1. Microsoft warning: This AiTM phishing attack can skip your defenses
Phishing campaigns are using web proxies to perfectly imitate corporate login pages that can help attackers dodge multi-factor authentication. Read more »
2. Crooks are now posing as cybersecurity companies to trick you into installing malware
Cybersecurity company CrowdStrike details phishing attacks that claim to come from security companies – including Crowdstrike itself. Read more »
3. How hackers create fake personas for social engineering
And some ways to up your game for identifying fabricated online profiles of people who don’t exist. Read more »
4. CISA orders agencies to patch new Windows zero-day used in attacks
CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. Read more »
5. Now offering cryptocurrency, ATMs targeted for crypto-fraud
The addition of cryptocurrency to ATMs in recent years has added a new wrinkle to the basic card skimmers and over-the-shoulder, old-school PIN-snatching. Read more »