News Posts matching #phishing

Return to Keyword Browsing

Snail Mail Malware: Chinese Hackers Go Old School

In today's world, data breaches, phishing attacks, malware, and exploits are a daily occurrence. We are all familiar with the typical phishing emails that grace our inbox day in day out. You might even get a phone call from a fake Microsoft tech support employee, who attempts to gain access to your system. However, in our always-online world, it is a bit surprising to hear about hackers that would decide to use snail mail. In what will likely elicit a few giggles, U.S. state and local government agencies, along with the Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued an alert, in what I can only describe as an attack from the stone age; malware infested CDs.

Kaspersky Labs Warns Against Cryptocurrency Social Engineering Schemes

The cryptocurrency phenomenon and the growth of a keen audience of cryptocurrency owners was never going to go unnoticed by cyber-criminals. To achieve their nefarious goals they typically use classical phishing techniques, however these often go beyond the 'ordinary' scenarios we have become familiar with. By drawing inspiration from ICO (initial coin offering) investments and the free distribution of crypto coins, cyber criminals have been able to profit from both avid cryptocurrency owners and rookies alike.

Some of the most popular targets are ICO investors, who seek to invest their money in start-ups in the hope of gaining a profit in the future. For this group of people, cyber-criminals create fake web pages that simulate the sites of official ICO projects, or try to gain access to their contacts so they can send a phishing email with the number of an e-wallet for investors to send their cryptocurrency to. The most successful attacks use well-known ICO projects. For example, by exploiting the Switcheo ICO using a proposal for the free distribution of coins, criminals stole more than $25,000 worth of cryptocurrency after spreading the link through a fake Twitter account.

Adding Insult to Injury: Fake Spectre, Meltdown Patch Pushes Malware to Users

A Malwarebytes report calls attention to the latest occurrence in the inevitable trend that that ensues a particular security vulnerability being given coverage by the media. As users' attention to the vulnerability is heightened, so is their search for a solution, for a way to reduce the risk of exposition. Hence, users search for patches; and hence, some fake patches surface that take advantage of the more distracted, or less informed, of those who really just want to be left at peace.

Case in point: Malwarebytes has identified a recently-registered domain that is particularly targeting German users (remember: you can be next; it's just a matter of Google translating the page for it be targeting you as well). The website is offering an information page with various links to external resources about Meltdown and Spectre and how it affects processors, and is affiliated with the German Federal Office for Information Security (BSI) - all good, right?

Cryptojacking: Over 2,500 Websites Out There to Steal Your CPU Time

Cryptojacking is a new phenomenon, which was popularized by ThePirateBay embedding its website with a Javascript-based crypto-currency miner. It quickly sprung up the debate on whether crypto-currency miners hidden into web-pages could become the revenue model of the future, replacing online advertising or paid subscriptions. Some commentators argue that it's fine as long as users are made sufficiently aware that a website is embedding a miner, and is presented with a choice between ads and the miner. Others were steadfast against the idea as heavy Internet browsing (across multiple tabs), could bring down computers to a crawl, and have a more than tangible impact on electricity bills.

According to an ArsTechnica report, there could be at least 2,500 websites out there, with embedded crypto-currency miners that are hidden from the users. Willem de Groot, an independent cybersecurity researcher told the publication that he estimates JS miners may have proliferated to 2,496 websites, and its adoption is on the rise. Some dishonest websites embed miners as a revenue source in addition to ads and sponsored content. At the heart of the controversy is Coinhive. This company sells easy-to-integrate crypto-currency miners that can be embedded into websites as a revenue source. The company is on a marketing overdrive, writing to siteops and bloggers to spread their miners.

ISPs Should Do More to Safeguard the Web: FCC Chairman

US Federal Communications Commission (FCC) chairman sought "smart, practical, voluntary solutions", without mandating his own, for internet service providers (ISPs) to fight online fraud and data theft. Chairman Julius Genachowski estimated that 8.4 million credit-card details are stolen online, each year. "If consumers lose trust in the Internet, this will suppress broadband adoption and online commerce and communication, and all the benefits that come with it," Genachowski said in a speech. The FCC feels ISPs can come up with solutions that prevent client PCs in the US from being forced into malicious botnets by hackers, without having to encroach upon users' privacy.

Genachowski urged ISPs to adopt DNSSEC, a system that ensures people accessing sensitive sites such as their banks' online transaction portals go to the right address, and not redirected to a fraudulent password phishing site. "To be effective, everyone who is a part of the Internet ecosystem must play a meaningful role in ensuring that private and government networks, and personal computers and devices are secured," said Comcast/NBCUniversal President Kyle McSlarrow in a blog posting. Comcast is one of America's biggest ISPs. This is an example of how threats to the sanctity of a productive internet can be defeated with highly-specific solutions that don't threaten privacy and freedoms, instead of broad-scoped legislations that potentially do.

Majority of Facebook Attacks Feed Fraudulent Affiliate Marketing Sites: Commtouch

Commtouch (NASDAQ: CTCH) today published an in-depth analysis of 2011 Facebook attacks within its Internet Threats Trend Report, a year-end synopsis of Internet threats. The report and infographic present a comprehensive analysis of scores of malicious Facebook activities during the past year, as identified by Commtouch Labs. Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions, according to the report. Visitors to these sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.

Users are induced to click on the scams through social engineering tactics such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: "You have to see this!" After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or "self-XSS," each of which is described in the report.

Password Security The Windows 8 Way

Windows 8 implements a radical new user interface called Metro for desktop PC's, which has so far received a mixed reception. However, there's many other changes under the hood and one of those is how password security is handled, which we look at here. It's a fact of life, that in today's modern world, we have to remember a plethora of passwords and PIN's, which can be daunting. This leads to security issues as users end up writing down passwords and/or create very insecure ones which can be easily guessed. Windows 8 aims to uphold strong password security, while at the same time, easing the burden on the user. Also, passwords can be obtained in various ways by miscreants, such as phishing, keylogging, guessing, and cracking. Windows addresses each of these problems in three main ways:
Return to Keyword Browsing