With the latest iteration of the Blackhole Exploit Kit hitting the web this week, attackers are going to great lengths to spread around links to get unsuspecting victims to click through to the first version of the kit.
Browsing Category: Social Engineering
With the release event for Apple’s newest iPhone model going on, quite literally, as I type, it comes as no surprise that scammers are exploiting the vast anticipation for the iPhone 5.
Nearly 100,000 Facebook users have been duped into installing third-party Chrome plugins over the past few weeks that have access to all of their data on every Web site they visit. According to research recently conducted by security firm Barracuda Networks, the unsuspecting users were tricked into thinking the plugins could block Timeline, a new profile feature Facebook first introduced at the end of 2011.
There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing scam that includes a file that claims to contain pictures of the unreleased iPhone’s battery but actually contains a malicious Word document.
For attackers looking to take control of a victim’s online presence, there is no better place to start than the target’s email account. If you own the email, you own the person. That’s never been more true than today, with so many social networks, services and shopping sites attached to users’ email addresses. New research done by Lucas Lundgren of IOActive shows just how simple it can be to get control of a target’s email account, and from there, everything else.
If the last couple of years of life on the Internet have taught us anything it should be that there’s a lot we don’t know about what’s happening out there. Sure, we know that there are a lot of attacks going on, metric tons of money being stolen and untold terabytes of data being siphoned off, and once in a while we’re even able to figure out who’s doing some of it. But, as the discovery of tools such as Flame and Gauss suggests, there’s a lot of stuff bubbling under the surface that mostly goes unseen.
A new type of financial malware has surfaced that’s targeting information submitted through banking forms via the “Man in the Browser” (MITB) technique and proving difficult to detect, according to research published by computer security firm Trusteer today.
Dealers–Twitter scammers who create fake profiles on the social media site and sell their sets of followers–are adapting their workflow just enough to stay under the social media site’s radar, according to security firm Barracuda Labs, who recently wrapped up a 75 day study analyzing the buying and selling of Twitter followers.
Olympic themed fraud, email scams, and spam campaigns are so banal right now that the official website of the 2012 London Olympic Games contains not only a ‘stay safe online’ page but has also compiled a downloadable list of known scams.
Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers.