FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Yesterday β€” July 3rd 2025Your RSS feeds

The Person in Charge of Testing Tech for US Spies Has Resigned

IARPA director Rick Muller is departing after just over a year at the R&D unit that invests in emerging technologies of potential interest to agencies like the NSA and the CIA, WIRED has learned.

How to Shop Safely During Amazon Prime Day

As Amazon Prime Day approaches (July 8-11, 2025), millions of shoppers are gearing up for what promises to be one of the biggest online shopping events of the year. But while you’re hunting for deals, cybercriminals may be hunting for you. A recent devastating case from Montana serves as a stark reminder that not all β€œAmazon” calls are what they seem.

The $1 Million Nightmare: How It All Began

In April 2025, an elderly Missoula woman received what seemed like a routine customer service call. The caller claimed to be from Amazon’s fraud department and asked if she had recently purchased computer equipment. When she said no, the caller’s tone shifted to concern; they claimed her identity had been stolen, and immediate action was needed.

What followed was a masterfully orchestrated scam that would ultimately cost the woman nearly $1 million. The fake Amazon representative transferred her to what appeared to be the β€œSocial Security Department,” where another scammer told her that her personal information had been linked to a money laundering investigation. To β€œprotect” her funds, she was then connected to someone claiming to be a U.S. Marshal.

The supposed federal agent convinced her that the money in her bank accounts needed to be β€œlegalized” to keep it safe from the criminals who had stolen her identity. Over multiple visits to her home, the woman handed over cash and gold to people she believed were federal agents protecting her life savings. Instead, she was systematically robbed.

The scam only unraveled when law enforcement, working with the victim, set up a sting operation. When 29-year-old Zabi Ullah Mohammed arrived for what he thought would be another pickup, police were waiting. They found nearly $70,000 in cash in his vehicle, along with airline tickets and rental car documents – evidence of a sophisticated, multi-state operation.

When Tariff Pressure Meets Scam Opportunity

This Montana case isn’t an isolated incident, it’s part of a growing trend that peaks during major shopping events like Prime Day. What makes this year particularly concerning is the economic backdrop driving consumer behavior.

With recently implemented tariffs now in effect, including 25% on certain goods from Canada and Mexico and additional levies on Chinese products, American households are feeling unprecedented financial pressure. Recent polling shows 73% of Americans expect significant price increases in the coming months, while economists project tariffs could cost the average household nearly $1,200 annually.

This economic anxiety is creating a perfect storm for scammers, as our research shows that 46% of shoppers plan to shop more during Prime Day specifically hoping to save money in light of tariff-related price hikes. Older consumers are particularly motivated by these concerns, with 68% of shoppers aged 65+ citing tariff worries as a key driver for increased online shopping – making them prime targets for sophisticated scams promising exclusive deals and savings.

β€œAs inflation and tariffs push more people to hunt for deals, scammers are using generative AI to craft scams that are more polished, personal, and persuasive,” said Abhishek Karnik, Head of Threat Research at McAfee. β€œFrom retailer impersonations to hyper-realistic delivery scams, these threats are getting harder to spot. The good news is that the tools to fight back are getting smarter too. The best way to stay safe is to pause before you click, trust your instincts, and use AI-powered protection like McAfee’s Scam Detector to stay one step ahead.”

Β 

Figure 1. An example of an Amazon text phishing scam

Β 

The Scale of the Problem is Staggering

  • 81% of Americans plan to shop online during Prime Day 2025, creating a massive target pool for scammers
  • 15% of people have already fallen victim to online scams during Prime Day or similar major retail events.
  • Among scam victims, a shocking 84% lost money, with nearly 1 in 4 losing over $500.
  • While 89% of people report taking steps to stay safe, nearly two-thirds (65%) admit they’re not fully confident in their ability to spot a scam. That uncertainty is exactly what scammers are counting on. Designed to blend in with the shopping rush, today’s threats pressure people to click before they think.

The AI Threat is Real

  • 56% of Americans are more concerned about AI-generated scams this year than last year, particularly during major shopping events like Prime Day.
  • 36% of people have encountered deepfake scams involving fake celebrity endorsements during major sale events.
  • Among those who encountered deepfake scams, 71% reported that they or someone they know lost money.

The Vulnerability Factor

Older adults are particularly at risk, with 68% of shoppers aged 65+ saying tariff-related concerns motivate them to shop more online, potentially making them targets for scams promising β€œdeals.” Heavy shoppers face the highest risk, with 23% reporting being scammed during major sale events – more than double the rate of light shoppers. More than one-third (35%) of scam victims don’t tell anyone about being defrauded. The main reasons for staying silent include embarrassment (27%), not wanting to appear gullible (24%), and shame (9%).

