Amazon has blocked more than 1,800 suspected North Korean applicants from joining the company since April 2024, TechRadar reports. Amazon’s Chief Security Officer, Stephen Schmidt, said in a LinkedIn post that DPRK-linked applications have increased by 27% quarter over quarter this year.
Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.”
Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox.
Zscaler has published a report on a new phishing kit dubbed “BlackForce” that uses Man-in-the-Browser (MitB) attacks to steal credentials and bypass multi-factor authentication. Notably, the kit “features a vetting system to qualify targets, after which a live operator takes over to orchestrate a guided compromise.”
Eighty-one percent of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise their prices as a result, a report from the Identity Theft Resource Center (ITRC) has found.
A popular phone call/voicemail scam (i.e., vishing) involves someone calling you, claiming to be law enforcement with a warrant for your arrest, and then offers you an opportunity to avoid arrest by paying the “fine.”
Today, anyone can find a picture of absolutely anybody and it is also not difficult to find a sample of their voice. By combining these it is shockingly easy to create a realistic AI deepfake video of that person. The video may not be perfect, and an experienced AI deepfake enthusiast might be able to see signs of it not being real, but it will be good enough to fool 99% of people.
