Browsing Category: Social Engineering

123456 is Most Common Hotmail Password

Categories: Social Engineering

A researcher who examined 10,000 Hotmail, MSN and Live.com passwords that were recently exposed online has published an analysis of the list and found that “123456″ was the most commonly used password, appearing 64 times.  Read the full story [Kim Zetter/Wired Threat Level]  More from Dancho Danchev [zdnet.com]

Read more...

Inside the URLZone Trojan Network

Security researchers tracking the URL Zone malware/botnet have stumbled upon a new tactic being used by cyber-criminals to hide information on the money mules being used to transfer stolen funds from compromised online bank accounts.
URLZone, which targets computer users in Western Europe, is a botnet of approximately 6,000 hijacked computers that is used primarily to siphon funds from online bank accounts.  It steals between $4,000 and $15,000 from each compromised bank account and uses a nifty trick of modifying the withdrawn amount on the bank’s web site to avoid detection by the user.

Read more...

Trove of Hotmail Passwords Posted Online

Categories: Social Engineering

If you use Microsoft’s free Hotmail service, it may be time to change your password: Microsoft said Monday that several thousand Hotmail account credentials were posted online over the weekend. 
In a statement posted to its Windows Live Spaces blog, Microsoft said the company has determined that the data spill was not the result of a breach of internal Microsoft data, but rather was likely the haul from a phishing scheme.  Read the full story [washingtonpost.com]

Read more...

BlackBerry Dinged by Phishing Flaw

Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.
The certificate handling vulnerability, which carries a CVSS severity score of 6.8, affects all versions of the BlackBerry device software. 

Read more...

Cybercriminals Riding Money Mules in Online Bank Robberies

Over on the Washington Post’s SecurityFix blog, Brian Krebs has been doing a phenomenal job highlighting the online bank robberies — using malware — against small businesses in the United States.
The latest installment, which looks at the role of “money mules” in the cybercrime operation is required reading.

Read more...

Radisson Hotels Report Significant Data Breach

Add the Radisson Hotels & Resorts chain to the growing list of businesses [datalossdb.org] reporting significant data breaches that exposed sensitive customer data.
In an open letter [radisson.com] to guests, Radisson chief operating officer Fredrik Korallus said the hotel chain’s computer system was hacked between November 2008 and May 2009 and customer data, including credit and debit card numbers, was stolen.  Read the full story [zdnet.com]

Read more...

iPhone Eavesdropping Coming Soon

Categories: Social Engineering

From The Last Watchdog (Byron Acohido)

How much time should vendors of popular technology be given to fix a known security flaw? That’s the central question of the “full disclosure” debate – and one that is being tested again via Karsten Nohl’s campaign to compile a decryption handbook useful for eavesdropping on transmissions from AT&T and Tmobile phones, including iPhones and GPhones.

Nohl, a computer science PhD candidate from the University of Virginia, is calling for the global community of hackers to crack the encryption used on GSM phones. He plans to compile this work into a code book that can be used to eavesdrop on conversations and data transfers to and from GSM phones. Read the full story [lastwatchdog.com]

Read more...