Articles about phishing

Ransomware brutes smacked 1 in 3 NHS trusts last year

A third (30 per cent) of NHS trusts have been infected by ransomware, with one – the Imperial College Healthcare in London – suffering 19 attacks in just 12 months. According to results of a Freedom of Information-based study, none of the trusts reported paying a ransom or informed law enforcement. All preferred to deal with …
John Leyden, 17 Jan 2017
shutterstock_206717503

French spies warn politicians of hack risk as election draws near

French authorities are warning political parties about the increased threat of cyber attacks as the country prepares to elect a new president in May. Last year's US presidential election was marred by cyber attacks and leaks. US intel agencies blame Russia for the hack1 and subsequent leak of sensitive emails and other …
John Leyden, 16 Jan 2017

McDonald's forget hash, browns off security experts

Dutch software engineer Tijme Gommers has revealed a still-active reflected cross-site scripting vulnerability and borked password controls in McDonald's main website that could be fodder for phishing attacks. The attack, reported on Gommers' blog, is possible thanks to an Angular expression injection vuln present in mcdonalds …
Darren Pauli, 16 Jan 2017
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Brilliant phishing attack probes sent mail, sends fake attachments

An newly-detected Gmail phishing attack sees criminals hack and then rifle through inboxes to target account owners' contacts with thoroughly convincing fake emails. The new attack uses the file names of sent attachments and applies that name into new attachments that appear to be PDFs but are actually images that, when …
Darren Pauli, 16 Jan 2017

Brother-and-sister duo arrested over hacking campaign targeting Italy's bigwigs

A hacking operation featuring the EyePyramid trojan successfully compromised the systems of numerous high-profile Italian targets, including two former prime ministers, say Italian police. High-profile targets were targeted by a spear-phishing campaign that served a remote-access trojan codenamed "EyePyramid" as a malicious …
John Leyden, 12 Jan 2017

Crims shut off Ukraine power in wide-ranging anniversary hacks

Hackers of unknown origin cut power supplies in Ukraine for a second time in 12 months as part of wide-ranging attacks that hit the country in December. The attacks were revealed at the S4x17 conference in Miami in which Honeywell security researcher Marina Krotofil offered reporters some detail into the exploitation that …
Darren Pauli, 12 Jan 2017

Autocomplete a novel phishing hole for Chrome, Safari crims

Phishers have a new tool in their arsenal with the discovery that web browsers Chrome and Safari along with LastPass will autofill hidden registration form fields. Finnish web developer Viljami Kuosmanen discovered the flaws affecting the world's most popular browser, along with Apple's offering. The attack vector is manifest …
Darren Pauli, 10 Jan 2017

IBM filed another 8,000 patents in 2016

IBM’s lawyers were busy little bees last year, getting a shade more than 8,000 patent applications granted for Big Blue’s American brainboxes. IBM claims its inventors were granted an average of 22 patents per day in 2016, scoring a total of 8,088 patents. Of those patents, 2,700 were related to AI, cognitive computing and …
Gareth Corfield, 09 Jan 2017
Image by Arak Rattanawijittakorn http://www.shutterstock.com/gallery-2364116p1.html

Dodgy dealer on Amazon lures marks towards phishing site

Amazon UK customers would do well to be vigilant about the post-holiday deals they find on the retail site following the discovery of a sophisticated scam. A rogue merchant, called Sc-Elegance, is primarily offering high-end electronics, advertising them as "used – like new" at significantly lower costs than in the shops. …
John Leyden, 06 Jan 2017
typewriter_wtf_648

Insane blackhats behind world's most expensive ransomware 'forget' to backup crypto keys

Variants of the KillDisk data wiping malware, famous for nuking computers in Ukrainian energy utilities, is now being used in possibly the world's most expensive ransom attacks. Attackers are targeting Windows and Linux desktops and servers and demanding a laughable 222 bitcoins (right now US$247,000) for the data to be …
Darren Pauli, 06 Jan 2017
Couple in snorkelling gear at the travel agents... Comedy snap. Photo by Shutterstock

Travel booking systems ‘wide open’ to abuse – report

Updated Legacy travel booking systems disclose travellers’ private information, security researchers warn. Travel bookings worldwide are maintained in a handful of Global Distributed Systems (GDS) built around mainframe computers linked to the web but without adequate security controls, say the researchers. “The systems have since …
John Leyden, 04 Jan 2017
I AM NIKOM / Shutterstock.com

New Android-infecting malware brew hijacks devices. Why, you ask? Your router

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers. The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to. Switcher brute-forces …
John Leyden, 03 Jan 2017

