InfoSec News Nuggets 06/20/2022

2,000 arrests in crackdown on social engineering and business email scams The international police organization Interpol has arrested 2,000 people in a crackdown on social-engineering rackets and intercepted $50 million in illicit funds. Interpol announced it had conducted raids at 1,700 locations over two months, seizing $50 million in fraudulently gained proceeds and arresting 2,000 people, which it described as "operators, fraudsters and money launderers" as part of its crackdown on social engineering and business email compromise (BEC)…
Read More

InfoSec News Nuggets 06/02/2022

Wray: FBI blocked planned cyberattack on children's hospital The FBI thwarted a planned cyberattack on a children's hospital in Boston that was to have been carried out by hackers sponsored by the Iranian government, FBI Director Christopher Wray said Wednesday. Wray told a Boston College cybersecurity conference that his agents learned of the planned digital attack from an unspecified intelligence partner and got Boston Children's Hospital the information it needed last summer to block what…
Read More

InfoSec News Nuggets 6/22/2020

To evade detection, hackers are requiring targets to complete CAPTCHAs CAPTCHAs, those puzzles with muffled sounds or blurred or squiggly letters that websites use to filter out bots (often unsuccessfully), have been annoying end users for more than a decade. Now, the challenge-and-response tests are likely to vex targets in malware attacks. Microsoft recently spotted an attack group distributing a malicious Excel document on a site requiring users to complete a CAPTCHA, most likely in an…
Read More

InfoSec News Nuggets 11/01/2019

1 - Scammers are now faking voicemail notifications to steal Office 365 login credentials Security researchers have found a new phishing campaign that leverages fake voicemail messages to trick victims into stealing their Office 365 email credentials. The scam — uncovered by cybersecurity firm McAfee — made use of fraudulent email attachments, which when opened, redirected users to a phishing website that siphoned the login information with an aim to impersonate staff members and gain wider access…
Read More