CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Squid Game Phishing Scam

The cybersecurity firm Proofpoint is warning the public to be aware of a phishing scam being spread by the hacking group TA575. Claiming to be associated with the Netflix show, the group sends various emails asking unsuspecting victims to fill out an Excel document to gain early access to the new season of Squid Game, or become part of the cast. However, the Excel attachment contains macros that, if enabled, will download the Dridex banking trojan that can lead to data theft and installation of ransomware. Email attachments from untrusted senders should not be downloaded, and documents with macros generally should not be enabled as they are commonly used for malicious purposes.

Fake Amazon Gift Card Generator

With Black Friday approaching, customers looking for deals online need to be careful they are not fooled into downloading fake Amazon gift card generators. FortiGuard Labs discovered the scam, where people who were tricked into downloading and running the fake tool were infected with malware that monitors the victim’s clipboard for crypto wallet addresses. If the victim attempts to add funds to their crypto wallet by copying and pasting their wallet address, the malware overwrites the victim’s wallet address on the clipboard with its own, causing in the funds to go to the hacker instead. Sometimes there is nothing more expensive than something free.

NRA Ransomed

The Grief ransomware group has purportedly hacked the NRA. Grief leaked an archive file containing NRA grant applications as proof of their exploits, however the NRA has not confirmed that they were attacked.

By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)