A year in infosec: Bears, botnets, breaches ... and elections

How often can we say that an IT blunder might have changed the course of world history? Hillary Clinton’s use of a private email server whilst serving as outgoing US President Barack Obama’s Secretary of State became a key element in the US presidential election this year. The FBI investigation around Clinton’s use of a …
John Leyden, 26 Dec 2016

Bad news, fandroids: Mobile banking malware now encrypts files

Cybercrooks have outfitted ransomware functionality onto an already dangerous mobile banking Trojan. The modified Faketoken can steal credentials from more than 2,000 Android financial applications, security researchers at Kaspersky Lab warn. Based on telemetry, Kaspersky Lab estimates that Faketoken has claimed over 16,000 …
John Leyden, 20 Dec 2016

Evolved DNSChanger malware slings evil ads at PCs, hijacks routers

Malware that spreads via evil web ads and menaces broadband routers has been discovered – and it's going to be particularly horrible for small business and home internet users, which it targets. This latest variant of the years-old DNSChanger nasty, just spotted by Californian infosec biz Proofpoint, works like this: some …
Iain Thomson, 20 Dec 2016
Skyline of Los Angeles

Los Angeles to extradite bloke from Nigeria after scores of city workers fall for phish scam

Los Angeles wants to extradite a Nigerian man accused of swiping the passwords of more than 100 workers in 15 city and county departments via a phishing attack. The metropolis' prosecutors have obtained arrest warrants seeking the extradition of Austin Kelvin Onaghinor from Nigeria to face charges of identity theft and …
Shaun Nichols, 19 Dec 2016
Newly passed out 2Lts from 6 RIFLES on Salisbury Plain Training Area. Crown copyright, 2013

Ransomware scum face unified white hat army

More security players have joined the No More Ransom initiative, which should make life hard for the cretins who create ransomware. More than 30 security research firms and law enforcement agencies have joined the initiative to unify their efforts to free victims from ransomware extortion. More than 6,000 users have used the …
Darren Pauli, 16 Dec 2016

BlackEnergy power plant hackers target Ukrainian banks

The same hackers who turned out the lights at Ukrainian utilities last December have been running attacks against the same country’s banks over recent months. Security firm ESET reports that the gang slinging the TeleBots malware against Ukrainian banks shares a number of similarities with the BlackEnergy group, which …
John Leyden, 15 Dec 2016
Yahoo

Yahoo! says! hackers! stole! ONE! BEELLION! user! accounts!

Yahoo! says hackers have probably stolen details from more than a billion user accounts, including names, addresses, phone numbers, and weakly-hashed passwords in attacks dating back to 2013. Chief information security officer Bob Lord said in a statement that this event is likely a separate haul unrelated to past breaches. " …
Darren Pauli, 14 Dec 2016
Image composite Andreas Berheide https://www.shutterstock.com/gallery-584422p1.html

A single typo may have tipped US election Trump's way

A single typo from a Clinton campaign aide gave Russian hackers access to a decade's worth of emails, some 60,000 in total, owned by Clinton campaign chairman John Podesta. Clinton campaign aide Charles Delavan wrote in an email to one of Podesta's aides. later published by Wikileaks, that Podesta must "immediately" change his …
Darren Pauli, 14 Dec 2016

Microsoft Edge's malware alerts can be faked, researcher says

Technical support scammers have new bait with the discovery that Microsoft's Edge browser can be abused to display native and legitimate-looking warning messages. The flaws exist in Microsoft's Edge protocols ms-appx: and ms-appx-web: which the browser uses to present warning messages when phishing or malware delivery sites …
Darren Pauli, 12 Dec 2016
Password

US commission whistles to FIDO: Help end ID-based hacks by 2021

A White House commission on improving cybersecurity has come up with a list of recommendations for US president-elect Donald Trump’s administration – including a target for no big hacks to involve identity-based compromises. The US Commission on Enhancing National Cybersecurity has identified 16 key recommendations on security …
John Leyden, 08 Dec 2016

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

Feature "Go to this McDonald's," Chris Gatford told me. "There's a 'Create Your Taste' burger-builder PC there and you should be able to access the OS. Find that machine, open the command prompt and pretend to do something important. "I'll be watching you." Gatford instructed your reporter to visit the burger barn because he …
Darren Pauli, 08 Dec 2016

Silver screen script hacker and dox douche gets 5 years in US cooler

Bahamas man Alonzo Knowles has been sentenced to five years jail for hacking the email accounts of celebrities to steal and sell unreleased television and movie scripts, music, financial documents, and pornographic self footage. Knowles plead guilty to criminal copyright infringement and identity theft in May and was sentenced …
Darren Pauli, 08 Dec 2016

