New phishing campaign hits LastPass, Bitwarden users


Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.

However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Zeus Sphinx revamped as coronavirus relief payment attack wave continues

    May 11, 2020

    The Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams. On Monday, IBM Security researcher Nir Shwarts said the company has been tracking the evolution of the malware which is based on the leaked codebase of the well-known Zeus v.2 Trojan. Zeus Sphinx — also referred ...

  • Threat Brief: Maze Ransomware Activities

    May 8, 2020

    Since the beginning of the calendar year, Palo Alto Networks has detected an uptick in Maze ransomware samples across multiple industries. As a result, we’ve created this general threat assessment post on the Maze ransomware activities and a full visualization of these techniques can be viewed in the Unit 42 Playbook Viewer. Maze ransomware, a variant of ChaCha ...

  • TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

    May 1, 2020

    Threat actors are using people’s interest in the Department of Labor’s Family and Medical Leave Act (FMLA) to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently. Recent analysis from spam honeypots set by IBM X-Force discovered actors targeting email recipients with fake messages that claim to ...

  • Spear-phishing campaign compromises executives at 150+ companies

    April 30, 2020

    A cybercrime group operating since mid-2019 has breached the email accounts of high-ranking executives at more than 150 companies, cyber-security firm Group-IB reported today. The group, codenamed PerSwaysion, appears to have targeted the financial sector primarily, which accounted for more than half of its victims; although, victims have been recorded at companies active across other verticals ...

  • State-backed phishing targets U.S. Government employees with fast food lures

    April 22, 2020

    More than a dozen state-backed hacking groups are actively targeting U.S. Government employees and healthcare organizations in phishing campaigns that use lures designed to take advantage of the fears surrounding the COVID-19 pandemic. “TAG has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to ...

  • Loki Delivered as CAB File Attachment

    April 22, 2020

    We found in our honeypot a spam sample that delivers the info stealer Loki through an attached Windows Cabinet (CAB) file. The email that bears the malicious file poses as a quotation request to trick the user into executing the binary file inside the CAB file. CAB is a compressed archive file format usually associated with various drivers, system ...