Tag: credentialtheft
30 articles

fake IT support Risky Alert: Must-Have Teams Defenses
Attackers are impersonating IT in Microsoft Teams to trick employees into installing remote‑access tools and gain a foothold in corporate networks. Verify any unsolicited support request via known channels and tighten guest, app‑install, and remote‑access controls to stay safe.

ShadowSilk campaign: Exclusive, Alarming Threat
A stealthy campaign called ShadowSilk is quietly probing Central Asian and Asia‑Pacific government networks—stealing credentials, planting webshells and exfiltrating sensitive data—exposing how under-resourced states can be pawns in wider geopolitical espionage. Strengthening basic cyber hygiene, regional cooperation and fast incident response can blunt its impact before the next covert breach reshapes diplomacy and public trust.

Hook Android Trojan: Stunning Dangerous Ransomware Threat
A new Hook Android Trojan variant now combines banking fraud with ransomware-style lockouts, letting attackers both steal credentials and hold phones hostage. Millions of users should tighten app sources, review permissions, and keep backups as defenders scramble to catch up.

fake support sites: Stunningly Dangerous macOS Threat
Think twice before downloading “help” tools from ads—attackers are using convincing fake macOS support sites and malvertising to deliver the Atomic macOS Stealer (AMOS) and quietly scoop up credentials, cookies and crypto wallets. Verify support pages with vendors directly and treat unsolicited downloads like risky strangers offering to fix your device.

DOM-based extension clickjacking: Stunning Risky Threat
Think your browser’s password-manager icon is a safe guardian? New research shows a clever DOM-based clickjacking trick can coerce popular extensions into spilling passwords, 2FA codes and card details— a wake-up call for users, developers and browser vendors to tighten UI isolation and patch quickly.

law enforcement email accounts: Shocking Risk Exposed
For as little as $40, criminals can buy real law-enforcement and government email accounts on the dark web — and that cheap access lets them impersonate officials, steal data, and trick people into payments. Strengthening authentication, email protections, and simple verification habits is essential to protect trust and public safety.