home.social

#social-engineering — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #social-engineering, aggregated by home.social.

fetched live
  1. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  2. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  3. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  4. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  5. Sign here… and install an unwanted RMM

    A sophisticated phishing campaign impersonates DocuSign's branding to compromise victims through malicious JavaScript embedded in fraudulent webpages. The attack leverages social engineering to trick users into downloading MSI installers disguised as legitimate DocuSign updates or documents. These payloads establish remote access through legitimate Remote Monitoring and Management tools from Atera Network Ltd and ConnectWise/ScreenConnect. Investigation revealed extensive attacker infrastructure spanning hundreds of domains, with tracking mechanisms via Telegram bots collecting detailed victim telemetry including IP addresses, geolocation, ISP information, and user-agent strings. The campaign targets both Windows and macOS systems, utilizing deployment kits across multiple infrastructures with similar URL patterns and JavaScript mechanisms.

    Pulse ID: 6a512b20f12a5adf6bf2c1b3
    Pulse Link: otx.alienvault.com/pulse/6a512
    Pulse Author: AlienVault
    Created: 2026-07-10 17:25:52

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #ConnectWise #CyberSecurity #InfoSec #Java #JavaScript #Mac #MacOS #OTX #OpenThreatExchange #Phishing #SMS #ScreenConnect #SocialEngineering #Telegram #Windows #bot #AlienVault

  6. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  7. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  8. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  9. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  10. Operation Capsule Vault: RokRAT Attack Chain Analysis Using EMBED_PAYLOAD_v2

    A sophisticated spear-phishing campaign targeted individuals in research, policy, and academic fields through emails disguised as materials from an actual academic conference. The attack leveraged a cloud storage link delivering a malicious ISO file containing a PIF executable disguised as a PDF document. The multi-stage loader used EMBED_PAYLOAD_v2 structure to embed both legitimate documents and malicious payloads, which were sequentially extracted and executed in memory. Shellcode injection into explorer.exe ultimately deployed a RokRAT variant communicating with cloud-based C2 infrastructure via pCloud, Dropbox, and Yandex Cloud. The campaign demonstrated advanced social engineering by exploiting information from a real event, combined with sophisticated evasion techniques including process injection and cloud-based command-and-control operations. Attribution analysis linked the activity to APT37 based on infrastructure overlap, code similarities, and operational patterns.

    Pulse ID: 6a5414fab18f9d7456d7eda8
    Pulse Link: otx.alienvault.com/pulse/6a541
    Pulse Author: AlienVault
    Created: 2026-07-12 22:28:10

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APT37 #Cloud #CodeInjection #CyberSecurity #Dropbox #Email #InfoSec #OTX #OpenThreatExchange #PDF #Phishing #RAT #ShellCode #SocialEngineering #SpearPhishing #bot #pCloud #AlienVault

  11. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  12. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  13. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  14. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

    #Podcast #Technology #CyberSecurity #InformationSecurity #SocialEngineering #GDPR

  15. Experiment of the week.

    We've submitted Episode 16, "GDPR Enters the Chat", to The Pod Radar to see how our podcast performs on a community-driven discovery platform.

    If you've listened to the episode and feel it deserves a recommendation, we'd appreciate your vote. It's a small gesture that can help other IT professionals discover the show.

    Link: thepodradar.com/episode/8d5b7b

  16. No "human verification" thing on a website login will ask you to paste some command into a terminal. Anyone who does that is asking for consequences. #SocialEngineering

  17. No "human verification" thing on a website login will ask you to paste some command into a terminal. Anyone who does that is asking for consequences. #SocialEngineering

  18. No "human verification" thing on a website login will ask you to paste some command into a terminal. Anyone who does that is asking for consequences. #SocialEngineering

  19. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  20. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  21. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  22. DATE: July 10, 2026 at 05:23PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    #AI Threats Put #Healthcare Vendors in #Hackers' Crosshairs: #HIPAA #BusinessAssociates Tied to 50% of #DataBreach Victims as #AI-Aided Attacks Loom t.co/BM2ieuq230 #wallofshame @HHSOCR

    Here are any URLs found in the article text:

    t.co/BM2ieuq230

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  23. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  24. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  25. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  26. DATE: July 10, 2026 at 05:18PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    Why #AI Can't Fix Broken #Healthcare Processes, Bad Data: Peter Justen of #AmeriTrustSolutions on How Data Integrity Affects Benefits Administration t.co/i9vDNxCIyn

