Venturebeat had the scoop on a fresh Group-IB report. They discovered the first banking trojan that steals people’s faces. Unsuspecting users are tricked into giving up personal IDs and phone numbers and are prompted to perform face scans. These images are then swapped out with AI-generated deepfakes that can easily bypass security checkpoints.

Researchers at VIPRE Security observed a 276% increase in malware delivered by phishing between Q1 and Q4 of 2023. “Last year, our YARA rules caught between one and two million generic malware instances each quarter, with a nearly 20% jump in Q4,” VIPRE’s report says.

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe it was successful. A group posing as an Amazon employee and various U.S. law enforcement agencies were able to convince a woman to take $50,000 out of her bank account in cash and hand it off to a complete stranger in the streets. It is a wild story and most of us would not be tricked into doing what happened to her.

A widespread malvertising campaign is attempting to trick users into paying phony utility bills, according to researchers at Malwarebytes. “We discovered a prolific campaign of fraudulent ads shown to users via Google searches,” the researchers write. “To give an idea of scale, the number of ads we found exceeds what we have found in previous malvertising cases....The scam begins when a user searches for keywords related to their energy bill.

With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details. Deepfake audio is nothing new… but it is getting very advanced. So much so, that security researchers at IBM Threat Intelligence were able to test out a hypothesis as to whether it’s possible to perform an audio-based “Man in the Middle” attack.

In the rapidly evolving landscape of artificial intelligence (AI), the launch of Sora by OpenAI marks an unnerving milestone in video synthesis. The unveiling of such revolutionary technology is simultaneously exciting and raises red flags to the broader implications of AI's role in digital content creation and cybersecurity. The potential of Sora to generate up to one-minute video clips from mere text input is staggering.

New data on how organizations are able to respond to ransomware attacks also shows that paying a ransom is highly likely, despite having a policy of “Do Not Pay.” New research from security vendor Cohesity says organizations are overconfident in their ability to recover from a ransomware attack. According to the data: And even if you do have an outstanding recovery plan, when’s the last time you tested it?

Numerous state-sponsored threat actors frequently launched spear phishing attacks against European Union entities last year, according to a new report from the EU’s Emergency Response Team (CERT-EU). “In 2023, spear phishing remained the predominant initial access method for state-sponsored and cybercrime groups seeking to infiltrate target networks,” the report says.

Cybercriminals are taking advantage of the messaging platform Telegram by creating channels and groups where learning and commerce all can take place freely. We’ve long known the dark web to be the back shadowed corner of the Internet where cybercriminals go to do business. But we’ve seen more examples of marketplaces frequented by threat actors shifting to the open web. One of the latest is the continued misuse of messaging platform Telegram.