Phishing
Twitter Hack! Five Ways to Avoid Being a Victim of Phishing
May 13, 2012 Added by:Brent Huston
Twitter is downplaying a security breach that exposed tens of thousands of user emails and passwords. The compromised Twitter accounts could have been the result of phishing attacks. Whenever you read about such breaches, it is always a good idea to change your password...
Comments (0)
Phishing with PDF's and Why it Works
May 03, 2012 Added by:Chris Murrey
During many penetration tests the need to social engineer a target may be required. Let’s talk about something that completely relies on the user being conned into following the attackers instructions. The scenario is simple send the user a PDF form and have them submit the form...
Comments (0)
Protect Yourself from Vishing Scams
March 30, 2012 Added by:Robert Siciliano
Vishing occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft...
Comments (0)
OTA Updates April Fool’s List to Combat Spear Phishing
March 29, 2012 Added by:Headlines
“While businesses are making efforts, all too often they are overlooking the fundamentals which could curb upwards of 90% of online threats to their data. We have a shared responsibility to harden our systems and those of our customers..."
Comments (0)
DMARC Email Authentication Work Group Launched
January 31, 2012 Added by:Headlines
The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...
Comments (0)
Phishing Campaign Using Spoofed US-CERT Emails
January 11, 2012 Added by:Headlines
US-CERT has received reports of a phishing email campaign that uses spoofed US-CERT email addresses. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...
Comments (0)
Post-Breach STRATFOR Mailings: Fake vs Real?
January 08, 2012 Added by:Matthijs R. Koot
Infosec-savvy STRATFOR subscribers will look for clues to distinguish a fake email. Why would STRATFOR act in a manner that obfuscates four clues? STRATFOR knew about the breach since at least Dec 24/25, so I assume there has been time to advise on coping with fake mailings...
Comments (2)
Chinese Cyber Espionage Targeting Drone Technology
January 04, 2012 Added by:Headlines
"This campaign could target organizations related to technology used in... aerospace and military industries... With the information we collected it appears that this campaign has been running for months. Someone has said that cyberwar does not exist?. Draw your own conclusions..."
Comments (0)
Feast of the Seven Phishes 2011
December 30, 2011 Added by:Robert Siciliano
One of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used...
Comments (0)
A Sherriff Issues Holiday Crime Prevention Tips
December 27, 2011 Added by:Robert Siciliano
We are coming up on one of the most festive times of the year for families with the celebration of several holidays. However, joy and fun can quickly turn to disappointment and sorrow when someone becomes a victim of a scam, burglary or online fraudulent holiday shopping scheme
Comments (0)
Steam Attack Puts Users at Risk of Spear Phishing
November 16, 2011 Added by:Josh Shaul
A good implementation of salting before hashing can yield very secure results – however weak implementations that used fixed salt are not all that unusual, and those are quite easy to break. The stored credit card numbers were encrypted. It’s likely that these will be difficult to extract...
Comments (0)
Western Powers Wary of Chinese Cyber Espionage Ops
September 26, 2011 Added by:Headlines
"The broad international view... is that China is one of the countries at the forefront of cyber attacks on other states, which it is doing for fairly obvious reasons - intelligence gathering, political and strategic advantage, and also for defensive purposes..."
Comments (0)
Spear-Phishing Operation Targets Senior US Officials
August 16, 2011 Added by:Headlines
"Victims get a message from an address of a close associate or a collaborating organization/agency, which is spoofed. The message is crafted to look like a subscription form offering to enter Gmail credentials to activate it..."
Comments (0)
Spear Phishing Leaves a Bloody Wound
July 19, 2011 Added by:Robert Siciliano
Once criminal hackers get a person’s username and email address, they can begin to launch a targeted spear phish scam. Scammers copy the design of each breached entities outgoing email campaign and blast the breached list with “account update” or other ruses...
Comments (0)
Phishers, Shoulder Surfers and Keyloggers
July 10, 2011 Added by:Robert Siciliano
McAfee’s most unwanted criminals include pickpockets, Trojans, and ATM skimmers, dumpster divers, spies, and wireless hackers and now phishers, shoulder surfers, and keyloggers. The key is awareness, vigilance, and investing in products and services that are designed to protect you...
Comments (0)
When a "Phish" is Really Fishy
June 30, 2011 Added by:Christopher Burgess
Phishing is a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity. Recently, one slipped through my filters. I've taken the liberty to identify each item within this phish, which seems fishy...
Comments (0)
- Follow Up to the Out of Band Authentication Post
- Skype Malware Campaign Spreading Poison Ivy Trojan
- I Hope Edo is Worth the Privacy Risk
- Dutch MoD Innovation Competition 2012: CYBER Operations 2.0
- NIST Workshop: The Technical Aspects of Botnets
- Security Automation by Hand - Batch/Bash/FOR
- Who Are You Preaching to Anyway?
- Some Observations on Klout Scores
- Where Will the Buck Stop in Cloud Security?
- How Does Your Bank Protect Your Data?