08 Jul 2022

Crypto hackers are increasingly phishing for new bait on social media

As more people enter the web3 ecosystem, there are increasing opportunities for hackers to attack. And during the second quarter, there was a significant rise in crypto-focused phishing attacks across social media sites, according to a new report. There were 290 recorded attacks during the second quarter, up 170% from 106

Read More
07 Jul 2022

How a fake job offer took down the world’s most popular crypto game

Rarely has a job application backfired more spectacularly than in the case of one senior engineer at Axie Infinity, whose interest in joining what turned out to be a fictitious company led to one of the crypto sector’s biggest hacks. Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost

Read More
24 Jun 2022

MetaMask Crypto-Wallet Theft Skates Past Microsoft 365 Security

Researchers have uncovered an email-based credential-phishing attack targeting users of MetaMask, a cryptocurrency wallet used to interact with the Ethereum blockchain. The campaign is directed at Microsoft 365 (formerly Microsoft Office 365) users and has targeted multiple organizations across the financial industry. It starts with a socially engineered email that looks

Read More
16 Jun 2022

Iran Spear-Phishers Hijack Email Conversations in New Campaign

Check Point security has discovered a new state-backed phishing operation perpetrated by the Iranian Phosphorus APT group. The campaign is primarily targeting high-ranking Israeli and US officials. Historically, Phosphorus APT has been targeting Israeli officials such as deputy Prime Minister Tzipi Livni, a former major general in the Israeli Defense

Read More
21 Apr 2022

More on TraderTraitor and North Korean Threat Actors Targeting Cryptocurrency Organizations

We previously reported on the TraderTraitor operation. The government investigation involved great work by the FBI, CISA and the US Treasury. As expected, many others in the press are also reporting on this. However, unlike OODA, the cybersecurity media is not in a position to evaluate the appropriate recommendations for

Read More
09 Nov 2021

Robinhood breach leaks information of 7 million people

Robinhood has announced that its popular app has suffered from a data breach that has exposed millions of email addresses, names, and more sensitive information. On Monday, Robinhood released a statement confirming that it discovered the incident on the evening of November 3, explaining that it had detected an unauthorized

Read More
04 Aug 2021

Iranian APT Lures Defense Contractor in Catfishing-Malware Scam

A new campaign using catfishing techniques with fake aerobics-instructor profiles has been discovered in a supply-chain attack attempt originating from an Iranian APT, TA456. The threat actors created convincing profiles of objectively attractive women to charm victims into downloading malware. According to a new report from Proofpoint, the campaign allegedly

Read More
23 Nov 2020

GoDaddy staff fall prey to social engineering scam in cryptocurrency exchange attack wave

GoDaddy employees have allegedly fallen victim to a series of social engineering phishing scams that led them to facilitate attacks on multiple cryptocurrency exchanges. The scam duped employees into changing email and registration records which were then used by cyberattackers to launch attacks on other organizations. The incident was reported

Read More
17 Aug 2020

Ritz London suspects data breach, fraudsters pose as staff in credit card data scam

Scammers in London posed as staff members at the Ritz Hotel to steal credit card data from customers staying at the hotel. The Ritz is currently investigating the data breach, which occurred earlier this month. The company released an announcement on Twitter stating that they were made aware of a

Read More
27 Jan 2020

New Social Engineering Event to Train Business Pros on Human Hacking

Chris Hadnagy, the founder and chief human hacker for the firm behind the Social Engineering Capture the Flag contest at DEF CON, has announced that he is launching the first social engineering event geared towards professionals in the business, technology, security, and psychology industries. Hadnagy stated that the Human Hacking

Read More