Get up-to-the-minute news and opinions, plus access to a wide assortment of IT security resources that will keep you current and informed.

Keep me logged in Forgot your password?

Please wait...

Please wait...

 Social Engineering

SC Congress Canada: "Social engineer back" employees

May 09, 2012

Social engineering isn't necessarily a bad thing if security professionals use it to their advantage, according to a speaker at SC Congress Canada.
 

Trojan designed to take screenshots of hotel payment apps

April 19, 2012

A new development in the criminal underground is to peddle trojans that steal credit card data from hotels.
 

Flight check-in emails lead to Zeus infection

April 03, 2012

Cyber criminals have cloaked spam to resemble US Airways check-in emails in phishing attempts that lead to Zeus trojan infections.
 

Palin hacker appeal rejected

February 02, 2012

David Kernell, who hacked into Sarah Palin's email account, has lost an appeal against his obstruction of justice charge.
 

Boundless information: Mining social networks

February 01, 2012

Criminals are finding social media websites like Facebook, which contain a vast array of personal assets, to be a treasure trove of information that they can use to launch further attacks.
 

US-CERT warns about spoofed US-CERT phishes

January 10, 2012

Phishers are spoofing email addresses belonging to US-CERT, an arm of the Department of Homeland Security that coordinates information sharing related to cyber threats, to trick users into installing malware.
 

U.S. Chamber of Commerce targeted in data heist

December 21, 2011

Hackers operating out of China are believed responsible for a major attack on the U.S. Chamber of Commerce in 2009 and 2010, but which was only revealed recently.
 

Fake FBI scam email making the rounds

November 23, 2011

A message purportedly sent from the FBI Anti-Terrorist and Monetary Crimes Division is making its way to inboxes, threatening recipients that they will be arrested if they do not reply back.
 

Duqu trojan spreads through 0-day Microsoft bug

November 01, 2011

A piece of malware that has drawn comparisons to the notorious Stuxnet worm is using an unknown Windows kernel vulnerability to infect its targets.
 

Reducing network breaches

Chris Harget, senior product marketing manager, ActivIdentity, part of HID Global November 01, 2011

Consistent communication about the risk of social engineering is the first step in preventing network breaches, says Chris Harget, senior product marketing manager, ActivIdentity, part of HID Global.
 

Phishers aiming for Apple IDs, passwords

October 31, 2011

Spam that seemingly emanates from Apple is making the rounds with the aim of tricking users into handing over their IDs and passwords, researchers at anti-virus firm Trend Micro said in a blog post Monday.
 

Researcher finds way to send executable file on Facebook

October 28, 2011

Researchers have discovered a way to evade Facebook security controls to deliver a message that could come outfitted with a malicious attachment.
 

Report: RSA hackers knock off 760 other businesses

Darren Pauli, editor, SC Magazine, Australia/New Zealand edition October 25, 2011

eBay, Motorola, IBM, McAfee and VMware were reportedly affected by same type of attack orchestrated against RSA.
 

Microsoft YouTube channel hacked

October 24, 2011

Hackers over the weekend accessed Microsoft's YouTube channel to swap out videos with their own. It is unclear what the intruders' motive was, but they may have been able to access the account by stealing its login credentials from a Microsoft employee, Graham Cluley, senior technology consultant at anti-virus firm Sophos, said in a blog post Sunday. One of the unauthorized videos posted was titled "Bingo" and featured an animated video game character shooting another character. By Monday morning, the channel was operating normally. The incident followed hackers last week taking over the Sesame Street YouTube channel to display pornographic videos.
 

Podcast: Automating social engineering

October 21, 2011

The process of delivering targeted attacks to end-users has gotten easier for attackers thanks to automated social engineering, in which adversaries can write tools that scour the web for personal data to include in their emails to increase their believability. The goal, of course, is to design messages that people are more likely to click on and, as a result, install malware on their machines or divulge personal information. In this podcast, Matias Brutti, a security consultant at security services firm IOActive, explains what the automation of social engineering means for organizations and how they can fight back.
 

Mac trojan spreads under guise of PDF document

September 23, 2011

Malware writers are borrowing a page from the Windows attack handbook with the latest Mac OS X threat.
 

