Cybercrime Week in Review 15 August 2015 Advanced Targeting – The Name of the Game (Phishlabs) Business email compromise (BEC), spear phishing, and social engineering aren’t just buzz words that have gained popularity in the security industry. These tactics have recently been employed by cybercriminals to get around the plethora of security controls deployed to…
Malvertising set to wreak one BILLION dollars in damage this year Records have fallen as malvertising clocked its most prolific month in history, making it one of the biggest threats to endpoint security. If the scourge continues, criminals will have inflicted a billion dollars in damages by the end of the year from a paltry…
Cybercrime Week in Review 8 August 2015 Facebook rolls out ‘Security Checkup’ tool to all desktop users (Naked Security) Facebook wants you all to have a safe experience on its social network, says Product Manager Melissa Luu-Van who, late last week, revealed how the Menlo Park firm was introducing a new security notification for its…
Facebook Tax Refund Scam earns Arizona woman 6 years in jail An Arizona woman has been sent to jail for six years for masterminding a tax rebate scam which used Facebook to find and target unemployed people for identity theft. 34-year-old Elaine Monique Zavala-Charres of Winslow, Arizona scammed over $400,000 out of the US revenue…
Cybercrime Week in Review 31 July 2015 Stagefright vulnerability allows criminals to send malware by text (CSO) Vulnerabilities in Android’s “Stagefright” code allows criminals to send malware via text, and infect the user even if they didn’t open the message. Dark web drug dealer pleads guilty, gets 2 years to ponder “anonymity” (Naked Security) A…
Wait STOP – Are you installing Windows 10 or ransomware ? People aren’t good at waiting for stuff, and with, computer users queueing up to download Windows 10, ransomware purveyors have started to move in. Cisco’s security team has noticed a new spamming campaign attempting to spread the CTB-Locker ransomware using emails purporting to come…
Cybercrime Week in Review 25 July 2015 Siemens Energy Automation Device Vulnerable to Authentication Bypass (Info Security) An authentication bypass vulnerability has been discovered in a Siemens energy automation device—meaning that an attacker can gain control of the device without having to enter login details. RC4 NOMORE crypto exploit used to decrypt user cookies in…
Ashley Madison Hack Analysis Figure A displays the public announcement by “The Impact Team” to Avid Life Media, the owners of Ashley Madison. The Ashley Madison hacking by a group known as “The Impact Team” continues to swirl with controversy. With The Impact Team already leaking one Ontario man’s name and another man from Brockton,…
Cybercrime Week in Review 18 July 2015 British Spamhaus DDoS Teen Walks Free (Info Security) A British teenager has walked free from court despite pleading guilty to a DDoS attack on IP blacklister Spamhaus which was the largest ever of its kind when it struck in 2013. Flash Player Update Patches Two Hacking Team Zero…
GamaPOS The New Point-of-Sale Malware Security researchers have unveiled a new breed of point-of-sale (POS) malware, known as GamaPOS, infecting organizations across several U.S. states. According to the group of researchers, the malware is among the latest threats capable of scraping credit card data off of payment systems, and is being distributed through Andromeda –…
