In this video for Help Net Security, Michael Aminov, Chief Architect at Perception Point, talks about a recent Binance impersonation attack and, more broadly, the ongoing threat landscape impacting the cryptocurrency industry. Cryptocurrencies aren’t new, but they have become more mainstream: their use has increased significantly thanks to DeFi, gaming, NFTs,

The UK government was reportedly targeted with billions of malicious emails in 2021, and employees may have clicked on tens of thousands of suspicious or fraudulent links. Comparitech recently conducted a report into these malicious emails, and received answers from 260 government organizations in the form of freedom of information

Cybersecurity researchers at Check Point have identified six different fraudulent anti-virus applications that have since been removed from the Google Play store. The applications are parading as tools that help to protect users from cybercrime, however, they actually deliver malware to steal passwords, bank details, and other personal information. The

Threat actors have targeted both Microsoft Office 365 and Google Workspace in a new campaign that leverages a legitimate domain associated with a road-safety organization in Moscow to distribute messages. The attackers are spoofing voice message notifications from WhatsApp in the malicious phishing campaign. Their ultimate goal is to trick

American and South African investigators have teamed up to crack down on fraud that is persistent in the latter country, recently arresting several members linked to a suspected fraud gang. The individuals arrested consisted of three South Africans and four Nigerians, and are believed to be linked to an infamous

The Computer Emergency Response Team of Ukraine (CERT-UA) has spotted new phishing attempts attributed to the Russian threat group tracked as Armageddon (Gamaredon). The malicious emails attempt to trick the recipients with lures themed after the war in Ukraine and infect the target systems with espionage-focused malware. CERT-UA has identified two separate

A threat actor previously linked to the Belarusian Ministry of Defense, Ghostwriter, has recently adopted nearly invisible Browser-in-the-Browser (BitB) credential phishing techniques. The tool is likely being leveraged in its attacks against Ukraine and exploitation of the war being waged in the country. Ghostwriter is currently using war-themed attacks to

According to cybersecurity research from Google’s Threat Analysis Group (TAG), government backed hackers from Russia, China, Iran, and North Korea are exploiting Russia’s invasion of Ukraine. The attacks leverage public interest in the conflict and are designed to steal login credentials, sensitive information, and money from victims spanning several countries.

A Ukrainian-based threat actor has launched a spearphishing attack against Russians that are using services that have been banned for use by the Kremlin. The attack targets Russian cities and governments that are not aligned with the actions of the Russian government. MalwareBytes identified the campaign last week, stating that

Microsoft has confirmed that a large scale cyberattack is targeting its Azure developers through malicious npm packages. JFrog cybersecurity researchers released a report on Wednesday detailing how hundreds of malicious packages have been identified. The packages were designed to steal personally identifiable information from developers. According to researchers, the campaign