Issue #141 - March 17, 2025
- Weekly INK
- Mar 17
- 2 min read
Updated: Mar 20
Scareware Combined With Phishing in Attacks Targeting macOS Users
Source: Security Week
A long-running campaign phishing for credentials through scareware recently switched to targeting macOS users. A scareware campaign phishing for login credentials recently switched from targeting Windows to macOS, Israeli cybersecurity firm LayerX reports. Throughout 2024 and in early 2025, the attacks targeted Windows users, relying on compromised websites to serve fake Microsoft security alerts claiming that users’ computers had been compromised and locked.
ClickFix Attacks Increasingly Lead to Infostealer Infections
Source: Data Breach Today
Paste-and-Run Schemes Trick Users Into Running Attacker-Provided Malicious Code. Widely used social engineering tactics designed to trick users into installing malware, often by "fixing" a fake computing problem, continue to claim numerous victims. The tactic, first described in 2023 by cybersecurity firm Proofpoint as ClickFix, and also known as ClearFake, is now being wielded by nation-state advanced persistent threat groups, researchers said.
Cybersecurity officials warn against potentially costly Medusa ransomware attacks
Source: AP News
The FBI and the U.S. Cybersecurity and Infrastructure Security Agency are warning against a dangerous ransomware scheme. In an advisory posted earlier this week, government officials warned that a ransomware-as-a-service software called Medusa, which has launched ransomware attacks since 2021, has recently affected hundreds of people.
WordPress security plugin WP Ghost vulnerable to remote code execution bug
Source: Bleeping Computer
Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular security add-on used in over 200,000 WordPress sites that claims to stop 140,000 hacker attacks and over 9 million brute-forcing attempts every month.
100 Car Dealerships Hit by Supply Chain Attack
Source: Security Week
The websites of over 100 car dealerships were found serving malicious ClickFix code after a third-party domain was compromised in a supply chain attack. As part of the compromise, a threat actor infected LES Automotive, a shared video service unique to dealerships, so that websites using the service would serve a ClickFix webpage to their visitors.