Blog Posts Tagged with "Phishing"
February 01, 2012 Added by:Pierluigi Paganini
According the announcement from researchers at Eleven, a German security firm, it is sufficient that a communication is merely opened in the email client to infect the target without the user clicking on a link or opening an attachment...
January 31, 2012 Added by:Headlines
The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email...
January 25, 2012 Added by:Pierluigi Paganini
Criminal operations are managed as corporations and malware is designed as a service, with a maniacal attention paid to product quality. The life cycle is the most amazing aspect: From design, release, to after sales support - each stage is implemented with care and attention...
January 17, 2012 Added by:Josh Shaul
We consumers need to pressure business to change their practices and protect our information. By asking questions, we’ll force organizations to recognize the importance of effective security, and to either do it properly or lose customers to a competitor who will...
January 15, 2012 Added by:Headlines
A source has provided Infosec Island with a copy of a message they received while logging in to their account regarding a "security update". The message advises customers to change their password, but makes no mention of the massive data loss event...
January 12, 2012 Added by:Infosec Island Admin
Generally, people just aren’t thinking all that much when they get these calls. Sure, people should never be asking them for their passwords, but now this. Open this file would you? Tell me how many pages it has to verify that you got it, would you?
January 11, 2012 Added by:Headlines
US-CERT has received reports of a phishing email campaign that uses spoofed US-CERT email addresses. This campaign appears to be targeting a large number of private sector organizations as well as federal, state, and local governments...
January 07, 2012 Added by:Matthijs R. Koot
Infosec-savvy STRATFOR subscribers will look for clues to distinguish a fake email. Why would STRATFOR act in a manner that obfuscates four clues? STRATFOR knew about the breach since at least Dec 24/25, so I assume there has been time to advise on coping with fake mailings...
January 04, 2012 Added by:Headlines
"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."
January 04, 2012 Added by:Headlines
"This campaign could target organizations related to technology used in... aerospace and military industries... With the information we collected it appears that this campaign has been running for months. Someone has said that cyberwar does not exist?. Draw your own conclusions..."
January 03, 2012 Added by:Headlines
"Within government, responsibility is fragmented. In America, the Treasury, other financial regulators, the Department of Homeland Security, the Pentagon, the FBI, the National Security Agency and others all have a hand in financial cybersecurity..."
December 30, 2011 Added by:Robert Siciliano
One of my holiday traditions is to expose the year’s phishing scams. The following examples come straight from my inbox or spam filter, and have been abbreviated to demonstrate the nature of the scam and specific hook being used...
December 12, 2011 Added by:Headlines
"Trustwave found that that the thieves inserted malicious software or 'malware' into the credit and debit card processing systems used in Restaurant Depot stores. The malware collected card information as it was processed, stored it temporarily, and then sent it to a computer server in Russia..."
December 06, 2011 Added by:Headlines
"US-CERT encourages users and administrators to use caution when encountering email messages and take the following preventative measures to protect themselves from phishing scams and malware campaigns..."
December 05, 2011 Added by:Headlines
"A rainbow table is a list of pre-computed hashes - the numerical value of an encrypted password, used by most systems today - and that’s the hashes of all possible password combinations for any given hashing algorithm mind..."
December 01, 2011 Added by:Robert Siciliano
When handing your card to a clerk or cashier, pay close attention. The card should be swiped through a point of sale terminal or keyboard card reader once, maybe twice. If your card is swiped through an additional reader, the card number may have been stolen...
Hacker to Release Symantec's PCAnywhere Sour... Jerry Shaw on 10-05-2015
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015