The Youth Risk Factor

Younger shoppers are far more likely to take risks on unfamiliar brands β€” especially on social media. Nearly a quarter of 18–34-year-olds say they’re willing to buy from unknown retailers if the deal looks good, with 22% of 18–24s and 21% of 25–34-year-olds ready to click β€œbuy now” on offers from unknown brands. In stark contrast, older adults (65+) show extreme caution, with only 1% willing to engage with unfamiliar advertisements.

Social Shopping Platforms: Convenience Meets Danger

That openness comes with a serious trade-off. Platforms like TikTok Shop and Instagram Shopping are fast becoming hotspots for scam exposure. Nearly 1 in 3 young shoppers say they’ve encountered deepfake videos of influencers promoting deals or products that turned out to be scams during past sale events, and of those, a staggering 71% say either they or someone they know lost money. With 29% of shoppers browsing TikTok Shop and 10% using Instagram Shopping, these social platforms have become both a go-to destination for deals and a growing cybersecurity risk. The seamless integration of shopping and social content makes it easier than ever for scammers to blend fraudulent offers with legitimate content, creating a perfect storm of vulnerability.

How to Protect Yourself This Prime Day

The good news? These scams are preventable if you know what to watch for and take the right precautions. Here’s your defense playbook:

Verify Before You Trust

  • Amazon will never call you about suspicious account activity or unauthorized purchases
  • Always log into your Amazon account directly through amazon.com to check for real issues
  • Use Amazon’s Message Center – all legitimate communications from Amazon appear there
  • Never give personal information, passwords, or payment details over the phone

Watch for Red Flags

  • Urgent language demanding immediate action (β€œYour account will be closed in 24 hours!”)
  • Requests for payment via gift cards, wire transfers, or cash
  • Claims that you need to β€œverify” or β€œlegalize” your money
  • Transfers to β€œgovernment agencies” during the same call
  • Pressure to keep the call secret or not hang up

How to Protect Your Shopping Experience

  • Enable two-factor authentication on your Amazon account
  • Use strong, unique passwords or passkeys for your shopping accounts
  • Only shop on secure websites (look for β€œhttps://” and the padlock icon)
  • Monitor your bank and credit card statements regularly
  • Never click links in suspicious emails – go directly to the retailer’s website instead.
  • Use reputable online protection, such as McAfee’s Scam Detector to keep you safer from online shopping scams
  • Trust your gut – if it feels too urgent or too good to be true, it probably is

While 89% of people plan to take specific safety steps during Prime Day, the sophistication of modern scams means we all need to stay vigilant. The Montana woman’s story shows how even intelligent, cautious people can fall victim to well-orchestrated psychological manipulation.

This Prime Day, remember that the best deal is the one that doesn’t cost you your life savings. Legitimate retailers will never pressure you to act immediately or ask you to pay with untraceable methods. When in doubt, hang up, take a breath, and verify independently. Your skepticism might just save your bank account, and your peace of mind.

Key Takeaway: Amazon, and most other retailers, will not ask you to provide sensitive information over the phone or request payment via gift cards, wire transfers, or cash. When shopping this Prime Day, if something seems suspicious, it probably is. Trust your instincts and verify independently.

The post How to Shop Safely During Amazon Prime Day appeared first on McAfee Blog.

Trump Officials Want to Prosecute Over the ICEBlock App. Lawyers Say That’s Unconstitutional

The platform, which allows users to anonymously share the locations of ICE agents, is currently the third-most-downloaded iPhone app.

CBP Wants New Tech to Search for Hidden Data on Seized Phones

Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border.

Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams

A mobile ad fraud operation dubbed IconAds that consisted of 352 Android apps has been disrupted, according to a new report from HUMAN. The identified apps were designed to load out-of-context ads on a user's screen and hide their icons from the device home screen launcher, making it harder for victims to remove them, per the company's Satori Threat Intelligence and Research Team. The apps have

Microsoft Windows Firewall complains about Microsoft code

Just ignore the warnings. Nothing to see here. Move along

A mysterious piece of "under development" code is playing havoc with the Windows Firewall after the latest preview update for Windows 11 24H2.…

Young Consulting finds even more folks affected in breach mess – now over 1 million

The insurance SaaS slinger may trade under a different name, but past continues to haunt it

Young Consulting's cybersecurity woes continue after the number of affected individuals from last year's suspected ransomware raid passed the 1 million mark.…

Meta calls €200M EU fine over pay-or-consent ad model 'unlawful'

'Deserves fair compensation for the valuable and innovative services'? Which ones are those then?

