Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA Releases Seven Industrial Control Systems Advisories
July 18, 2023
CISA released seven Industrial Control Systems (ICS) advisories on July 18, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-199-01 Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A ICSA-23-199-02 Keysight N6845A Geolocation Server ICSA-23-199-03 Iagona ScrutisWeb Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Fortescue Hit by Cyber Attack That Saw Network Data Disclosed
July 18, 2023
Fortescue Metals Group Ltd. said it had been subject to a cyber attack that resulted in “the disclosure of a small portion of data from our networks.” The world’s fourth-largest iron ore exporter described the attack as “a low impact cyber incident” that occurred on May 28. The information disclosed “was not confidential in nature,” the ...
- DDoS threat report for 2023 Q2
July 18, 2023
The second quarter of 2023 was characterized by thought-out, tailored and persistent waves of DDoS attack campaigns on various fronts, including: Multiple DDoS offensives orchestrated by pro-Russian hacktivist groups REvil, Killnet and Anonymous Sudan against Western interest websites. An increase in deliberately engineered and targeted DNS attacks alongside a 532% surge in DDoS attacks exploiting the Mitel ...
- NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing
July 17, 2023
Today, the National Security Agency (NSA) and CISA published 5G Network Slicing: Security Considerations for Design, Deployment, and Maintenance. This guidance—created by the Enduring Security Framework (ESF), a public-private cross-sector working group led by the NSA and CISA—presents recommendations to address some identified threats to 5G standalone network slicing, and provides industry recognized practices for ...
- IOCTA 2023: forget hackers in a hoodie, cybercrime has become a big business
July 17, 2023
Forget the cliché of a solitary figure in a hoodie hunched over a keyboard in a dark room crunching lines of codes. It is an image that no longer accurately reflects today’s cybercrime landscape, where criminals operate as business-like syndicates across borders. Europol’s ninth Internet Organised Crime Threat Assessment (IOCTA), whose first module is published today, ...
- US energy department, other agencies hit in global hacking spree
July 16, 2023
The U.S. Department of Energy and several other federal agencies were hit in a global hacking campaign that exploited a vulnerability in widely used file-transfer software, officials said on Thursday. Data was “compromised” at two entities within the energy department when hackers gained access through a security flaw in MOVEit Transfer, the department said in a ...

