Italian security researchers report that as many as 800,000 Chrome users had browser sessions hijacked after falling victim to phony Facebook messages that eventually led users to malware posing as a video plug-in.
Browsing Category: Social Engineering
Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have compromised the site’s DNS records. Understanding the ramifications of that sort of attack, if that’s in fact what it was, Matthew Prince, CloudFlare’s CEO sent an email to Rajiv Pant, the CTO of the Times, saying that the company’s engineers would be available if Pant needed some help figuring out the situation. He did.
Like most major Web and software companies, Facebook receives a lot of bug reports. As one researcher learned recently, not all bugs are created equal, and Facebook doesn’t like people messing with its users–or its executives.
A member of Facebook’s security team acknowledged over the weekend that the group could’ve taken further steps to verify a vulnerability initially brought to their attention by an independent security researcher last week but that the company largely adhered to its bug disclosure policy.
Researchers have spotted a new version of the Jigsaw pen-testing tool which builds email lists used in spam and phishing campaigns from the Jigsaw business directory.
Every summer, the hacker intelligentsia descends on Las Vegas like a swarm of thirsty locusts that spends seven days chasing free drinks and avoiding sunlight at all costs. Black Hat and DEF CON week can be an overwhelming and confusing experience, especially for the uninitiated or agoraphobic. But fear not, Threatpost has your back.
The underground economy on Twitter is still flourishing, and it appears to be a buyer’s market for followers right now, with new research showing that the price for 1,000 followers has dropped nearly 50 percent in the last few months.
A vulnerability existed in Facebook that an attacker could have exploited via standard messaging service in order to take complete control of any mobile-linked account on the world’s largest social network.
Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple’s brand, most of which are focused on stealing users’ Apple IDs and payment information.
Never let it be said that attackers don’t keep up with the news. The crew behind the NetTraveler cyberespionage attacks is now using the news about the NSA’s PRISM surveillance program as bait in a new spear-phishing campaign.