Glad tidings to all cybersecurity defenders who research and bring us news on the threats out there and advise the general population on how to stay safe. Successful is the one who applies the knowledge gained from the information that they share or at least disseminate it to those who will make the most of it.
If you're thinking: Why the threats all the time? Can't we have a day off without reading about a cyber incident or learning that someone designed an application to facilitate illicit gains? Unfortunately, that's not happening anytime soon. That's because there will always be good guys who want what's best for you, and there will always be bad guys who don't care.
‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA
Just when you think that Multi Factor Authentication can save your online accounts from intrusion, then you read an article like this and you have a heartbreak.
Here is a tip of what Starkiller can do:
According to an analysis of Starkiller by the security firm Abnormal AI, the service lets customers select a brand to impersonate (e.g., Apple, Facebook, Google, Microsoft et. al.) and generates a deceptive URL that visually mimics the legitimate domain while routing traffic through the attacker’s infrastructure.
For example, a phishing link targeting Microsoft customers appears as “login.microsoft.com@[malicious/shortened URL here].” The “@” sign in the link trick is an oldie but goodie, because everything before the “@” in a URL is considered username data, and the real landing page is what comes after the “@” sign
Faking it on the phone: How to tell if a voice call is AI or not
I know that threat actors will read this and try to find a way to beat the information shared in the article. You should also read it and know how they can attack you in the first place.
The following is a quick lesson from the article:
Given that deepfake technology has improved significantly in the six years since, it’s worth revisiting some key steps you can take to minimize the chances of a worst-case scenario.
It should start with employee training and awareness. These programs should be updated to include deepfake audio simulations to ensure staff known what to expect, what’s at stake and how to act. They should be taught to spot the tell-tale signs of social engineering and typical deepfake scenarios
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
I am not saying it's good news. But if the article's title had not said "big customer networks", I would probably have cared less. Meanwhile, that's not the case. Big customer networks dating back to 2023? Who knows what the hackers have got their hands on? What a time to be alive!
Here is what hackers tend to gain from the bug:
By exploiting this bug over the internet, hackers can gain the highest level of permissions to these devices and maintain persistent hidden access inside a victim’s network, allowing them to spy or steal data over a long period of time.
Some of the affected organizations are said to be critical infrastructure. The company did not provide specifics, but “critical infrastructure” can refer to everything from power grids and water supply to the transportation sector.
Ukrainian man pleads guilty to running AI-powered fake ID site
This article reminds me of the saying: Just because you can, does not mean that you should. At the time of writing, the site [OnlyFake] is offline. However, the cached copy of the Internet Archive shows the web page instructing its user base to use the generated IDs for legal purposes only.
Then I thought: it's a big mistake if one creates a service like this and expects it to be used solely for "experimental purposes" only. Now, he is in custody, forced to forfeit USD $1.2 million, and faces up to 15 years in prison. The latter is set to be decided on June 26, 2026.
From the article:
According to the indictment, Nazarenko's OnlyFake platform allowed customers to generate fake digital versions of U.S. driver's licenses for all 50 states and U.S. passports and passport cards, as well as digital versions of identification documents for roughly 56 other countries.
Customers could also customize the fake digital documents with personal details, opt for randomized information, and choose whether the finished product appeared as a scan or a tabletop photograph.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.
Top comments (0)