Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.
LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.
However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Loose-lipped neural networks and lazy scammers
October 31, 2024
One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing ...
- Lumma/Amadey: fake CAPTCHAs want to know if you’re human
October 29, 2024
Attackers are increasingly distributing malware through a rather unusual method: a fake CAPTCHA as the initial infection vector. Researchers from various companies reported this campaign in August and September. The attackers, primarily targeting gamers, initially delivered the Lumma stealer to victims through websites hosting cracked games. Kaspersky recent research into the adware landscape revealed that this ...
- LinkedIn bots and spear phishers target job seekers
October 23, 2024
Microsoft’s social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It’s also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags. Think “I was laid off”, “I’m #opentowork” and similar phrases that ...
- Cybersecurity Awareness Month: Recognizing Phishing Attacks
October 23, 2024
In conjunction with the U.S. Cybersecurity and Infrastructure Agency (CISA) and the National Cybersecurity Alliance (NCA), SonicWall is participating in Cybersecurity Awareness Month this October to spread awareness about key issues in cybersecurity. In their last blog, SonicWall mentioned that while password hygiene and multifactor authentication are both crucial, they can be easily foiled by a ...
- Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
October 15, 2024
In September 2024, threat intelligence experts from the Positive Technologies Security Expert Center (PT ESC) discovered an email sent to a governmental organization belonging to a CIS country. Timestamps indicate that the email was sent back in June 2024. The email appeared to be a message without text, containing only an attached document. However, the email ...
- File hosting services misused for identity phishing
October 8, 2024
Microsoft has observed campaigns misusing legitimate file hosting services increasingly use defense evasion tactics involving files with restricted access and view-only restrictions. While these campaigns are generic and opportunistic in nature, they involve sophisticated techniques to perform social engineering, evade detection, and expand threat actor reach to other accounts and tenants. These campaigns are intended to ...