Advanced persistent threats call for a reality check

Sean Martin, founder, imsmartin consulting September 07, 2011

Before seeking out help from vendors in dealing with the advanced persistent threat, security professionals must understand exactly what defines such an attack.
 

Researchers study actual file used in RSA SecurID breach

August 26, 2011

Researchers have discovered that the email containing the malicious file used to breach RSA contained just two sentences: "I forward this file to you for review. Please open and view it."
 

Cold call scams: Life in the old dog

David Harley, ESET senior research fellow • July 20, 2011

It's a cold, cold-calling world: an old scam with some new wrinkles.
 

U.S. lead on huge phishing ring receives 13 years in prison

June 28, 2011

A Los Angeles man has earned considerable time behind bars after serving as the U.S. head of a phishing operation that stole more than $1 million from the customers of two banks.
 

New Zeus emails cloaked as Fed, IRS messages

June 22, 2011

Small and midsize organizations may want to take note: There is a particularly large Zeus spam campaign making the rounds.
 

Con artists pose as security companies in growing scam

June 17, 2011

Scareware has taken on a human face. Criminals posing as computer security engineers are having success in calling victims at home and stealing their money, according to a survey issued Thursday by Microsoft. Fifteen percent of 7,000 computer users polled in the United States, Canada, U.K. and Ireland said they have been been contacted by a phone scammer, and 22 percent of those were tricked into following the fraudsters' directions, which included giving them remote access to a computer or providing credit card information. Seventy-nine percent of those suffered a financial loss as a result. Victims were out an average $875 in the United States, the survey found.
 

SC Congress Canada: Gain visibility to limit the damage

June 14, 2011

With ready-made exploit kits and classes of vulnerabilities that date back to the 1990s at their disposal, hacker groups are finding easy pickings.
 

Judge rules bank not at fault for corporate account fraud

June 08, 2011

In a potentially precedent-setting court ruling, a U.S. magistrate judge has ruled that a bank is not responsible for covering the loss of nearly $300,000 that was illegally wired out of the bank account belonging to a Maine construction company.
 

Travel, education sectors most vulnerable to phishing

May 24, 2011

Researchers at KnowBe4 sent simulated phishing messages to more than 3,500 small and midsized enterprises and found that recipients at nearly 500 companies clicked on a link contained in the message.
 

Department of Energy-funded lab silenced by APT attack

April 21, 2011

Internet and email service remains offline at the Oak Ridge National Laboratory after spear phishing attacks led to the theft of sensitive data.
 

Epsilon may have been tipped off that it was a target

April 08, 2011

The longtime partner of email marketing services provider Epsilon apparently warned the company last fall that it could be targeted by malware attacks.
 

RSA: APTitude adjustment

David Harley, senior research fellow April 05, 2011

An advanced persistent threat doesn't always have to be particularly advanced.
 

Flash zero-day, social engineering enable RSA SecurID hack

April 01, 2011

The breach of RSA's intellectual property related to its SecurID products appears to be a classic case of social engineering and network pivoting.
 

New Year's-themed bogus emails work of Storm or Waledac

January 03, 2011

Researchers at the nonprofit Shadowserver Foundation believe they have identified a new version of either the Storm or Waledac worm, thanks to a large-scale influx of New Year's-themed spam. The emails purport to be a New Year's greeting card but contain a link to a malicious domain, claiming to host a fake Flash Player that actually is an exploit. The evil domains use fast-flux techniques to hide the host server. "The whole point of this botnet is to install malware onto systems of unsuspected visitors," researcher Steven Adair wrote on the Shadowserver blog. Storm first appeared on the scene in 2007, capitalizing on current events and holidays, and was effectively replaced by Waledac in 2009. - DK
 
Popular Topics
4G-war Advanced Persistent Threat Adware AMTSO Anonymous Botnets Cyber Attacks Cyber Crime Data Breach Data Breaches Encryption Hackers Hacktivism Health Care IT Security Java Malware Mobile Devices Phishing Risk Management Social Security Numbers Stolen Information Survey Trojans Vulnerabilities & Flaws