By David JacobyAt the time of writing there is a new Facebook phishing attack going on. It will not just try to steal your Facebook credentials; it will also try to steal credit card information and other important information such as security questions.This Facebook phishing attack is pretty interesting because it does not just try to trick the victim into visiting a phishing website. It will reuse the stolen information and login to the compromised account and change both profile picture and name. The profile picture will be changed to the Facebook logo and the name will be translated to “Facebook Security” but containing special ascii characters replacing letters such as “a” “k” “S” and “t”.
Browsing Category: Social Engineering
The targeted attack that exploited a previously unknown vulnerability in Adobe’s Reader application last month was extremely focused on defense industrial base firms, and affected just a handful of systems, according to a company spokesman.
More and more fraudulent sites have wrestled their way onto Alexa’s global top 250 ranking list thanks to typosquatting, a technique that attackers use to deceive users into clicking into the wrong website.
Long content to talk about the “what” behind cyber crime, the nation’s top computer security cops descended on New York City this week for the FBI’s International Conference on Cyber Crime ready to talk about “who.” But while discussions of tools and techniques for identifying criminal actors online dominate the schedule, cyber security experts say law enforcement still has a long way to go.
Two congressmen have accused Facebook of dodging questions about whether it tracks the activity of its 800 million members. On Monday, Representatives Ed Markey (D-Mass) and Joe Barton (R-Tex.) questioned the reasoning behind a recent patent application by the site that suggests it may use information from its users for targeted advertisements.
Security researcher Michal Zalewski has released a new version of a passive fingerprinting tool called P0f that has the ability to diagnose a wide range of components in an Internet connection, even uncovering clients that are trying to forge some part of their identity in the connection.
Tracking the increasingly common use of PC games as an infection vector, researchers at the Microsoft Malware Protection Center (MMPC) discovered a couple of malicious programs making the rounds on torrent and file sharing sites.
The FBI issued a warning late last week about ‘Gameover,’ a variant of the Zeus malware that can steal usernames and passwords. The malware is being propagated through spam e-mails purporting to come from the National Automated Clearing House Association (NACHA), the Federal Reserve Bank and the Federal Deposit Insurance Corporation (FDIC).
The Ramnit worm, which was first detected more than 18 months ago, has continued to evolve and now has spawned a version that is targeting victims’ Facebook credentials, and with great success. Researchers at Seculert in Israel have found a variant of Ramnit that is stealing those credentials and then trying to compromise other accounts belonging to the victims, including VPNs, email and other sensitive accounts.
A researcher at Kaspersky Lab is warning of a new scam that pastes racy photos to victims’ Facebook pages while forcing them to view Web-based advertisements promoted by the scammers.