Notícias

To help reduce phishing risk, 1Password added an extra layer of protection and began rolling out a phishing prevention feature designed to stop users before they share passwords with scammers. How 1Password phishing prevention works When a user clicks a link whose URL doesn't match a saved login, 1Password will not autofill their credentials. To avoid confusion, the product displays a warning message that prompts users to pause and reconsider before proceeding. Source: 1Password For … More → The post 1Password targets AI-driven phishing with built-in prevention appeared first on Help Net Security.

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. [...]

Threat actors are leveraging the file-sharing service for payload delivery in AitM phishing and BEC attacks. The post Phishers Abuse SharePoint in New Campaign Targeting Energy Sector appeared first on SecurityWeek.

Online services often treat one-time links sent by text message as low-risk conveniences. A new study shows that these links can expose large amounts of personal data for years. Malicious URLs continue to shift from email to SMS According to to Proofpoint, cybercriminals favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection. These links are embedded in messages, buttons, and even inside attachments like PDFs or Word … More → The post One-time SMS links that never expire are exposing personal data for years appeared first on Help Net Security.

Online services often treat one-time links sent by text message as low-risk conveniences. A new study shows that these links can expose large amounts of personal data for years. Malicious URLs continue to shift from email to SMS According to to Proofpoint, cybercriminals favor malicious URLs over attachments, as they are easier to disguise and more likely to evade detection. These links are embedded in messages, buttons, and even inside attachments like PDFs or Word … More → The post One-time SMS links that never expire can expose personal data for years appeared first on Help Net Security.

Threat actors who specialize in vishing (i.e., voice phishing) have started using phishing kits that can intercept targets' login credentials while also allowing attackers to control the authentication flow in a targeted user's browser in real-time. At least two custom-made phishing kits are currently used by a number of threat actors that go after credentials and authentication factors to gain access to corporate systems and assets. “These custom kits are made available on an as-a-service … More → The post Okta users under attack: Modern phishing kits are turbocharging vishing attacks appeared first on Help Net Security.

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks. BleepingComputer has learned that these kits are being used in active attacks to steal Okta SSO credentials for data theft. [...]

Thanks to AI, phishing attacks are becoming more dangerous. The popular 1Password app and browser extension now offers an extra layer of protection against phishing attempts.

Microsoft will soon add new fraud protection features to Teams calls, warning users about external callers who attempt to impersonate trusted organizations in social engineering attacks. [...]

A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered a new Android click-fraud trojan family that uses TensorFlow.js ML models to visually detect and tap ads, avoiding traditional script-based methods. The malware is distributed via Xiaomi's GetApps, it […]