A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit.
Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about a small amount you supposedly owe in toll fees. Here’s an example of a toll-fee scam text:
Read more…
Source: Mawarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack
September 11, 2019
Researchers have identified a new side-channel attack impacting all modern Intel server processors made since 2012. The vulnerability could allow bad actors to sniff out encrypted passwords as they are being typed into a secure shell session (SSH); but, luckily, such an attack would be difficult to launch. The attack, disclosed on Tuesday and dubbed NetCAT (short for Network Cache ...
- Uncovering IoT Threats in the Cybercrime Underground
September 10, 2019
Amid the growth of the internet of things (IoT), manufacturers and integrators are testing the limits of how the technology can be applied, as seen in how new forms of connected devices are hitting the market. Some applications play critical roles in industries while others provide more convenience for consumers. The wide spectrum of IoT ...
- Thrip: Ambitious Attacks Against High Level Targets Continue
September 9, 2019
Symantec’s Targeted Attack Analytics uncovers new attack campaigns in South East Asia. Since Symantec first exposed the Thrip group in 2018, the stealthy China-based espionage group has continued to mount attacks in South East Asia, hitting military organizations, satellite communications operators, and a diverse range of other targets in the region. Many of its recent attacks have involved ...
- ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell
September 9, 2019
Exploit kits may no longer be as prolific as it was back when their activities were detected in the millions, but their recurring activities in the first half of 2019 indicate that they won’t be going away any time soon. The Rig exploit kit, for instance, is known for delivering various payloads — such as downloader trojans, ransomware, cryptocurrency-mining malware, and information stealers — whose ...
- Critical Exim Flaw Opens Millions of Servers to Takeover
September 9, 2019
Researchers are urging users to upgrade their Exim servers immediately after millions of servers were found to be vulnerable to a critical flaw that could allow a remote, unauthenticated attacker to take full control of them. Exim, which is free software used on Unix-like operating systems (including Linux or Mac OSX) serves as a mail transfer ...
- Newly discovered cyber-espionage malware abuses Windows BITS service
September 9, 2019
Security researchers have found another instance of a malware strain abusing the Windows Background Intelligent Transfer Service (BITS). The malware appears to be the work of a state-sponsored cyber-espionage group that researchers have been tracking for years under the name of Stealth Falcon. The first and only report on this hacking group has been published in 2016 by ...