    Here are any URLs found in the article text:

    t.co/i9vDNxCIyn

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  27. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  28. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  29. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  30. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  31. Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign

    A malicious campaign was detected impersonating an Italian banking brand through a fraudulent domain offering fake financial rewards for installing a mobile application. Users are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK functions as a dropper containing an embedded second-stage payload identified as Albiriox, an Android banking Remote Access Trojan. This payload exploits Accessibility services, implements overlay attacks, intercepts SMS messages, captures credentials, and enables remote device control through a custom TCP-based command-and-control protocol. The infrastructure uses domain impersonation and social engineering with financial incentives to distribute the malware. Communication occurs via raw TCP sockets to endpoints on ports 5555 and 5552, with JSON messages framed using big-endian length prefixes. Attribution to Albiriox is supported by protocol similarities, behavioral patterns, and comparison with known Albiriox samples.

    Pulse ID: 6a501da5e79e415cb0ec861e
    Pulse Link: otx.alienvault.com/pulse/6a501
    Pulse Author: AlienVault
    Created: 2026-07-09 22:16:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Bank #CyberSecurity #Endpoint #InfoSec #Italian #Malware #NATO #OTX #OpenThreatExchange #RCE #RemoteAccessTrojan #SMS #SocialEngineering #TCP #Telegram #Trojan #bot #AlienVault

  32. RedHook Returns with a Dangerous Upgrade

    RedHook is an Android Remote Access Trojan that has re-emerged with significant enhancements, particularly in privilege abuse capabilities. The malware autonomously exploits Android's ADB Wireless Debugging features to obtain shell-level access, integrating the Shizuku framework to execute protected system APIs. Recent activity shows expansion beyond Vietnam to Indonesia, targeting Southeast Asian users through spoofed government and financial websites. Malicious APKs are hosted on trusted platforms like AWS S3 and GitHub repositories. The current version supports 53 distinct server-issued commands and employs sophisticated persistence mechanisms including foreground activity spoofing, silent media playback, and cross-process monitoring. Distribution relies on social engineering via phone calls and messaging applications, tricking victims into downloading malicious APKs and enabling Accessibility services under false pretenses.

    Pulse ID: 6a4fa023bcc8675bb1b91cfc
    Pulse Link: otx.alienvault.com/pulse/6a4fa
    Pulse Author: AlienVault
    Created: 2026-07-09 13:20:35

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #AWS #Android #Asia #CyberSecurity #GitHub #Government #Indonesia #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Rust #SMS #SocialEngineering #Trojan #UK #Vietnam #bot #AlienVault

  33. RedHook Returns with a Dangerous Upgrade

    RedHook is an Android Remote Access Trojan that has re-emerged with significant enhancements, particularly in privilege abuse capabilities. The malware autonomously exploits Android's ADB Wireless Debugging features to obtain shell-level access, integrating the Shizuku framework to execute protected system APIs. Recent activity shows expansion beyond Vietnam to Indonesia, targeting Southeast Asian users through spoofed government and financial websites. Malicious APKs are hosted on trusted platforms like AWS S3 and GitHub repositories. The current version supports 53 distinct server-issued commands and employs sophisticated persistence mechanisms including foreground activity spoofing, silent media playback, and cross-process monitoring. Distribution relies on social engineering via phone calls and messaging applications, tricking victims into downloading malicious APKs and enabling Accessibility services under false pretenses.

    Pulse ID: 6a4fa023bcc8675bb1b91cfc
    Pulse Link: otx.alienvault.com/pulse/6a4fa
    Pulse Author: AlienVault
    Created: 2026-07-09 13:20:35

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #AWS #Android #Asia #CyberSecurity #GitHub #Government #Indonesia #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Rust #SMS #SocialEngineering #Trojan #UK #Vietnam #bot #AlienVault

  34. RedHook Returns with a Dangerous Upgrade

    RedHook is an Android Remote Access Trojan that has re-emerged with significant enhancements, particularly in privilege abuse capabilities. The malware autonomously exploits Android's ADB Wireless Debugging features to obtain shell-level access, integrating the Shizuku framework to execute protected system APIs. Recent activity shows expansion beyond Vietnam to Indonesia, targeting Southeast Asian users through spoofed government and financial websites. Malicious APKs are hosted on trusted platforms like AWS S3 and GitHub repositories. The current version supports 53 distinct server-issued commands and employs sophisticated persistence mechanisms including foreground activity spoofing, silent media playback, and cross-process monitoring. Distribution relies on social engineering via phone calls and messaging applications, tricking victims into downloading malicious APKs and enabling Accessibility services under false pretenses.

