Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.
LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.
However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Ukraine’s DELTA military system users targeted by info-stealing malware
December 19, 2022
A compromised Ukrainian Ministry of Defense email account was found sending phishing emails and instant messages to users of the ‘DELTA’ situational awareness program to infect systems with information-stealing malware. The campaign was highlighted in a report today by CERT-UA (Computer Emergency Response Team of Ukraine), which warned Ukrainian military personnel of the malware attack. DELTA is ...
- Attackers use SVG files to smuggle QBot malware onto Windows systems
December 14, 2022
QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows. This attack is made through embedded SVG files containing JavaScript that reassemble a Base64 encoded QBot malware installer that is automatically downloaded through the target’s browser. QBot is a Windows malware arriving ...
- CISA Releases Phishing Infographic
December 8, 2022
Today, CISA published a Phishing Infographic to help protect both organizations and individuals from successful phishing operations. This infographic provides a visual summary of how threat actors execute successful phishing operations. Details include metrics that compare the likelihood of certain types of “bait” and how commonly each bait type succeeds in tricking the targeted individual. ...
- Watch out for this triple-pronged PayPal phishing and fraud scam
December 2, 2022
My day started rough. It was 7 a.m., and I was just partially through my first cup of coffee, when I noticed a new message in my email inbox. It was from PayPal and the subject line said, “You’ve got a money request.” And so began my first look at this three-pronged PayPal phishing scam. Read more… Source: ZDNet
- Criminals use trending TikTok challenge to make data-stealing malware invisible
November 29, 2022
Malware-slinging miscreants are taking advantage of a trending TikTok challenge — and viewers’ dirty minds — to spread data-stealing malware via a phony app that’s had more than one million views so far. The new TikTok trend is called Invisible Challenge, and it involves a person filming themself naked while using an effect called Invisible Body ...
- Major Twitter hack sees 5.4 million phone numbers and email addresses leaked on the dark web
November 28, 2022
More than 5.4 million Twitter user records, including personal phone numbers and email addresses, are up for grabs on the dark web in a massive data dump that some believe the Elon Musk-owned firm is attempting to cover up. The data dump was identified by Chad Loder, the founder of cyber security awareness company Habitu8, who ...

