Account credentials of YouTube creators and Facebook users have come under increased threat in two separate malicious campaigns. YTStealer is a new info-stealing malware that is only after YouTube content creators for their credentials. Another cybercriminal group has worked through its innovative way to lay traps in a new Facebook-themed spam. Hackers use the Messenger chatbot feature to engage users and prompt them to log in. Another shocking news flew in from OpenSea. The NFT marketplace fell victim to a breach due to a human error at its email vendor. It has warned users that email scammers may try to lure them with spam calls, messages, and emails.
Top Breaches Reported in the Last 24 Hours
Largest NFT marketplace disclosed breach
OpenSea has confirmed experiencing a breach, owing to a security incident at its email delivery vendor, Customer[.]io. An employee downloaded email addresses belonging to OpenSea users and newsletter subscribers and shared them with an unauthorized third party. Users have been warned against phishing attacks that may stem in the wake of the leak.
Tourists' data stolen from Israel
Sharp Boys hacker group made a claim about obtaining personal and credit card data from at least five tourism-related sites in Israel. Hackers allegedly accessed the backend interface of the targeted sites. As proof of the leak, they also released a spreadsheet containing the personal information of 120,000 people.
Top Malware Reported in the Last 24 Hours
YTStealer creeps through browsers
A new campaign involving the new information-stealing malware YTStealer is targeting YouTube content creators. It is assumed that the cybercriminal group has specially crafted it to extract credentials from one single service. One notable aspect of the malware is that it uses the open-source Chacal anti-VM framework to hide from debugging and memory analysis.
Top Vulnerabilities Reported in the Last 24 Hours
Firefox fixed flaws and brought-in new privacy feature
Mozilla addressed 20 security vulnerabilities with its newly released version 102.0 of the Firefox browser. The publicly disclosed bugs, with five of them rated “High,” are listed in the CVE database. The browser has also taken a leap in ensuring the privacy of users by limiting random URLs from tracking the online activities of users.
Top Scams Reported in the Last 24 Hours
Fake Facebook page violation email
Trustwave researchers stumbled across an email phishing campaign that uses malicious Messenger chatbots to steal Facebook credentials. The email contains a message about Facebook page deletion due to some sort of possible violation of Facebook Community Standards. It provides potential victims with an “Appeal Now” button, which will take them to a phishing page for entering account credentials.