Browsing Category: Social Engineering

Phishing for Fanboys with Phony iPhone 5 Images

There is no such thing as a trivial detail when it comes to the impending release of an Apple product and scammers are well aware of this. A recent attack is exploiting the public’s fascination with all things Apple and the ubiquitous interest in anything iPhone 5-related with an email phishing scam that includes a file that claims to contain pictures of the unreleased iPhone’s battery but actually contains a malicious Word document.

Read more...

Own the Email, Own the Person

For attackers looking to take control of a victim’s online presence, there is no better place to start than the target’s email account. If you own the email, you own the person. That’s never been more true than today, with so many social networks, services and shopping sites attached to users’ email addresses. New research done by Lucas Lundgren of IOActive shows just how simple it can be to get control of a target’s email account, and from there, everything else.

Read more...

Gauss, Flame Highlight Problem of Defeating High-End Malware

If the last couple of years of life on the Internet have taught us anything it should be that there’s a lot we don’t know about what’s happening out there. Sure, we know that there are a lot of attacks going on, metric tons of money being stolen and untold terabytes of data being siphoned off, and once in a while we’re even able to figure out who’s doing some of it. But, as the discovery of tools such as Flame and Gauss suggests, there’s a lot of stuff bubbling under the surface that mostly goes unseen.

Read more...

Report: Stealthy New Banking Malware Tilon Emerges

A new type of financial malware has surfaced that’s targeting information submitted through banking forms via the “Man in the Browser” (MITB) technique and proving difficult to detect, according to research published by computer security firm Trusteer today.

Read more...

New Study Shows Surge in Fake Twitter Users

Dealers–Twitter scammers who create fake profiles on the social media site and sell their sets of followers–are adapting their workflow just enough to stay under the social media site’s radar, according to security firm Barracuda Labs, who recently wrapped up a 75 day study analyzing the buying and selling of Twitter followers.

Read more...

Olympic Flavored 419 Scams Exploit London Games Fervor

Categories: Social Engineering

Olympic themed fraud, email scams, and spam campaigns are so banal right now that the official website of the 2012 London Olympic Games contains not only a ‘stay safe online’ page but has also compiled a downloadable list of known scams.

Read more...

Firms Need ‘Tough Love’ In Struggle Against APTs

Black Hat is upon us and, with it, a lot of chatter about the dangers posed by so-called “APT,” or advanced persistent threats. Rather than get trapped in the hype bubble, Threatpost editor Paul Roberts took the opportunity to check back in with a recognized expert on detecting and combating APT-style attacks: Amit Yoran, the former CEO of NetWitness Corp. and now a Senior Vice President at RSA, The Security Division of EMC. Yoran says that the darkest days may yet be ahead in the fight against APT style attacks, with mounting attacks and a critical shortage of security talent. To cope, both private sector firms and the government need to stop fighting the last war and pivot to the kinds of practices and monitoring that can spot sophisticated attackers. 

Read more...

Targeted Attacks on Small Businesses Increase in 2012

In the first six months of 2012, 36 percent of targeted attacks focused on small businesses of fewer than 250 employees, and there were an average of 58 attacks per day, according to a new research report. At the end of 2011, small businesses were on the receiving end of only 18 percent of such attacks.

Read more...