Cybercriminals are finding new ways to trick people into compromising their own devices and accounts. One campaign used a sponsored ad on X to target Mac users, while another technique, dubbed ConsentFix, steals Microsoft 365 accounts without installing malware.
Researchers have discovered a ClickFix-style attack running as a sponsored advertisement on X. The ad was posted from a verified account, adding an extra layer of credibility to the scam.
ClickFix campaigns use convincing lures—historically fake “human verification” screens, and now a fake download for DynamicLake, a legitimate macOS utility that turns your MacBook’s notch into an unofficial but functional version of Apple’s Dynamic Island. This type of attack requires the user to paste a command from the clipboard, making it depend heavily on user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers pose as journalists to breach news media org’s networks
July 16, 2022
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation. Recent ...
- Meet Mantis – the tiny shrimp that launched 3,000 DDoS attacks
July 15, 2022
The botnet behind the largest-ever HTTPS-based distributed-denial-of-service (DDoS) attack has been named after a tiny shrimp. Cloudflare said it thwarted the 26 million request per second (rps) attack last month, and we’re told the biz has been tracking the botnet ever since. Now, the internet infrastructure company has given the botnet a name — Mantis — ...
- Attackers scan 1.6 million WordPress sites for vulnerable plugin
July 15, 2022
Security researchers have detected a massive campaign that scanned close to 1.6 million WordPress sites for the presence of a vulnerable plugin that allows uploading files without authentication. The attackers are targeting the Kaswara Modern WPBakery Page Builder, which has been abandoned by its author before receiving a patch for a critical severity flaw tracked as ...
- The industrial internet of things is still a big mess when it comes to security
July 14, 2022
Critical infrastructure is increasingly targeted by cyber criminals – and while those responsible for running industrial networks know that securing operational technology (OT) and the Industrial Internet of Things (IIoT) is vital, they’re struggling, resulting in networks being left vulnerable to attacks. According to analysis by cybersecurity company Barracuda, 94% of industrial organisations have experienced a ...
- Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response
July 14, 2022
WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for government and industry. The recommendations from the CSRB – an unprecedented public-private initiative that brings together government and industry leaders to review and assess significant cybersecurity events to better protect ...
- New Lilith ransomware emerges with extortion site, lists first victim
July 13, 2022
A new ransomware operation has been launched under the name ‘Lilith,’ and it has already posted its first victim on a data leak site created to support double-extortion attacks. Lilith is a C/C++ console-based ransomware discovered by JAMESWT and designed for 64-bit versions of Windows. Like most ransomware operations launching today, Lilith performs double-extortions attacks, which ...

