New phishing campaign hits LastPass, Bitwarden users


Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.

However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Google AMP – The Newest of Evasive Phishing Tactic

    August 1, 2023

    A new phishing tactic utilizing Google Accelerated Mobile Pages (AMP) has hit the threat landscape and proven to be very successful at reaching intended targets. Google AMP is an open-source HTML framework used to build websites that are optimized for both browser and mobile use. The websites that Cofense researches observed in these campaigns are hosted ...

  • What might authentication attacks look like in a phishing-resistant future?

    July 25, 2023

    The industry has come a long way in terms of improving how we make user authentication more secure. From the most basic concept of relying on usernames and passwords for authentication to enabling multi-factor authentication (MFA) for additional security, we are now embracing a shift toward passwordless logins and/or passkeys that are designed with security ...

  • Cyber attack hits South Korean government institution, $135,000 lost

    July 16, 2023

    According to Korean media reports, the Institute for Startup Promotion, operating under the Ministry of SMEs and Startups, transferred 175 million won (135,000 USD) to an overseas criminal group after being tricked by a sophisticated e-mail phishing scheme. The unfortunate event serves as a stern reminder of the increasing need for enhanced cybersecurity measures in both ...

  • WormGPT, PoisonGPT: How generative AI can become a tool for criminals

    July 15, 2023

    A cybersecurity firm discovered a new generative artificial intelligence tool called WormGPT that is being sold to criminals. Another firm created a malicious generative AI tool called PoisonGPT to test how the technology can be used to intentionally spread fake news online. These tools are the latest examples of how generative AI can be used by ...

  • Turkish intelligence uncovers ‘ghost’ Mossad network

    July 3, 2023

    After monthslong surveillance, Türkiye’s National Intelligence Organization (MIT) has exposed a “ghost” cell of 56 operatives spying on non-Turkish nationals in the country on behalf of the Israeli intelligence agency Mossad. Documents from MIT revealed that the spies were gathering biographical intelligence on foreign nationals through an online routing method, tracking vehicle movements via GPS, hacking ...

  • “.Zip” top-level domains draw potential for information leaks

    June 13, 2023

    As a result of Google’s announced sale of new TLDs that are also popular file extension formats, there is an increased risk with the deployment of the “.zip” domain that threat actors will develop new vectors for compromising victims. In early May 2023, Google released eight new TLDs, marketing the “.zip” domain as a way ...