Browsing Category: Social Engineering

Rocra Espionage Malware Campaign Uncovered After Five Years of Activity

For five years, it hid in the weeds of networks used by Eastern European diplomats, government employees and scientific research organizations, stealing data and infecting more machines in an espionage campaign rivaling Flame and others of its ilk. The campaign, called Rocra or Red October by researchers at Kaspersky Lab, focused not only on workstations, but mobile devices and networking gear to gain a foothold inside strategic organizations. Once inside, attackers pivoted internally and stole everything from files on desktops, smartphones and FTP servers, to email databases using exploits developed in China and Russian malware, Kaspersky researchers said.

Read more...

Chrome Clickjacking Vulnerability Could Expose User Information on Google, Amazon

An apparent clickjacking, or UI redress vulnerability, in Google’s Chrome web browser could make it possible for attackers to glean users’ e-mail addresses, their first and last names and other information according to recent work done by an Italian researcher.Luca De Fulgentis, who writes about security for Nibble Security’s blog, detailed the issue earlier this week, along with another separate data extraction method.

Read more...

Bans on Employer Demands for Personal Passwords Go Into Effect

In spring of last year, reports began surfacing that some employers were demanding that current and sometimes prospective employees hand over the log-in credentials or otherwise provide access to their various social media accounts. People were outraged. Such invasions of what many perceive as their personal, albeit, online privacy prompted much debating and the writing of a never-ending slew opinion pieces.

Read more...

Facebook Patches Webcam Snooping Vulnerability

Late last week the social networking giant Facebook patched a particularly voyeuristic security vulnerability in the platform that could have given malefactors the ability to remotely turn on the webcams of other users and post videos to their profiles, according to a Bloomberg News report.

Read more...

Trusteer: More Chrome, 64-bit Windows Malware to Come in 2013

Tis the season for predictions and security firm Trusteer checks in today with a handful for the upcoming New Year. In a post on the company’s blog, CTO Amit Klein distills Trusteer’s top ideas into an infographic,. The company predicts the security landscape will see more exploits, specifically Man-in-the-Browser malware, targeting Google’s Chrome browser, the further emergence of native 64-bit Windows malware and what the firm claims will be a more drawn out malware lifecycle.

Read more...

Spear Phishing Remains Preferred Point of Entry in Targeted, Persistent Attacks

Categories: Social Engineering

Persistent targeted attacks against the government, financial services, manufacturing and critical infrastructure take on many characteristics. Attackers can have different backgrounds and motivations, and the tools they use can range from commodity malware to zero-day exploits.

Read more...

Malicious Browser Add-On Guides Victims to Phishing Sites

Phishers are using a typosquatted domain name designed to mimic the URL of a popular e-commerce destination in order to lure their victims to a malicious Website that prompts its visitors to download a malicious add-on that will guide users to phishing sites, even when they type legitimate URLs into their browser’s address bar.

Read more...

Fake Facebook Alert Emails Link to Black Hole Sites

Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to a series of compromised websites hosting the Black Hole Exploit Kit, according to researcher Dancho Danchev.

Read more...

How-To: Tips for Shopping Online

Black Friday and the Monday that follows, which we have somewhat recently taken to calling Cyber Monday, are two of the biggest shopping days of the year. The tradition of getting off to a fast start on your holiday shopping by getting out there on the Friday after Thanksgiving that most Americans take as a vacation day dates back to the 1960’s. Cyber Monday, on the other hand, was created by online retailers sometime in the last decade in an attempt at squeezing one more day of shopping mania out of consumers.

Read more...

Point-of-Sale Terminals Compromised at 63 Barnes & Noble Locations

UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from service on Sept. 14. The retailer did not disclose how many customers may have been affected by the tampered devices.

Read more...