Meta has come out swinging following the European Commission's decision that its pay-or-consent model falls foul of the Digital Markets Act (DMA).…

Secure Your Business With Cisco Hybrid Mesh Firewall Solutions

Cisco Hybrid Mesh Firewall provides advanced security for hybrid cloud environments, remote workforces, and AI-powered innovations.

Ransomware crew Hunters International shuts down, hands out keys to victims

Don't let their kind words sway you – leaders are still up to no good

Ransomware gang Hunters International has shut up shop and offered decryption keys to all victims as a parting favor.…

Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets

Cybersecurity researchers have uncovered over 40 malicious browser extensions for Mozilla Firefox that are designed to steal cryptocurrency wallet secrets, putting users' digital assets at risk. "These extensions impersonate legitimate wallet tools from widely-used platforms such as Coinbase, MetaMask, Trust Wallet, Phantom, Exodus, OKX, Keplr, MyMonero, Bitget, Leap, Ethereum Wallet, and Filfox

The Hidden Weaknesses in AI SOC Tools that No One Talks About

By: Unknown
If you’re evaluating AI-powered SOC platforms, you’ve likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might work for yesterday’s SOC, today's reality is different. Modern security operations teams face a

The Promise and Peril of Digital Security in the Age of Dictatorship

LGBTIQ+ organizations in El Salvador are using technology to protect themselves and create a record of the country’s ongoing authoritarian escalations against their community. It’s not without risks.

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms

The French cybersecurity agency on Tuesday revealed that a number of entities spanning governmental, telecommunications, media, finance, and transport sectors in the country were impacted by a malicious campaign undertaken by a Chinese hacking group by weaponizing several zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices. The campaign, detected at the beginning of

Let's Encrypt rolls out free security certs for IP addresses

You probably don't need one, but it's nice to have the option

Let's Encrypt, a certificate authority (CA) known for its free TLS/SSL certificates, has begun issuing digital certificates for IP addresses.…

ChatGPT creates phisher’s paradise by recommending the wrong URLs for major companies

Crims have cottoned on to a new way to lead you astray

AI-powered chatbots often deliver incorrect information when asked to name the address for major companies’ websites, and threat intelligence business Netcraft thinks that creates an opportunity for criminals.…

Gamaredon in 2024: Cranking out spearphishing campaigns against Ukraine with an evolved toolset

ESET Research analyzes Gamaredon’s updated cyberespionage toolset, new stealth-focused techniques, and aggressive spearphishing operations observed throughout 2024

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Cisco has released security updates to address a maximum-severity security flaw in Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME) that could permit an attacker to login to a susceptible device as the root user, allowing them to gain elevated privileges. The vulnerability, tracked as CVE-2025-20309, carries a CVSS score

Welcoming Truyu to Have I Been Pwned's Partner Program

Welcoming Truyu to Have I Been Pwned's Partner Program

I always used to joke that when people used Have I Been Pwned (HIBP), we effectively said "Oh no - you've been pwned! Uh, good luck!" and left it at that. That was fine when it was a pet project used by people who live in a similar world to me, but it didn't do a lot for the everyday folks just learning about the scary world of data breaches. Partnering with 1Password in 2018 helped, but the impact of data breaches goes well beyond the exposure of passwords, so a couple of months ago, I wrote about finding new partners to help victims "after the breach", Today, I'm very happy to welcome the first such partner, Truyu.

I alluded to Truyu being an excellent example of a potential partner in the aforementioned blog post, so their inclusion in this program should come as no surprise, but let me embellish further. In fact, let's start with something very topical as of the moment of posting:

New email from @Qantas just now: β€œwe believe your personal information was accessed during the cyber incident”. They definitely deserve credit for early communication. pic.twitter.com/dTLlvI0Byq

β€” Troy Hunt (@troyhunt) July 2, 2025

It's pure coincidence that Qantas' incident coincides with the onboarding of an Aussie identity protection service, but it also makes it all the more relevant. My own personal circumstances are a perfect example: apparently, my name, email address, phone number, date of birth, and frequent flyer number are now in the hands of a hacking group not exactly known for protecting people's privacy. In the earlier blog post about onboarding new partners, I showed how Truyu had sent me early alerts when my identity data was used to sign up for a couple of different financial services. If that happens as a result of the Qantas breach, at least I'm going to know about it early.

