Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

There’s been a surge of Elon Musk-themed cryptocurrency scams on TikTok, BleepingComputer reports. The scammers inform the victims that they can claim their reward after spending a small amount of bitcoin (about $132) to activate their account. “BleepingComputer tested one of the giveaways to see how it works and found that almost all utilize the same template, which pretends to be a crypto investment platform,” BleepingComputer says.

Scammers are using dating sites to lure victims into phony cryptocurrency investment schemes, according to Sean Gallagher at Sophos. These types of investment scams are known as “pig butchering,” loosely translated from the Chinese phrase “sha zhu pan.” In this case, the scammers convince the victim to participate in a liquidity pool arrangement, a legitimate but risky cryptocurrency investment technique.

WASHINGTON – In a startling revelation, FBI Director Chris Wray disclosed at a recent conference that China's cyber espionage capabilities are so extensive, they bigger than the efforts of all other major nations combined. While the U.S. government has long been cautioning against the cyber threats emanating from China, Wray's statements took the conversation to a new level of urgency.

The International Joint Commission (ICJ), an organization that handles water issues along the Canada–United States border, was hit by a ransomware attack, the Register reports. The Commission said in a statement, “The International Joint Commission has experienced a cyber security incident.

Dallas Mavericks owner and well-known investor Mark Cuban reportedly lost nearly $900,000 in a phishing attack targeting his MetaMask cryptocurrency wallet. The incident was first flagged by crypto investigator WazzCrypto, who observed unusual transactions linked to a wallet associated with Cuban. This particular wallet had been dormant for about six months before all its funds were suddenly moved.

Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands. The whole idea behind impersonation is to establish the illusion of legitimacy for a phishing email. This lowers the “defenses” of the email recipient, allowing social engineering tactics to take effect and to get the victim to interact with the email.

Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims. Impersonation in phishing attacks only works if the target has an established rapport or relationship with the sender.

The United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes. “Threats from synthetic media, such as deepfakes, present a growing challenge for all users of modern technology and communications, including National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators,” the report says.