Crims turn to phishing-as-a-service to slash costs and max profits

Prefab phishing campaigns cost less to run and are twice as profitable as traditional phishing attacks, according to a new study by security vendor Imperva. Cybercriminals are lowering the cost and increasing the effectiveness of email phishing by buying complete packages of compromised servers and all the other components …
John Leyden, 07 Dec 2016

Own goal for Scottish Football Association as fans sent phishy emails

Phishing emails ostensibly from the Scottish Football Association (SFA) were sent to subscribers on Monday as the result of a breach. The SFA blamed a breach at a third-party supplier for a leak of sensitive info that was used in an attempt to trick recipients into opening a dodgy email that appeared under the guise of an …
John Leyden, 06 Dec 2016
Image: Lem http://www.shutterstock.com/gallery-310600p1.html

Shamoon malware returns to again wipe Saudi-owned computers

Thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations have been wiped by the Shamoon malware after it resurfaced some four years after wiping thousands of Saudi Aramco workstations. Security firms FireEye, CrowdStrike, McAfee, PaloAlto, and Symantec reported on the advanced sabotage …
Darren Pauli, 02 Dec 2016
botnet

Online criminals iced as cops bury malware-spewing Avalanche

On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years. The Avalanche network was a system of 600 servers around the world that were …
Iain Thomson, 01 Dec 2016
android_toys_648

Android-rooting Gooligan malware infects 1 million devices

A new strain of Android malware is infecting an estimated 13,000 devices per day. The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users' sensitive data from Gmail accounts, security researchers at Check Point …
John Leyden, 30 Nov 2016

PayPal proffers patch for OAuth app hack hole

Paypal has patched a phishing vulnerability that could allow attackers to steal any OAuth token for its payment apps and gain access to accounts. Adobe software engineer and OAuth wonk Antonio Sanso discovered the token request flaw after messing with redirect URLs. He found PayPal's authorisation server setup to handle OAuth …
Team Register, 30 Nov 2016

Phishing tackle ships data catch to net sharks

A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information. The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check. It requires victims …
Team Register, 28 Nov 2016
Image by Maythee Voran https://www.shutterstock.com/gallery-3935591p1.html

Poison .JPG spreading ransomware through Facebook Messenger

Checkpoint has found an image obfuscation trick it thinks may be behind a recent massive phishing campaign on Facebook that's distributing the dangerous Locky ransomware. The security firm has not released technical details as the flaw it relies on still impacts Facebook and LinkedIn, among other unnamed web properties. The …
Darren Pauli, 25 Nov 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Attackers use ancient zero-day to pop Asian banks, govts

Attackers are compromising government and banks across Asia by exploiting a years-old zero day vulnerability in desktop publishing application InPage, which targets users working in Urdu or Arabic. Kaspersky Labs analyst Denis Legezo found the attacks and reported the zero-day to InPage, which he says ignored his disclosures …
Darren Pauli, 24 Nov 2016
Money laundering

178 arrested in pan-European money mule crackdown

A pan-European crackdown has resulted in the arrest of 178 suspected money mules. Across Europe, 580 people were identified as suspects. National law enforcement agencies last week interviewed 380 suspects collectively implicated in losses amounting to €23m. After malware or phishing is used to obtain the login credentials of …
John Leyden, 22 Nov 2016
gun

Microsoft plans St Valentine's Day massacre for SHA‑1

The death knell for the SHA‑1 cryptographic hash function will echo around the web now that all the main browser builders have decided to cut off support – only 12 years after its flaws were first discovered. On Friday, Mozilla and Microsoft both announced that support for SHA‑1 in HTTPS certificates would be dropped – Moz …
Iain Thomson, 21 Nov 2016
Michele Orru. Image: Darren Pauli / The Register.

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

Kiwicon Michele Orru has released an automated phishing toolkit to help penetration testers better exploit businesses. The well-known FortConsult hacker, better known as Antisnatchor (@antisnatchor), dropped the phishing kit at the Kiwicon hacking event in Wellington New Zealand last week, offering hackers tips to more successfully …
Darren Pauli, 21 Nov 2016
Google  security engineer Darren Bilby. Image: Darren Pauli, The Register.