The introduction of Truyu as the first of several upcoming partners heralds the first time we've tailored content based on the geolocation of the user. What that means is that depending on where you are in the world, you may see something different to this:

Welcoming Truyu to Have I Been Pwned's Partner Program

I'm seeing Truyu on the Dropbox breach page because I'm in Australia, and if you're not, you won't. You'll have your own footer with your own country, which is based on Cloudflare's IP geolocation headers. In time, depending on where you are in the world, you'll see more content tailored specifically for you where it's relevant to your location. That's not just product placements either, we'll be adding other resources I'll share more about shortly.

Putting another brand name on HIBP is not something I take lightly, as is evidenced by the fact this is only the second time I've done this in nearly 12 years. Truyu is there because it's a product I genuinely believe provides value to data breach victims and in this case, one I also use myself. And for what it's worth, I've also spent time with the Truyu team in person on multiple occasions and have only positive things to say about them. That, in my book, goes a long way.

So, that's our new partner, and they've arrived at just the perfect time. Now I'm off to jump on a Qantas flight, wish me luck!

Before yesterdayYour RSS feeds

Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform

The second max score this week for Netzilla - not a good look

If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch after someone at Switchzilla made a big mistake.…

CISA warns the Signal clone used by natsec staffers is being attacked, so patch now

Two flaws in TeleMessage are 'frequent attack vectors for malicious cyber actors'

The US security watchdog CISA has warned that malicious actors are actively exploiting two flaws in the Signal clone TeleMessage TM SGNL, and has directed federal agencies to patch the flaws or discontinue use of the app by July 22.…

/r/netsec's Q3 2025 Information Security Hiring Thread

Overview

If you have open positions at your company for information security professionals and would like to hire from the /r/netsec user base, please leave a comment detailing any open job listings at your company.

We would also like to encourage you to post internship positions as well. Many of our readers are currently in school or are just finishing their education.

Please reserve top level comments for those posting open positions.

Rules & Guidelines

Include the company name in the post. If you want to be topsykret, go recruit elsewhere. Include the geographic location of the position along with the availability of relocation assistance or remote work.

  • If you are a third party recruiter, you must disclose this in your posting.
  • Please be thorough and upfront with the position details.
  • Use of non-hr'd (realistic) requirements is encouraged.
  • While it's fine to link to the position on your companies website, provide the important details in the comment.
  • Mention if applicants should apply officially through HR, or directly through you.
  • Please clearly list citizenship, visa, and security clearance requirements.

You can see an example of acceptable posts by perusing past hiring threads.

Feedback

Feedback and suggestions are welcome, but please don't hijack this thread (use moderator mail instead.)

submitted by /u/netsec_burn
[link] [comments]

Phishers built fake Okta and Microsoft 365 login sites with AI - here's how to protect yourself

Okta researchers found hackers could make a phishing site with AI in just 30 seconds. Here's how to protect your business.

A Group of Young Cybercriminals Poses the β€˜Most Imminent Threat’ of Cyberattacks Right Now

The Scattered Spider hacking group has caused chaos among retailers, insurers, and airlines in recent months. Researchers warn that its flexible structure poses challenges for defense.

23andMe's new owner says your DNA is safe this time

Nonprofit TTAM assures everything is BAU. Whether that makes customers feel better is another matter

The medical research nonprofit vying to buy 23andMe is informing existing customers that it plans to complete the deal on July 8.…

North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Threat actors with ties to North Korea have been observed targeting Web3 and cryptocurrency-related businesses with malware written in the Nim programming language, underscoring a constant evolution of their tactics. "Unusually for macOS malware, the threat actors employ a process injection technique and remote communications via wss, the TLS-encrypted version of the WebSocket protocol,"

Google Chrome hit by another serious security flaw - update your browser ASAP

You'll have to update Chrome to the latest version to fix a security hole that's already been exploited in the wild.

ESET Threat Report H1 2025: Key findings

ESET Chief Security Evangelist Tony Anscombe looks at some of the report's standout findings and their implications for organizations in 2025

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

ESET experts discuss Sandworm’s new data wiper, relentless campaigns by UnsolicitedBooker, attribution challenges amid tool-sharing, and other key findings from the latest APT Activity Report

How to install a smart lock on an existing deadbolt - and why this model is my top pick

The Nuki smart lock comes with an array of features and works with your existing deadbolt, so you can still use a key.

