Impress Computers

Fake Google Meet conference errors push infostealing malware. A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. ClickFix is a social-engineering tactic that emerged in May, first reported by cybersecurity company Proofpoint, from a threat actor (TA571) that used messages impersonating errors for Google Chrome, Microsoft Word, and OneDrive. The errors prompted the victim to copy to clipboard a piece of PowerShell code that would fix the issues by running it in Windows Command Prompt. Victims would thus infect systems with various malware such as DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer. In July, McAfee reported that the ClickFix campaigns were becoming mode frequent, especially in the United States and Japan. A new report from Sekoia, a SaaS cybersecurity provider, notes that ClickFix campaigns have evolved significantly and now use a Google Meet lure, phishing emails targeting transport and logistics firms, fake Facebook pages, and deceptive GitHub issues. https://lnkd.in/gAzdW9Jy

Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says. The scale of the ransomware problem has grown significantly over the last year, with hundreds of healthcare institutions attacked in the last 12 months, Microsoft reported Tuesday. In the last fiscal year, 389 U.S.-based healthcare institutions were successfully hit with ransomware, causing “network closures, systems offline, critical medical operations delayed, and appointments rescheduled,” Microsoft said in its annual Digital Defense Report released on Tuesday. The company did not say how many were successfully attacked last year. The 114-page report assessed cyber trends between July 2023 and June 2024 based on the company’s access to troves of intelligence. The company’s researchers found that nation-states and cybercriminals have been coordinating their activity to a greater degree than ever before. https://lnkd.in/erjRNBAu

WhatsApp may expose the OS you use to run it – which could expose you to crooks. Meta knows messaging service creates persistent user IDs that have different qualities on each device. An analysis of Meta's WhatsApp messaging software reveals that it may expose which operating system a user is running, and their device setup information – including the number of linked devices. That analysis comes from security researchers at cryptocurrency wallet maker Zengo, who previously found a security weakness in the app's View Once feature – and now claim they’ve found another flaw. The issue stems from how the application manages its multi-device setup, and the metadata it broadcasts during communication. "We found out that different implementations of WhatsApp generate that message ID in a different manner, which allows us to fingerprint them to know if it's coming from Windows," Zengo cofounder Tal Be'ery told The Register. In an explainer, Be'ery detailed how each device linked to a WhatsApp account – whether it's web, macOS, Android, iPhone, or Windows – is assigned a unique and persistent identity key. https://lnkd.in/d-trg-ZZ

The Rise of RTF-Based Phishing Attacks. Phishing attacks are always evolving, and in 2024 we’ve seen a major spike in campaigns using RTF (Rich Text Format) files. In March alone, we detected (and stopped) 6,755 of these attacks. What makes this wave stand out isn’t just the use of an outdated file format—it’s the clever tricks attackers are using to make their emails and attachments look more legitimate than ever. Let’s dive into how these phishing attacks are manipulating file names, obscuring malicious URLs, and leveraging old-school attachment types to bypass defenses. The Anatomy of the Attack Here’s what these phishing emails look like at a glance: a businesslike message claiming to be an invoice reconciliation, with an RTF file attached. But there’s a clever twist—the file name is customized to match the domain of the target recipient. For example, if this attack was directed at me, an employee at ironscales.com, the attachment would look like this: https://lnkd.in/gTNrE-Sq

Coffee Lovers Warned of New Starbucks Phishing Scam. A wave of emails masquerading as Starbucks offers have been circulating, promising coffee drinkers a free Starbucks Coffee Lovers Box. Action Fraud, the UK's national fraud and cyber reporting center, said it has received over 900 reports about the scam in the past two weeks. The emails contain malicious links designed to steal personal and financial information or download malware onto personal devices. Commenting on the high volume of reported emails, David Spencer, Director of Technical Product Management at Immersive Labs, said: "The aim is maximum profit, so it's a numbers game. The more targets cybercriminals reach, the more clicks they'll get." https://lnkd.in/geBPemXd

Phishing is the most common form of cybercrime, with an estimated 3.4 billion spam emails sent every day, according to Astra Security. You and your company are targets. 🎯 Follow this simple checklist anytime you get an email to help keep your network secure. It’s also a good idea to invest in training. This is a great list, but emails can still slip through the cracks, so properly training your team will help them be better prepared. #cybersecurityawarenessmonth

Amazon says 175 million customers now use passkeys to log in. Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature. "Today, we're excited to share that more than 175 million customers have enabled passkeys on their Amazon accounts, allowing them to sign in six-times faster than they could otherwise," says Amazon. "Adoption keeps growing every day, as more customers experience the convenience of passwordless sign-in." Passkeys are digital credentials tied to biometric controls or PINs and stored on devices such as phones, computers, and USB security keys. This authentication feature uses cryptographic keys (public and private keys) to act as credentials tied to a biometric feature or PIN when logging into a service. When creating a passkey, a private key is created and stored securely on a device's secure chip and the online service requiring authentication only receives the public key. https://lnkd.in/gcVmqMGK

Hackers blackmail Globe Life after stealing customer data. Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. Founded in 1900, Globe Life is among the largest providers of life and health insurance plans in the United States, with a market capitalization of $12 billion and a total revenue that exceeds $5.3 billion. Global Life previously disclosed a data breach on June 13 after discovering they had been compromised while reviewing potential vulnerabilities related to access permissions and user identity management for its web portal. At the time, the company warned that the hackers may have accessed consumer and policyholder data following a successful breach of one of the web portals. Although the company's operations weren't significantly disrupted due to the incident, there was concern about what data might have been stolen, as such a scenario could potentially impact millions. In a new filing submitted to the SEC today, Globe Life says that at least 5,000 customers of its subsidiary, American Income Life Insurance Company, are impacted. However, this number may increase as the investigation continues. https://lnkd.in/eJmDCCrS

Over 240 Million US Breach Victims Recorded in Q3. This year is unlikely to be a record one for data compromises, although Q3 saw a massive increase in supply chain attacks and nearly 242 million US breach victims, according to the Identity Theft Resource Center (ITRC). The non-profit tracks publicly reported US data breaches and accidental leaks, to compile its quarterly reports. The latest revealed a 77% quarterly decline in the number of data breach and leak victims – but that’s only because Q2’s figures (940 million) were inflated by two mega breaches at Ticketmaster and Advanced Auto Parts. The total number of so-called “data compromises” – which includes breaches and leaks – stood at 672 for Q3, an 8% quarterly decline. However, there were some concerning findings – notably that supply chain attacks rose 203% quarter-on-quarter in Q3 after dropping in the first two quarters of 2024. Some 97 entities were impacted by 31 breaches and data exposures, affecting almost one million victims. https://lnkd.in/e63t4BQX

Google is committed to making the internet a safer place. One of the tools they have available is the “safe browsing site status” page. If you’re not sure if the site you want to visit is secure, you can type it in, and the site will tell you if they’ve had any malware attacks in the last 90 days. https://smpl.is/9obne #techtip #informationtechnology #itforbusiness #Impress #Texas