At a glance.
- Leveraging Netflix for credential harvesting.
- Rockstar Games suffers leak of new Grand Theft Auto footage.
- The LastPass incident.
- Further notes on the IT Army's claimed hack of the Wagner Group.
- CISA releases eight ICS Advisories.
Leveraging Netflix for credential harvesting.
INKY this morning blogged about a phishing scheme that impersonates Netflix. Researchers report that between August 21 and August 27 of this year, Netflix customers were the target of a personal identifiable information (PII) data harvesting campaign. The campaign used a malicious HTML attachment compressed in a zip file. The campaign is noteworthy because it shows that criminal social engineering is being conducted with greater polish, without some of the clumsy diction and non-standard language that once made it easy to spot. The phishing emails targeted Netflix customers, and were spoofed to look as if they came from Netflix’s actual domain. The emails originated from a virtual private server in Germany, and then moved to an abused mail server from a Peruvian university, which allowed the email to receive a DKIM pass and make it to the recipient. For more on this phishing campaign, see CyberWire Pro.