Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Charges filed in cyber attack on East Bay water treatment plant
July 6, 2023
A 53-year-old Tracy man is facing federal criminal charges in connection with an alleged attack on the computer systems of a Discovery Bay water treatment plant more than two years ago, according to the U.S. Attorney’s Office. Rambler Gallo was a full-time employee of a private Massachusetts-based company that contracted with Discovery Bay to operate the ...
- CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants
July 6, 2023
Today, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware ...
- Japan’s biggest port hit by suspected cyberattack, operations halted
July 5, 2023
The Port of Nagoya, Japan’s largest port by total cargo throughput and responsible for handling some of Toyota Motor Corp.’s car exports, has suffered a crippling system glitch, with the port operator saying Wednesday it suspects a cyberattack. As of noon, the port in central Japan remained unable to load and unload containers from trailers. Police ...
- ChatGPT Shared Links and Information Protection: Risks and Measures Organizations Must Understand
July 5, 2023
Since its initial release in late 2022, the AI-powered text generation tool known as ChatGPT has been experiencing rapid adoption rates from both organizations and individual users. However, its latest feature, known as Shared Links, comes with the potential risk of unintentional disclosure of confidential information. In this article, Trend Micro researchers will examine these risks ...
- Thousands of Fortinet firewalls are unpatched against this serious security bug, so patch now
July 4, 2023
Hundreds of thousands of FortiGate firewalls are yet to be patched against a flaw being actively used in the wild, experts have revealed. Cybersecurity researchers from Bishop Fox recently used the Shodan.io search engine for internet-connected devices to look for servers with HTTPS responses that suggested the software was outdated. The results brought back almost 490,000 ...
- TSMC discloses data breach from LockBit-claimed attack against third party
July 4, 2023
Major Taiwanese multinational chip manufacturing firm Taiwan Semiconductor Manufacturing Company has confirmed experiencing a data breach as a result of a cyberattack against Kinmax, which is one of its IT hardware suppliers, before the end of June, reports The Record, a news site by cybersecurity firm Recorded Future. Such a disclosure comes after the LockBit ransomware ...

