Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- University of Michigan Health says cyber attack impacted public websites, not patient info
January 30, 2023
Michigan Health officials say its public websites experienced issues due to a cyber attack but claims the issue did not impact patient information. In a statement on Monday, officials say the attack affected a “third-party vendor we use to host some of our sites.” Read more… Source: CBS Detroit News
- Come to the dark side: hunting IT professionals on the dark web
January 30, 2023
The dark web is a collective name for a variety of websites and marketplaces that bring together individuals willing to engage in illicit or shady activities. Dark web forums contain ads for selling and buying stolen data, offers to code malware and hack websites, posts seeking like-minded individuals to participate in attacks on companies, and ...
- JD Sports hit by cyber-attack that leaked 10m customers’ data
January 30, 2023
The fashion retailer JD Sports said the personal and financial information of 10 million customers was potentially accessed by hackers in a cyber-attack. The company said incident, which affected some online orders made by customers between November 2018 and October 2020, targeted purchases of products of its JD, Size?, Millets, Blacks, Scotts and Millets Sport brands. Read ...
- Russian hackers DDoS Germany for aiding Ukraine
January 30, 2023
Russian hackers have proved yet again how quickly cyber attacks can be used to respond to global events with a series of DDoS attacks on German infrastructure and government websites in response to the country’s plan to send tanks to Ukraine. The efforts, according to Germany’s cyber security agency, the BSI, were largely in vain. “Currently, ...
- Infrastructure Companies Say Suppliers Pose a Growing Cyber Threat
January 27, 2023
Companies in critical infrastructure sectors say weak cyber defenses at suppliers are becoming a significant threat to their business, and that rules to boost security down the supply chain might be needed. While federal and industry rules for specific areas such as aviation, pipeline companies and other critical infrastructure operators are well-established, said Curley Henry, vice ...
- ISC Releases Security Advisories for Multiple Versions of BIND 9
January 27, 2023
The Internet Systems Consortium (ISC) has released security advisories that address vulnerabilities affecting multiple versions of the ISC’s Berkeley Internet Name Domain (BIND) 9. A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency

