Attackers behind the scheme placed an ad on the LEGO website homepage that urged visitors to click a link that would "unlock secret rewards," which redirects to a third-party marketplace enabling purchases of the fraudulent LEGO token with Ethereum.
Security pros says while Star Blizzard will most likely regroup, it does degrade their operations and gives defenders some time to deploy AI-powered tools.
Forty-one of the internet domains seized by the Justice Department have been used by Callisto Group in an ongoing spear-phishing attack campaign against various U.S.-based targets, including current and former employees of the Defense and State Departments, military contractors, and intelligence community members.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.
The way we use browsers has changed, so has the way we need to secure them. Using a secure enterprise browser to execute content away from the endpoint, inside a secure cloud browser is a dramatically more effective and cost-effective approach to protect users and secure access.
This segment is sponsored by Menlo Security. Visit https://securitywe...