New phishing campaign hits LastPass, Bitwarden users


Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.

However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • A little phishing knowledge may be a dangerous thing

    November 19, 2018

    Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a studyof students at University of Maryland, Baltimore County suggests. Citing IBM data suggesting human error is a factor in 95 per cent of security incidents, researchers from the school’s department of computer science and electrical engineering ...

  • Russian Banks Under Phishing Attack

    November 16, 2018

    Banks in Russia today were the target of a massive phishing campaign that aimed to deliver a tool used by the Silence group of hackers. The group is believed to have a background in legitimate infosec activities and access to documentation specific to the financial sector. The fraudulent emails purported to come from the Central Bank of Russia (CBR) ...

  • Inception Group Uses POWERSHOWER Backdoor in Two-Stage Spear Phishing Attacks

    November 5, 2018

    The Inception threat group has been observed exploiting the CVE-2017-11882 Microsoft Office memory corruption vulnerability and a PowerShell-based backdoor dubbed POWERSHOWER in their most recent multi-stage attack campaign during October 2018. Inception was seen in action since at least 2014, using multiple highly automated malware toolkits targeting a vast array of industries and platforms from all ...

  • Innovative Phishing Tactic Makes Inroads Using Azure Blob

    October 10, 2018

    A brand-new approach to harvesting credentials hinges on users’ lack of cloud savvy. A fresh tactic for phishing Office 365 users employs credential-harvesting forms hosted on Azure Blob storage – signed with legitimate Microsoft SSL certificates to lend an air of legitimacy. Azure Blob Storage is a cloud storage solution for hosting unstructured data such as images, ...

  • Crooks Combine Phishing and Impersonation For Higher Success Rate

    September 12, 2018

    While phishing continues to be the prevalent threat in malware-less email-based attacks, cybercriminals refine their methods by adding an impersonation component to increase the success rate against company employees. Phishing emails are easy to deploy and do not require other preparation from the attacker than crafting a vague message that is sufficiently convincing for a large ...

  • Cybercrooks home in on infosec’s weakest link – you poor gullible people

    September 5, 2018

    Cybercrims are ramping up their efforts to target employees through fraudulent email and social media scams, according to a new study by email security firm Proofpoint. Retailers and government agencies saw huge quarter-on-quarter increases in email fraud attempts in calendar Q2, with attacks per company and agency soaring 91 per cent and 84 per cent respectively. ...