Do fear the Reaper - stealer swipes macOS users' passwords, wallets, then backdoors them
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
Spoofing impersonates trusted users, devices, or services to bypass trust and cause fraud; verify identities with strong authentication and signed messages.
Search across headline titles and summaries.
Background for this topic.
Spoofing is the forging of an identity or origin so a message, connection, website, or phone call appears to come from a trusted source. Attackers may impersonate an executive by email, imitate a domain, falsify caller ID, or place packets with a forged source IP address. The goal can be to induce payment or disclosure, deliver malware, bypass trust checks, or obscure the source of traffic. IP spoofing usually prevents a reply from reaching the attacker, but can support reflection attacks; it is not by itself proof of access to the claimed system.
Mitigation depends on the channel. For email, configure and enforce SPF, DKIM, and DMARC, while treating display names and caller ID as untrusted signals. Use phishing-resistant authentication, verify sensitive requests through an independent channel, and validate domains and certificates before users enter credentials. At network boundaries, apply ingress and egress source-address filtering, monitor anomalous traffic, and design services not to trust a claimed address alone.
Weekly headline count for the current query.
While also spoofing all the trusted domains - Apple, Microsoft, and Google - in the same attack
ORNL says portable detector kit can separate real GPS signals from fake ones even at equal strength GPS spoofing, which sends fake satellite-like signals, and GPS jamming, which drowns receivers in noise, are increasingly serious problems. Researchers at Oak Ridge National Laboratory in Tennessee have created what they say is the most effective system yet for detecting GPS interference, which could help blunt such attacks.…
Forged metadata made AI reviewer treat hostile changes as though they came from known maintainer Security boffins say Anthropic's Claude can be tricked into approving malicious code with just two Git commands by spoofing a trusted developer's identity.…
One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's mega Patch Tuesday.…
And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is using fake enterprise VPN clients from CheckPoint, Cisco, Fortinet, Ivanti, and other vendors to steal users' credentials, according to Microsoft.…
Extra infosec investments are taxiing towards the runway India’s Civil Aviation Minister has revealed that local authorities have detected GPS spoofing and jamming at eight major airports.…
Crooks spoof US insurers, threaten bogus extradition to pry loose personal data and cash Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns.…
Security pros explore whether infection-spoofing code can immunize Windows systems against attack Feature What's better, prevention or cure? For a long time the global cybersecurity industry has operated by reacting to attacks and computer viruses. But given that ransomware has continued to escalate, more proactive action is needed.…
PLUS: Luxury brands under fire; FBI warns crims are spoofing it again; ICE buys phone cracking software Infosec in brief Online criminals prefer to deal in digital assets, but a side effect of a ransomware attack has seen a French museum robbed of $705,000 in physical gold nuggets.…
Proofpoint spots efforts to spy on US economic policy nerds Chinese state-aligned online attackers are back at it, targeting US trade policy wonks as Washington and Beijing spar over economic ties.…
Plus: why takedowns aren't in threat-intel analysts' best interest interview It started out small: One US financial services company wanted to stop unknown crooks from spoofing their trading app, tricking customers into giving the digital thieves their login credentials and account information, thus allowing them to drain their accounts.…
Sly like a PRC cyberattack A Chinese government-backed group is spoofing legitimate medical software to hijack hospital patients' computers, infecting them with backdoors, credential-swiping keyloggers, and cryptominers.…
Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point researchers.…
Plus a free micropatch until Redmond fixes the flaw There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.…
Suspected devs behind Russian Coms cuffed – now to find the users of the nastyware The UK's National Crime Agency (NCA) has shut down an outfit called Russian Coms – a call-spoofing service believed to have swindled hundreds of thousands of victims.…
Can't we do this another way, like without these mini-sats costing $1B over 5 years, House reps wonder A plan by America's Space Force to harden GPS against spoofing attacks may be going nowhere: A request by the service branch for $77 million of public cash to finish the work is struggling to get approval from Congress.…
Akamai says it reported the flaws to Microsoft. Redmond shrugged A series of attacks against Microsoft Active Directory domains could allow miscreants to spoof DNS records, compromise Active Directory and steal all the secrets it stores, according to Akamai security researchers.…
Not exactly the MAC daddy Three years after Apple introduced a menu setting called Private Wi-Fi Address, a way to spoof network identifiers called MAC addresses, the privacy protection may finally work as advertised, thanks to a software fix.…
Google's blue tick proves untrustworthy Google says it has fixed a flaw that allowed a scammer to impersonate delivery service UPS on Gmail, after the data-hoarding web behemoth labeled the phony email as authentic.…
You know when we all said quit using MD5? We really meant it Most Windows-powered datacenter systems and applications remain vulnerable to a spoofing bug in CryptoAPI that was disclosed by the NSA and the UK National Cyber Security Center (NCSC) and patched by Microsoft last year, according to Akamai's researchers.…