Antivirus tools are a useless box-ticking exercise says Google security chap

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks …
Darren Pauli, 17 Nov 2016

Analysts apply Occam's razor to Tesco Bank breach

Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach. Earlier this month Tesco Bank admitted that an estimated £2.5m had been looted from 9,000 accounts. Initially it was feared that money had been taken from 20,000 accounts, but this figure was revised a few days after the breach …
John Leyden, 16 Nov 2016

Adult FriendFinder users get their privates exposed... again – reports

Hundreds of millions of Adult FriendFinder (AFF) accounts appear to have been exposed once again. A database of usernames, emails, and passwords of footloose and fancy free members, along with those from associated websites, has leaked and surfaced online. The breach has not been confirmed by the site’s parent company …
John Leyden, 14 Nov 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Pay up or your data gets it. Ransomware highwaymen's attacks on small biz octuple

Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the same quarter last year, according to stats from Kaspersky Lab. Kaspersky Small Office Security thwarted 27,471 attempts to block access to corporate data in Q3 2016, compared to 3,224 similar attacks in Q3 2015. Ransomware makes …
John Leyden, 14 Nov 2016
phishing

Make phishing great again: Hackers prod US think tanks, NGOs amid Trump win shockwaves

With half of America celebrating the victory of the Republicans and President-elect Trump, and the other half mourning the result, a targeted phishing campaign engulfed various US think tanks and NGOs the week. Security firm Volexity spotted the attack, which began around six hours after the President-elect clinched the …
Iain Thomson, 11 Nov 2016

User danger declines as two thirds of Chromistas now use HTTPS

Two in three web pages served over the world's favourite web browser Chrome are now secured with HTTPS, Google says. The good news applies to Chrome on the desktop and signifies progress in the long-hoped-for decline of insecure cleartext browsing. Chrome security bods Adrienne Porter Felt and Emily Schechter say all …
Darren Pauli, 07 Nov 2016
Ransomware, photo via Shutterstock

World-leading heart hospital 'very, very lucky' to dodge ransomware hit

World-leading Papworth Hospital has escaped a full-on zero-day crypto ransomware attack thanks to the "very, very lucky" timing of its daily backup. It's believed that an on-duty nurse at the heart and lung hospital in Cambridgeshire, UK, unwittingly clicked on something in an infected email, activating the attack at about …
SA Mathieson, 04 Nov 2016

Uncle Sam emits DNS email security guide – now speak your brains

The US National Cybersecurity Center of Excellence (NCCoE) has published a guide on how to improve email security – and it wants your feedback on it. The center is part of NIST – America's National Institute of Standards and Technology – which itself part of the US Department of Commerce. The NCCoE has put out its "draft …
Kieren McCarthy, 02 Nov 2016
Image: Lessimol http://www.shutterstock.com/gallery-1612118p1.html

Google punts WoSign, StartCom from good guy certificate club

Google is set to jettison certificate authorities WoSign and StartCom next year in a move that shores up wider efforts to neuter the two companies. Mountain View's move follows public announcements by Mozilla and Apple that they would not trust the authorities' certificates after the pair the pair incorrectly issued base …
Darren Pauli, 02 Nov 2016
google_vs_ms_648

Microsoft flips Google the bird after Windows kernel bug blurt

Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about …
Kieren McCarthy, 01 Nov 2016

Nymaim malware got a major 'upgrade', says Verint

The miscreants behind the Nymaim malware dropper have updated their code to include better obfuscation and blacklisting against security software. Analytics outfit Verint, which discovered the latest version and offers its analysis here, says the new code base targets phishing rather than the drive-by-download approach …
Man shouting the news from a rolled up newspaper

Promoted tweet phish fiddle

Crooks have served up what's reckoned to be the first phish through a sponsored link on Twitter. The rogue promoted tweet claims to offer verification, but actually directs users to a phishing site, which asks prospective marks for login credentials before requesting payment and contact information in return for a non-existent …
John Leyden, 31 Oct 2016
image by Leonardo Gonzalez http://www.shutterstock.com/gallery-650461p1.html

Obey Google, web-masters, or it will say you can't be trusted

Criminals are about to lose a reliable attack vector for malware infection and phishing, thanks to Google's Certificate Transparency initiative that will force websites to enforce proper certificate security within a year. Stolen and mis-issued SSL certificates allow attackers to spin up malicious sites that pass browser …
Darren Pauli, 31 Oct 2016
Rat

Dutch webcam perv jailed

A 21 year-old Dutch man has been jailed for one month with another year suspended for infecting more than 2,000 computers to spy on minors via webcams. The man known as Jair M was arrested in October 2013 after he infected the machines with remote access trojans and recorded and captured footage of minors in compromising …
Darren Pauli, 28 Oct 2016