A serious vulnerability in both the OAuth and OpenID protocols could lead to complications for those who use the services to login to websites like Facebook, Google, LinkedIn, Yahoo, Microsoft, PayPal among many others.
Browsing Category: Social Engineering
A recent VoIP phishing campaign has been netting the payment card information of up to 250 Americans per day.
An email phishing scam uses a realistic-looking Apple login page in order to pilfer Apple ID usernames and passwords before moving on to steal user credit card information.
Researchers have discovered a recent campaign that leveraged a Pony botnet controller to steal over $200,000 in Bitcoin and other virtual currencies along with 700,000 user credentials.
The World Cup is still four months away, but attackers already are ramping up their efforts to defraud fans. As with most major events, such as the Super Bowl, the Olympics and others, attackers are using fans’ enthusiasm for the event as a lure to separate them from their money. When a major event like[…]
Yahoo officials said Thursday that they have reset the passwords on an unspecified number of mail accounts after detecting what they call a “coordinated effort to gain unauthorized access to Yahoo Mail accounts.”
While most malware campaigns are aimed at the masses, attackers often save their best stuff for high-value targets, as a recent campaign targeting American journalists and activists from the EFF shows.
The general population may have had its fill of Facebook at this point, but attackers sure haven’t. There is a new round of Facebook-related spam that is using fake messages about recent crimes involving recipients’ friends as a lure to direct them to Tumblr pages serving exploits. The campaign comprises several different individual messages purporting[…]
Security researcher Henry Hoggard recently discovered a cross site request forgery (CSRF) vulnerability in Twitter’s “add a mobile device” feature, giving him the ability to read direct messages and Tweet from any account.