"Passwort" Folge 29: Security-News und Feedback von Oracle bis Web-PKI
Die Reaktionen zeigen: Angriffe auf Smartphones bewegen viele Hörer. Die Passwort-Hosts ärgern sich zudem in der neuesten Folge über Versäumnisse großer Player.
heise security Tour: Risiko Management, Managed Security, Phishing-Abwehr & mehr
2025 gibt es die 20ste Ausgabe der unabhängigen Eintages-Konferenz der heise security Redaktion mit vielen spannenden Themen für Security-Profis in Unternehmen.
Heads-up from CERT-UA: they're flagging Excel phishing campaigns targeting Ukraine right now. Honestly, it's a pretty classic tactic we've seen before, right?
Still, reverse shells and data theft are absolutely no joke. This whole situation really takes me back to my pentesting days – it always hammers home that user awareness is crucial. More often than not, those sneaky macros are the exact gateway attackers use to get in.
So, how are you all keeping your users safe on your end? Are you leaning more on specific tools, or is it all about the training? Curious to hear your strategies!
Is the sky fluxxing?! Last week a CISA advisory on DNS Fast Flux created a lot of buzz. We have an insider's take.
Fast Flux is a nearly 20 year old technique and is essentially the malicious use of dynamic DNS. It is critical that protective DNS services understand this -- and all other DNS techniques -- on that we agree.
What we also know as experts in DNS is that there are many ways to skin a cat, as they say.
#dns #threatintel #cisa #malware #phishing #threatintelligence #infobloxthreatintel #infoblox #cybercrime #cybersecurity #infosec
Think before you click, phishing is real.
Phishing links can harvest your credentials silently.
#Phishing #CyberSecurity #EmailSafety
#Phishing aktuell: #Spotify-Kundschaft zu Bestätigung der Identität und Zahlungsmethode angehalten: https://www.verbraucherzentrale.nrw/phishing
King Bob pleads guilty to Scattered Spider-linked cryptocurrency thefts from investors - A Florida man, linked to the notorious Scattered Spider hacking gang, has pleaded guilty ... https://www.bitdefender.com/en-us/blog/hotforsecurity/king-bob-pleads-guilty-to-scattered-spider-linked-cryptocurrency-thefts-from-investors #scatteredspider #cryptocurrency #databreach #guestblog #lawℴ #dataloss #phishing
Oracle, Check Point, Twilio, Royal Mail, NYU and more are all in the hot seat this week!
#News #TechNews #Technology #Cybersecurity #DataBreach #privacy #ransomware #phishing #healthcare #business #education #government
In the middle of the night, there were numerous attempts to get Facebook accounts created for randomly generated usernames for my domain. The emails all provided different confirmation code numbers and different fake Chinese-sounding names.
It didn't work. And I am not happy that Facebook didn't catch that it was rapid-fire emailing me numerous requests to confirm accounts.
Noah Urban, aka "King Bob" and a suspected member of Scattered Spider, pleaded guilty this week in a case involving wire fraud, cryptocurrency theft, phishing, and simswapping. He had cases against him in Florida and California. Other people indicted with him have yet to be tried or to make plea deals, and one young man from Scotland has been detained in Spain pending determination of extradition request (I haven't found any update on the extradition case).
or jump directly to Urban's plea agreement:
https://storage.courtlistener.com/recap/gov.uscourts.flmd.422789/gov.uscourts.flmd.422789.66.0.pdf
#wirefraud, #cryptocurrency, #phishing, #simswapping, #identitytheft
"I'm not the only person for whom a detailed knowledge of scams created immunity from being scammed. Troy Hunt is the proprietor of HaveIBeenPwned.com, the internet's most comprehensive and reliable breach notification site. Hunt pretty much invented the practice of tracking breaches, and he is steeped – saturated – in up-to-the-minute, nitty-gritty details of how internet scams work.
Guess who got phished?
(...)
Hunt had just gotten off a long-haul flight. He was jetlagged. He got a well-constructed, plausible counterfeit email from Mailchimp telling him that his mailing-list – which he absolutely relies upon – had been frozen after a spam complaint, and advising him to click on a link to contest the suspension. He was taken to a fake login screen that his password manager didn't autopopulate, so he manually pasted the password in (Mailchimp doesn't have 2FA). It was only when the login session hung that he realized he'd been scammed – and by then, it was too late. Within minutes, his mailing list had been exported by the scammers.
In his postmortem of the scam, Hunt identifies the overlapping factors that made him vulnerable. He was jetlagged. The mailing list was important. Bogus spam complaints are common. Big corporate sites like Mailchimp often redirect their logins through different domains, which causes password manager autofill to fail. Hunt had experienced near-identical phishing attempts before and spotted them, but this one just happened to land at the very moment that he was vulnerable. Plus – as with my credit union scam – it seems likely that Mailchimp itself had been breached (or has an insider threat), which allowed the scammers to pad out the scam with plausible details that made it seem legit."
https://pluralistic.net/2025/04/05/troy-hunt/#teach-a-man-to-phish
#PoisonSeed #phishing campaign behind emails with wallet seed phrases
https://www.europesays.com/1971156/ Russian-linked UAC-0219 group escalates attacks on Ukraine government, critical infrastructure #CriticalInfrastructure #CybersecurityAttacks #DropMeFiles #FileSharing #GoogleDrive #Government #phishing #PowerShellStealer #Russia #UAC0219 #Ukrzaliznytsia
Troy Hunt Gets Phished
In case you need proof that anyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterative story on his webpage about how ... https://www.schneier.com/blog/archives/2025/04/troy-hunt-gets-phished.html
Possible Phishing 
on: 
hxxps[:]//dev-02455126665[.]pantheonsite[.]io
Analysis at: https://urldna.io/scan/67ee94813b77500010d38cfe
#cybersecurity #phishing #infosec #urldna #scam #infosec
This makes for good education for clients!
QR codes sent in attachments are the new favorite for phishers https://www.malwarebytes.com/blog/news/2025/04/qr-codes-sent-in-attachments-are-the-new-favorite-for-phishers
This week, we encountered a new phishing campaign utilizing the Tycoon 2FA Phishing-as-a-Service (PhaaS) to bypass multifactor authentication (MFA).
The RDGA domains have Russian TLDs but are hosted on CloudFlare infrastructure. We have been seeing them use shared infrastructure for a few months now, definitely trying to make detection more challenging. They continue to obfuscate every piece of code but have updated their verification page. Previously, we always saw their custom Cloudflare Turnstile page, but now they also use a new captcha challenge, as shown below.(You can also check it here https://urlscan.io/result/0195ed8b-7a48-7348-a814-0a058571b51e/ )
Their old Cloudflare Turnstile page seems to still be their favorite, even though they now change their message more frequently: "Checking response before request" or "Tracking security across platform" are some of the new messages they use.
Here is a sample of the hundreds of domains we are detecting:
womivor[.]ru
nthecatepi[.]ru
toimlqdo[.]ru
dantherevin[.]ru
xptdieemy[.]ru