US imposes sanctions on second Russian bulletproof hosting vehicle this year

Aeza Group accused of assisting data bandits and BianLian ransomware crooks

The US Treasury has sanctioned Aeza Group, a Russian bulletproof hosting (BPH) provider, and four of its cronies for enabling ransomware and other cybercriminal activity.…

Building an XDR Integration With Splunk Attack Analyzer

Cisco XDR is an infinitely extensible platform for security integrations. Like the maturing SOCs of our customers, the event SOC team at Cisco Live San Diego 2025 built custom integrations to meet our needs. You can build your own integrations using the community resources announced at Cisco Live. It was an honor to work with […]

That Network Traffic Looks Legit, But it Could be Hiding a Serious Threat

By: Unknown
With nearly 80% of cyber threats now mimicking legitimate user behavior, how are top SOCs determining what’s legitimate traffic and what is potentially dangerous? Where do you turn when firewalls and endpoint detection and response (EDR) fall short at detecting the most important threats to your organization? Breaches at edge devices and VPN gateways have risen from 3% to 22%, according to

Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors. "A significant portion of email threats with PDF payloads persuade victims to call adversary-controlled phone numbers, displaying another popular social engineering technique known as Telephone-Oriented Attack Delivery (TOAD

Cl0p cybercrime gang's data exfiltration tool found vulnerable to RCE attacks

Experts say they don't expect the MOVEit menace to do much about it

Security experts have uncovered a hole in Cl0p's data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack.…

U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world. The sanctions also extend to its subsidiaries Aeza International Ltd., the U.K. branch of Aeza Group, as well

UK eyes new laws as cable sabotage blurs line between war and peace

It might be time to update the Submarine Telegraph Act of 1885

Cyberattacks and undersea cable sabotage are blurring the line between war and peace and exposing holes in UK law, a government minister has warned lawmakers.…

Weekly Update 458

Weekly Update 458

I'm in Austria! Well, I was in Austria, I'm now somewhere over the Aussie desert as I try and end this trip on top of my "to-do" list. The Have I Been Pwned Alpine Grand Tour was a great success with loads of time spent with govs, public meetups and users of this little data breach project that kinda escalated. As I say in the vid, I'm posting a lot more pics publicly to my Facebook page, so if you want to see the highlights, head over there. That's it for this week, it's home for a day then I'll come to you from Tokyo for the next one.

Weekly Update 458
Weekly Update 458
Weekly Update 458
Weekly Update 458

References

  1. Sponsored by:Β Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite
  2. Have Fun Teaching was breached 4 years ago and 27k of their records are now in HIBP (they went very much "radio silence" after disclosure)
  3. Robinsons Malls in the Philippines had a breach thay finally made its way into HIBP (the breach itself was back in June last year)
  4. Because Teespring was frankly, appallingly bad, we have a new merch store courtesy of Fourthwall (if you ordered from Teespring and haven't received your merch, contact their support and if that doesn't work, dispute the charge with your card company)

[remote] Microsoft SharePoint 2019 - NTLM Authentication

Microsoft SharePoint 2019 - NTLM Authentication

[remote] Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)

Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution (RCE)

[remote] gogs 0.13.0 - Remote Code Execution (RCE)

gogs 0.13.0 - Remote Code Execution (RCE)

[webapps] Moodle 4.4.0 - Authenticated Remote Code Execution

Moodle 4.4.0 - Authenticated Remote Code Execution

Vercel's v0 AI Tool Weaponized by Cybercriminals to Rapidly Create Fake Login Pages at Scale

Unknown threat actors have been observed weaponizing v0, a generative artificial intelligence (AI) tool from Vercel, to design fake sign-in pages that impersonate their legitimate counterparts. "This observation signals a new evolution in the weaponization of Generative AI by threat actors who have demonstrated an ability to generate a functional phishing site from simple text prompts," Okta

Australian airline Qantas reveals data theft impacting six million customers

Frequent flyers’ info takes flight

Australian airline Qantas on Wednesday revealed it fell victim to a cyberattack that saw information describing six million customers stolen.…

Lock down your AT&T account to prevent SIM swapping attacks - here's how

The new Wireless Account Lock prevents someone from moving your phone number to a different device.

Microsoft admits to Intune forgetfulness

Customizations not saved with security baseline policy update

Microsoft Intune administrators may face a few days of stress after Redmond acknowledged a problem with security baseline customizations.…

❌