Some USB modems can be leveraged to send malicious SMS messages and carry out spear-phishing attacks – sometimes in conjunction with each other – thanks to a cross site request forgery vulnerability present in the device’s web interfaces.
Browsing Category: Social Engineering
While most malware campaigns are aimed at the masses, attackers often save their best stuff for high-value targets, as a recent campaign targeting American journalists and activists from the EFF shows.
The general population may have had its fill of Facebook at this point, but attackers sure haven’t. There is a new round of Facebook-related spam that is using fake messages about recent crimes involving recipients’ friends as a lure to direct them to Tumblr pages serving exploits. The campaign comprises several different individual messages purporting[…]
Security researcher Henry Hoggard recently discovered a cross site request forgery (CSRF) vulnerability in Twitter’s “add a mobile device” feature, giving him the ability to read direct messages and Tweet from any account.
Barracuda Networks’ latest research on the Twitter underground reveals a thriving market for phony accounts that are used for spam or to spread malware.
A Palestinian security researcher demonstrated an exploit for a Facebook bug on the timeline of founder and CEO Mark Zuckerberg.
Companies such as Apple and General Motors gave up crucial company information to social engineers during the annual Capture the Flag contest at Def Con.
A security researcher discovered a simple vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone who knows a subscriber’s phone number to download that user’s SMS message history, including the numbers of the people he communicated with.
Late last year the world’s largest social network announced that it would begin removing a popular privacy feature that let users regulate whether other users could search for and locate their profiles with the Facebook search function.
Cybercriminals’ use of Bitcoins and Web-based currency exchanges has made a tried-and-true law enforcement strategy of following the money to arrest criminals close to impossible.