Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New cyberattack method: tracking typing remotely via keyboard sounds
August 7, 2023
A group of British cybersecurity researchers has figured out a novel new attack method: recording the sound a computer keyboard makes. The researcher took recordings using a nearby smartphone of typists and used it to train a sound classification model, achieving accuracies of 95% to suss out the actual keys pressed. They call this an acoustic side ...
- Ukraine-Linked Group Claims It Hacked Website Of Moscow Property Registration Bureau
August 7, 2023
A Ukraine-linked hacker group said on Telegram on August 7 that it had hacked the website of Moscow’s municipal property registration bureau (MosgorBTI) overnight, saying “the information about state officials, politicians, military, and special services officers who support the Ukraine war had been handed to Ukraine’s defense forces.” The MosgorBTI’s website has yet to comment on ...
- Cyberattack disrupted hospitals, health care in Pennsylvania, 4 other states
August 6, 2023
Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted. Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the ...
- FBI Investigating Cyber Attack Affecting Connecticut Hospitals
August 4, 2023
“Prospect Medical Holdings Inc. recently experienced a data security incident that has disrupted our operations,” said Nina Kruse, ECHN’s vice president for communications and public affairs. “Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” she said. The FBI’s field office in New ...
- CISA Releases Five Industrial Control Systems Advisories
August 3, 2023
CISA released five Industrial Control Systems (ICS) advisories on August 3, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-215-01 Mitsubishi Electric GOT2000 and GOT SIMPLE ICSA-23-215-02 Mitsubishi Electric GT and GOT Series Products Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- CISA, NSA, FBI, and International Partners Release Joint CSA on Top Routinely Exploited Vulnerabilities of 2022
August 3, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and international partners are releasing a joint Cybersecurity Advisory (CSA), 2022 Top Routinely Exploited Vulnerabilities. This advisory provides details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2022, and the associated Common ...

