Security news for Mar 25, 2022: New Phishing Technique Makes an Attack Nearly Undetectable
Here is your round-up of the most relevant cybersecurity headlines for the week of Mar 25, 2022:
A phishing technique (called browser-in-the-browser) can exploit and simulate a browser window within a browser to spoof a legitimate domain, thereby creating a nearly undetectable attack.
Threat researchers say the relatively new extortion gang Lapsus$, active on social media, revels in the spotlight. LAPSUS$ is reportedly on a recruiting mission to get employees to cough up sensitive info. Tugboat Logic is not an Okta user and has not been impacted.
The SEC just announced the long-awaited proposed rules for how publicly-traded companies will need to report the risk to their businesses from climate change in their audited financial statements.
Crypto companies invest heavily in cybersecurity, but hackers can still burrow in by attacking their third-party vendors. That's what happened to Circle, BlockFi, Pantera Capital, NYDIG and other prominent crypto firms…
And as always, please comment down below and let us know your thoughts on this week's headlines. Or, if you have any exciting infosec or cybersecurity-related news, please share the links in the comment.