An apparent clickjacking, or UI redress vulnerability, in Google’s Chrome web browser could make it possible for attackers to glean users’ e-mail addresses, their first and last names and other information according to recent work done by an Italian researcher.Luca De Fulgentis, who writes about security for Nibble Security’s blog, detailed the issue earlier this week, along with another separate data extraction method.
Browsing Category: Social Engineering
In spring of last year, reports began surfacing that some employers were demanding that current and sometimes prospective employees hand over the log-in credentials or otherwise provide access to their various social media accounts. People were outraged. Such invasions of what many perceive as their personal, albeit, online privacy prompted much debating and the writing of a never-ending slew opinion pieces.
Late last week the social networking giant Facebook patched a particularly voyeuristic security vulnerability in the platform that could have given malefactors the ability to remotely turn on the webcams of other users and post videos to their profiles, according to a Bloomberg News report.
Tis the season for predictions and security firm Trusteer checks in today with a handful for the upcoming New Year. In a post on the company’s blog, CTO Amit Klein distills Trusteer’s top ideas into an infographic,. The company predicts the security landscape will see more exploits, specifically Man-in-the-Browser malware, targeting Google’s Chrome browser, the further emergence of native 64-bit Windows malware and what the firm claims will be a more drawn out malware lifecycle.
Persistent targeted attacks against the government, financial services, manufacturing and critical infrastructure take on many characteristics. Attackers can have different backgrounds and motivations, and the tools they use can range from commodity malware to zero-day exploits.
Phishers are using a typosquatted domain name designed to mimic the URL of a popular e-commerce destination in order to lure their victims to a malicious Website that prompts its visitors to download a malicious add-on that will guide users to phishing sites, even when they type legitimate URLs into their browser’s address bar.
Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to a series of compromised websites hosting the Black Hole Exploit Kit, according to researcher Dancho Danchev.
Black Friday and the Monday that follows, which we have somewhat recently taken to calling Cyber Monday, are two of the biggest shopping days of the year. The tradition of getting off to a fast start on your holiday shopping by getting out there on the Friday after Thanksgiving that most Americans take as a vacation day dates back to the 1960’s. Cyber Monday, on the other hand, was created by online retailers sometime in the last decade in an attempt at squeezing one more day of shopping mania out of consumers.
UPDATE – America’s largest book retailer, Barnes & Noble, announced this morning it has detected evidence of tampering in 63 PIN-pad devices used in as many stores by criminals trying to steal payment card information. Barnes & Noble claims to have disconnected all the affected devices from service on Sept. 14. The retailer did not disclose how many customers may have been affected by the tampered devices.
Cybercriminals are mimicking the online payment processor PayPal in a malicious spam campaign that attempts to dupe customers into downloading malware from links in seemingly authentic emails, according to a Webroot report written by Dancho Danchev.