A paper published by Microsoft and researchers at Carleton University declare password re-use and weak credentials have their place for users managing multiple accounts.
Browsing Category: Social Engineering
LastPass, the popular password manager for most of the top Web browsers, has fixed a couple of vulnerabilities that could have allowed an attacker to target users and generate his own one-time passwords for the victim’s account. The company said that its security team hasn’t seen any active attacks exploiting these vulnerabilities and doesn’t think that[...]
Facebook disclosed that it carried out its first botnet takedown of a Greek operation called Lecpetex. The botnet victimized 250,000 computers, stole Facebook and other credentials, and dropped Litecoin mining software.
The World Cup is the most popular sporting event on the planet, and not just among sports fans; attackers and scammers of all stripes love it as well, as it presents a unique opportunity to separate victims from their money. Phishing and malware scams tied to the World Cup in Brazil have been running rampant[...]
Incentivized by a minimal amount of cash, computer users who took part in a study were willing to agree to download an executable file to their machines without questioning the potential consequences.
Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at a newer banker Trojan that has the[...]
The hackers behind last month’s iPhone ransomware campaign – in which many users were asked to pay $100 to unlock their devices – may be behind bars now.
A phishing campaign has been detected that sends victims Dropbox links leading to a .zip file hosting the Zeus banking Trojan.
Iranian spies have been carrying out a campaign since at least 2011 that has gathered intelligence by targeting D.C. journalists and government emissaries via social media.
Twitter has made a couple of changes to the service’s login process to help prevent account takeovers and enable users to reset their passwords in a simpler way. A Twitter account is among the more valuable assets for an attacker who is targeting a specific person. Accounts typically are tied to a user’s main email[...]