    Pulse ID: 6a4fa023bcc8675bb1b91cfc
    Pulse Link: otx.alienvault.com/pulse/6a4fa
    Pulse Author: AlienVault
    Created: 2026-07-09 13:20:35

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #AWS #Android #Asia #CyberSecurity #GitHub #Government #Indonesia #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Rust #SMS #SocialEngineering #Trojan #UK #Vietnam #bot #AlienVault

  35. RedHook Returns with a Dangerous Upgrade

    RedHook is an Android Remote Access Trojan that has re-emerged with significant enhancements, particularly in privilege abuse capabilities. The malware autonomously exploits Android's ADB Wireless Debugging features to obtain shell-level access, integrating the Shizuku framework to execute protected system APIs. Recent activity shows expansion beyond Vietnam to Indonesia, targeting Southeast Asian users through spoofed government and financial websites. Malicious APKs are hosted on trusted platforms like AWS S3 and GitHub repositories. The current version supports 53 distinct server-issued commands and employs sophisticated persistence mechanisms including foreground activity spoofing, silent media playback, and cross-process monitoring. Distribution relies on social engineering via phone calls and messaging applications, tricking victims into downloading malicious APKs and enabling Accessibility services under false pretenses.

    Pulse ID: 6a4fa023bcc8675bb1b91cfc
    Pulse Link: otx.alienvault.com/pulse/6a4fa
    Pulse Author: AlienVault
    Created: 2026-07-09 13:20:35

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #AWS #Android #Asia #CyberSecurity #GitHub #Government #Indonesia #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Rust #SMS #SocialEngineering #Trojan #UK #Vietnam #bot #AlienVault

  36. RedHook Returns with a Dangerous Upgrade

    RedHook is an Android Remote Access Trojan that has re-emerged with significant enhancements, particularly in privilege abuse capabilities. The malware autonomously exploits Android's ADB Wireless Debugging features to obtain shell-level access, integrating the Shizuku framework to execute protected system APIs. Recent activity shows expansion beyond Vietnam to Indonesia, targeting Southeast Asian users through spoofed government and financial websites. Malicious APKs are hosted on trusted platforms like AWS S3 and GitHub repositories. The current version supports 53 distinct server-issued commands and employs sophisticated persistence mechanisms including foreground activity spoofing, silent media playback, and cross-process monitoring. Distribution relies on social engineering via phone calls and messaging applications, tricking victims into downloading malicious APKs and enabling Accessibility services under false pretenses.

    Pulse ID: 6a4fa023bcc8675bb1b91cfc
    Pulse Link: otx.alienvault.com/pulse/6a4fa
    Pulse Author: AlienVault
    Created: 2026-07-09 13:20:35

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #AWS #Android #Asia #CyberSecurity #GitHub #Government #Indonesia #InfoSec #Malware #OTX #OpenThreatExchange #RAT #RemoteAccessTrojan #Rust #SMS #SocialEngineering #Trojan #UK #Vietnam #bot #AlienVault

  37. DATE: July 9, 2026 at 05:32PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Raises Stakes for #RuralHospital #Security: @duncanregional CIO Roger Neal on Bolstering #Cyber Defenses as AI Threats Grow Teams t.co/P1t3OyPMkX

    Here are any URLs found in the article text:

    t.co/P1t3OyPMkX

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  38. DATE: July 9, 2026 at 05:32PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Raises Stakes for #RuralHospital #Security: @duncanregional CIO Roger Neal on Bolstering #Cyber Defenses as AI Threats Grow Teams t.co/P1t3OyPMkX

    Here are any URLs found in the article text:

    t.co/P1t3OyPMkX

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  39. DATE: July 9, 2026 at 05:32PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Raises Stakes for #RuralHospital #Security: @duncanregional CIO Roger Neal on Bolstering #Cyber Defenses as AI Threats Grow Teams t.co/P1t3OyPMkX

    Here are any URLs found in the article text:

    t.co/P1t3OyPMkX

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  40. DATE: July 9, 2026 at 05:32PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    How #AI Raises Stakes for #RuralHospital #Security: @duncanregional CIO Roger Neal on Bolstering #Cyber Defenses as AI Threats Grow Teams t.co/P1t3OyPMkX

