Browsing Category: Social Engineering

Pony Trojan

Latest Instance of Pony Botnet Pilfers $200K, 700K Credentials

Researchers have discovered a recent campaign that leveraged a Pony botnet controller to steal over $200,000 in Bitcoin and other virtual currencies along with 700,000 user credentials.

Read more...

world cup

Scammers Using World Cup as Phishing Lure

The World Cup is still four months away, but attackers already are ramping up their efforts to defraud fans. As with most major events, such as the Super Bowl, the Olympics and others, attackers are using fans’ enthusiasm for the event as a lure to separate them from their money. When a major event like[...]

Read more...

yahoo

Attackers Target Yahoo Mail Accounts in ‘Coordinated Effort’ to Own Users

Yahoo officials said Thursday that they have reset the passwords on an unspecified number of mail accounts after detecting what they call a “coordinated effort to gain unauthorized access to Yahoo Mail accounts.”

Read more...

usb_modem_

Using USB Modems to Phish and Send Malicious SMS Messages

Some USB modems can be leveraged to send malicious SMS messages and carry out spear-phishing attacks – sometimes in conjunction with each other – thanks to a cross site request forgery vulnerability present in the device’s web interfaces.

Read more...

EFF-targeted

EFF Activists, Journalists Hit By Targeted Malware Attack

While most malware campaigns are aimed at the masses, attackers often save their best stuff for high-value targets, as a recent campaign targeting American journalists and activists from the EFF shows.

Read more...

facebook logo

Facebook Phishing Campaign Employing Malicious Tumblr Pages

The general population may have had its fill of Facebook at this point, but attackers sure haven’t. There is a new round of Facebook-related spam that is using fake messages about recent crimes involving recipients’ friends as a lure to direct them to Tumblr pages serving exploits. The campaign comprises several different individual messages purporting[...]

Read more...

twitter_auth

Twitter Fixes Bug that Enabled Takeover of Any Account

Categories: Hacks, Social Engineering

Security researcher Henry Hoggard recently discovered a cross site request forgery (CSRF) vulnerability in Twitter’s “add a mobile device” feature, giving him the ability to read direct messages and Tweet from any account.

Read more...