sensitive data needs to be done proactively.

The holiday season, a time of increased financial activity, poses additional challenges. Fraudsters exploit popular money transfer services like Zelle, Venmo, and Cash App during this period. As we enter 2023, it is crucial to be aware of potential threats and adopt preventive measures. Emily Mason's analysis serves as a wake-up call, urging users to exercise caution and be vigilant in protecting their accounts.

One of the prevalent scams involves Zelle, as reported by sources. Victims of Zelle scams find themselves ensnared in a web of financial deceit, with the aftermath often leaving them grappling for solutions. Refund scams, in particular, have become a cause for concern, prompting financial experts to emphasize the need for enhanced security measures and user education.

To fortify your defenses against identity theft and financial fraud, consider implementing the following recommendations:
  • Employ Robust Identity Theft Protection Services: Invest in reputable identity theft protection services that monitor your personal information across various online platforms.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This additional step can thwart unauthorized access attempts.
  • Stay Informed and Vigilant: Keep abreast of the latest scams and fraud techniques. Awareness is your first line of defense.
  • Regularly Monitor Financial Statements: Review your bank and credit card statements regularly for any suspicious activity. Promptly report any discrepancies to your financial institution.
  • Educate Yourself on Common Scams: Familiarize yourself with the modus operandi of common scams, such as refund fraud and phishing attempts, to recognize and avoid potential threats.
Safeguarding your identity in the constantly changing world of digital transactions is a shared duty between users and the platforms they use. People can greatly lower their chance of being victims of identity theft and financial fraud by being informed and taking preventative action. As technology develops, maintaining the integrity of our personal data increasingly depends on taking a proactive approach to security.

Read more »
User Privacy
2FA Data Breach Digital Age Gmail Google Google Apps Google Photos User Privacy

Safeguard Your Data: Google's Data Purge Approaches

Google just announced that the time is running out on a massive cleanup of defunct Gmail accounts and content from Google Photos, which is scheduled to start on December 1. Many consumers can be taken aback by this action, which is intended to manage and streamline user data. Take quick action to make sure your important data isn't lost in the cleanse.

The data purge involves Google identifying and deleting data from accounts that have been inactive for an extended period. This includes Gmail messages, attachments, and Google Photos content. The goal is to free up storage space and enhance overall system efficiency.

Several major news outlets, including Forbes, CBS News, Business Insider, and Yahoo News, have covered this impending data purge, emphasizing the urgency for users to safeguard their digital assets.

Google's initiative raises concerns for users who may have overlooked the significance of their inactive accounts. If you've been using Gmail or Google Photos but have not actively engaged with these services, now is the time to reassess and secure your data.

To prevent the loss of your digital memories and crucial information, follow these steps:
  • Access Your Accounts: Log in to your Gmail and Google Photos accounts to ensure they are active and accessible. This alone can exempt your data from the impending purge.
  • Review and Save Important Data: Take the opportunity to review your emails and photos. Save any crucial information or memorable moments to a secure location, such as an external hard drive or cloud storage.
  • Update Account Information: Confirm that your account recovery information, including your phone number and email address, is up to date. This ensures you can recover your account if needed.
  • Enable Two-Factor Authentication: Strengthen the security of your Google accounts by enabling two-factor authentication. This adds an extra layer of protection, making it harder for unauthorized individuals to access your data.
These preventative measures will help you get through Google's data purge without losing important information. We need to be aware of any developments that could affect our digital assets since we are depending more and more on digital platforms to store and share our memories and information. To secure your data before it's too late, take action right away.


Read more »
Subscribe to: Posts (Atom)