    Here are any URLs found in the article text:

    t.co/P1t3OyPMkX

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  41. DATE: July 8, 2026 at 05:45PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    @HHSOCR Delays Planned #HIPAA #Security Rule Overhaul to Mid-2027: @HHSGov Working on Modified HIPAA #Privacy Rule, #HealthIT Interoperability Proposals t.co/HDniU7IuYE #HITECH

    Here are any URLs found in the article text:

    t.co/HDniU7IuYE

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  42. DATE: July 8, 2026 at 05:45PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    @HHSOCR Delays Planned #HIPAA #Security Rule Overhaul to Mid-2027: @HHSGov Working on Modified HIPAA #Privacy Rule, #HealthIT Interoperability Proposals t.co/HDniU7IuYE #HITECH

    Here are any URLs found in the article text:

    t.co/HDniU7IuYE

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  43. DATE: July 8, 2026 at 05:45PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    @HHSOCR Delays Planned #HIPAA #Security Rule Overhaul to Mid-2027: @HHSGov Working on Modified HIPAA #Privacy Rule, #HealthIT Interoperability Proposals t.co/HDniU7IuYE #HITECH

    Here are any URLs found in the article text:

    t.co/HDniU7IuYE

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  44. DATE: July 8, 2026 at 05:45PM
    SOURCE: HEALTHCARE INFO SECURITY

    Direct article link at end of text block below.

    @HHSOCR Delays Planned #HIPAA #Security Rule Overhaul to Mid-2027: @HHSGov Working on Modified HIPAA #Privacy Rule, #HealthIT Interoperability Proposals t.co/HDniU7IuYE #HITECH

    Here are any URLs found in the article text:

    t.co/HDniU7IuYE

    Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

    -------------------------------------------------

    Private, vetted email list for mental health professionals: clinicians-exchange.org

    Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

    -------------------------------------------------

    #security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

  45. RE: infosec.exchange/@betweentheha

    I recently encountered a ClickFix attack while visiting a trusted website. After reproducing it across multiple browsers, I realized the larger story isn’t just the malware, it’s how attackers are increasingly impersonating security mechanisms themselves.

    I wrote about the experience and what it means for users and organizations.

    betweenthehacks.com/blog/click

    #Cybersecurity #ClickFix #SocialEngineering

  46. RE: infosec.exchange/@betweentheha

    I recently encountered a ClickFix attack while visiting a trusted website. After reproducing it across multiple browsers, I realized the larger story isn’t just the malware, it’s how attackers are increasingly impersonating security mechanisms themselves.

    I wrote about the experience and what it means for users and organizations.

    betweenthehacks.com/blog/click

    #Cybersecurity #ClickFix #SocialEngineering

  47. RE: infosec.exchange/@betweentheha

    I recently encountered a ClickFix attack while visiting a trusted website. After reproducing it across multiple browsers, I realized the larger story isn’t just the malware, it’s how attackers are increasingly impersonating security mechanisms themselves.

    I wrote about the experience and what it means for users and organizations.

    betweenthehacks.com/blog/click

    #Cybersecurity #ClickFix #SocialEngineering

  48. RE: infosec.exchange/@betweentheha

    I recently encountered a ClickFix attack while visiting a trusted website. After reproducing it across multiple browsers, I realized the larger story isn’t just the malware, it’s how attackers are increasingly impersonating security mechanisms themselves.

    I wrote about the experience and what it means for users and organizations.

    betweenthehacks.com/blog/click

    #Cybersecurity #ClickFix #SocialEngineering

  49. RE: infosec.exchange/@betweentheha

    I recently encountered a ClickFix attack while visiting a trusted website. After reproducing it across multiple browsers, I realized the larger story isn’t just the malware, it’s how attackers are increasingly impersonating security mechanisms themselves.

    I wrote about the experience and what it means for users and organizations.

    betweenthehacks.com/blog/click

    #Cybersecurity #ClickFix #SocialEngineering

  50. A CAPTCHA should never ask you to open Terminal.

    I recently encountered a real ClickFix attack while visiting a trusted website. That experience led me to investigate why attackers are increasingly impersonating security itself instead of simply impersonating trusted brands.

    New Between The Hacks article:

    betweenthehacks.com/blog/click

    #ClickFix #Cybersecurity #InfoSec #SocialEngineering

  51. A CAPTCHA should never ask you to open Terminal.

    I recently encountered a real ClickFix attack while visiting a trusted website. That experience led me to investigate why attackers are increasingly impersonating security itself instead of simply impersonating trusted brands.

    New Between The Hacks article:

    betweenthehacks.com/blog/click

    #ClickFix #Cybersecurity #InfoSec #SocialEngineering