dcsimg

Malvertising campaign on PornHub and other top adult brands exposes users to tech support scams

Threat actors involved in tech support scams have been running a browser locker campaign from November 2020 until February 2021 on the world’s largest adult platforms including PornHub. The same group behind this campaign has been active for much longer and we believe is tied to previous schemes we’ve identified before, making it one of the most prolific tech support scam operations … [Read more...]

Credit card skimmer piggybacks on Magento 1 hacking spree

Back in the fall of 2020 threat actors started to massively exploit a vulnerability in the no-longer maintained Magento 1 software branch. As a result, thousands of e-commerce shops were compromised and many of them injected with credit card skimming code. While monitoring activities tied to this Magento 1 campaign, we identified an e-commerce shop that had been targeted twice by skimmers. This … [Read more...]

Emotet returns just in time for Christmas

Emotet is a threat we have been tracking very closely throughout the year thanks to its large email distribution campaigns. Once again, and for about two months the botnet stopped its malspam activity only to return days before Christmas. In typical Emotet fashion, the threat actors continue to alternate between different phishing lures whose goal is to social engineer users into enabling … [Read more...]

Beware: not so festive social media scams

We’re now into the most crucial stage of Christmas festivities, where money and gifts are on the march…and social media is a conduit for both good and bad tidings. This is the absolute best time for social media scammers to make their move. A little confidence trick here, the promise of good cheer there, and someone is going to be out of pocket. Here’s a roundup of some of the most … [Read more...]

Smart toy security: How to keep your kids safe this Christmas

Christmas is coming, and so are the smart toys. The ever-present pandemic has meant a lot more staying at home this year. Videogame playing has increased considerably, because why not? Screentime for kids has gone up, because again, it’s bound to. It hasn’t brought about the end of civilisation and the kids are still alright. You’d expect a big surge in smart/IoT toys all over the place given … [Read more...]

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox. A full house of spam Whether by accident or design, you may see spam land in your inbox … [Read more...]

Demystifying two common misconceptions with e-commerce security

Online shopping has seen a dramatic increase in the months following the Covid-19 outbreak as more and more people opt-out of visiting physical stores. Such a phenomenon does not go unnoticed or without additional consequences. During the same time period, we have seen an increase in the usual scams but also digital skimming, the online equivalent of credit card theft. As a consumer, you may be … [Read more...]

QBot Trojan delivered via malspam campaign exploiting US election uncertainties

This blog post was authored by Jérôme Segura and Hossein Jazi. The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided to jump in on it too. Those tracking the threat landscape know very well that major world events … [Read more...]

Vastaamo psychotherapy data breach sees the most vulnerable victims extorted

“Hell is too nice a place for these people.” Never have we seen outrage about a cybercrime at such a level. The outrage is aimed at cybercriminals behind the data breach that occurred at Finnish psychotherapy practice Vastaamo. Vastaamo, which has treated some 40,000 patients, is a subcontractor to several major public-sector hospital districts. Finland’s president Sauli Niinisto called the … [Read more...]

Vastaamo psychotherapy data breach sees the most vulnerable victims extorted

“Hell is too nice a place for these people.” Never have we seen outrage about a cybercrime at such a level. The outrage is aimed at cybercriminals behind the data breach that occurred at Finnish psychotherapy practice Vastaamo. Vastaamo, which has treated some 40,000 patients, is a subcontractor to several major public-sector hospital districts. Finland’s president Sauli Niinisto called the … [Read more...]