Articles about phishing

Image: Lem http://www.shutterstock.com/gallery-310600p1.html

Shamoon malware returns to again wipe Saudi-owned computers

Thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations have been wiped by the Shamoon malware after it resurfaced some four years after wiping thousands of Saudi Aramco workstations. Security firms FireEye, CrowdStrike, McAfee, PaloAlto, and Symantec reported on the advanced sabotage …
Darren Pauli, 02 Dec 2016
botnet

Online criminals iced as cops bury malware-spewing Avalanche

On November 30, simultaneous raids in five countries by the FBI, Europol, and the UK's National Crime Agency (NCA) finally shuttered the Avalanche criminal network that has been spewing malware and money laundering campaigns for the past seven years. The Avalanche network was a system of 600 servers around the world that were …
Iain Thomson, 01 Dec 2016
android_toys_648

Android-rooting Gooligan malware infects 1 million devices

A new strain of Android malware is infecting an estimated 13,000 devices per day. The Gooligan malware roots Android devices before stealing email addresses and authentication tokens stored on them. The tokens create a means for hackers to access users' sensitive data from Gmail accounts, security researchers at Check Point …
John Leyden, 30 Nov 2016

PayPal proffers patch for OAuth app hack hole

Paypal has patched a phishing vulnerability that could allow attackers to steal any OAuth token for its payment apps and gain access to accounts. Adobe software engineer and OAuth wonk Antonio Sanso discovered the token request flaw after messing with redirect URLs. He found PayPal's authorisation server setup to handle OAuth …
Team Register, 30 Nov 2016

Phishing tackle ships data catch to net sharks

A malware writer is running YouTube ads for a phishing tool they have secretly backdoored to steal victims' information. The phishing platform is designed to trick victims into entering their Amazon account information into a passable replica of the legitimate website under the guise of a validation check. It requires victims …
Team Register, 28 Nov 2016
Image by Maythee Voran https://www.shutterstock.com/gallery-3935591p1.html

Poison .JPG spreading ransomware through Facebook Messenger

Checkpoint has found an image obfuscation trick it thinks may be behind a recent massive phishing campaign on Facebook that's distributing the dangerous Locky ransomware. The security firm has not released technical details as the flaw it relies on still impacts Facebook and LinkedIn, among other unnamed web properties. The …
Darren Pauli, 25 Nov 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Attackers use ancient zero-day to pop Asian banks, govts

Attackers are compromising government and banks across Asia by exploiting a years-old zero day vulnerability in desktop publishing application InPage, which targets users working in Urdu or Arabic. Kaspersky Labs analyst Denis Legezo found the attacks and reported the zero-day to InPage, which he says ignored his disclosures …
Darren Pauli, 24 Nov 2016
Money laundering

178 arrested in pan-European money mule crackdown

A pan-European crackdown has resulted in the arrest of 178 suspected money mules. Across Europe, 580 people were identified as suspects. National law enforcement agencies last week interviewed 380 suspects collectively implicated in losses amounting to €23m. After malware or phishing is used to obtain the login credentials of …
John Leyden, 22 Nov 2016
gun

Microsoft plans St Valentine's Day massacre for SHA‑1

The death knell for the SHA‑1 cryptographic hash function will echo around the web now that all the main browser builders have decided to cut off support – only 12 years after its flaws were first discovered. On Friday, Mozilla and Microsoft both announced that support for SHA‑1 in HTTPS certificates would be dropped – Moz …
Iain Thomson, 21 Nov 2016
Michele Orru. Image: Darren Pauli / The Register.

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

Kiwicon Michele Orru has released an automated phishing toolkit to help penetration testers better exploit businesses. The well-known FortConsult hacker, better known as Antisnatchor (@antisnatchor), dropped the phishing kit at the Kiwicon hacking event in Wellington New Zealand last week, offering hackers tips to more successfully …
Darren Pauli, 21 Nov 2016
Google  security engineer Darren Bilby. Image: Darren Pauli, The Register.

Antivirus tools are a useless box-ticking exercise says Google security chap

Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks …
Darren Pauli, 17 Nov 2016

Analysts apply Occam's razor to Tesco Bank breach

Analysis Security analysts have narrowed down the range of possible explanations for the Tesco Bank breach. Earlier this month Tesco Bank admitted that an estimated £2.5m had been looted from 9,000 accounts. Initially it was feared that money had been taken from 20,000 accounts, but this figure was revised a few days after the breach …
John Leyden, 16 Nov 2016

Adult FriendFinder users get their privates exposed... again – reports

Hundreds of millions of Adult FriendFinder (AFF) accounts appear to have been exposed once again. A database of usernames, emails, and passwords of footloose and fancy free members, along with those from associated websites, has leaked and surfaced online. The breach has not been confirmed by the site’s parent company …
John Leyden, 14 Nov 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Pay up or your data gets it. Ransomware highwaymen's attacks on small biz octuple

Small businesses faced eight times more ransomware attacks in the third quarter of 2016 than the same quarter last year, according to stats from Kaspersky Lab. Kaspersky Small Office Security thwarted 27,471 attempts to block access to corporate data in Q3 2016, compared to 3,224 similar attacks in Q3 2015. Ransomware makes …
John Leyden, 14 Nov 2016
phishing

Make phishing great again: Hackers prod US think tanks, NGOs amid Trump win shockwaves

With half of America celebrating the victory of the Republicans and President-elect Trump, and the other half mourning the result, a targeted phishing campaign engulfed various US think tanks and NGOs the week. Security firm Volexity spotted the attack, which began around six hours after the President-elect clinched the …
Iain Thomson, 11 Nov 2016

User danger declines as two thirds of Chromistas now use HTTPS

Two in three web pages served over the world's favourite web browser Chrome are now secured with HTTPS, Google says. The good news applies to Chrome on the desktop and signifies progress in the long-hoped-for decline of insecure cleartext browsing. Chrome security bods Adrienne Porter Felt and Emily Schechter say all …
Darren Pauli, 07 Nov 2016
Ransomware, photo via Shutterstock

World-leading heart hospital 'very, very lucky' to dodge ransomware hit

World-leading Papworth Hospital has escaped a full-on zero-day crypto ransomware attack thanks to the "very, very lucky" timing of its daily backup. It's believed that an on-duty nurse at the heart and lung hospital in Cambridgeshire, UK, unwittingly clicked on something in an infected email, activating the attack at about …
SA Mathieson, 04 Nov 2016

Uncle Sam emits DNS email security guide – now speak your brains

The US National Cybersecurity Center of Excellence (NCCoE) has published a guide on how to improve email security – and it wants your feedback on it. The center is part of NIST – America's National Institute of Standards and Technology – which itself part of the US Department of Commerce. The NCCoE has put out its "draft …
Kieren McCarthy, 02 Nov 2016
Image: Lessimol http://www.shutterstock.com/gallery-1612118p1.html

Google punts WoSign, StartCom from good guy certificate club

Google is set to jettison certificate authorities WoSign and StartCom next year in a move that shores up wider efforts to neuter the two companies. Mountain View's move follows public announcements by Mozilla and Apple that they would not trust the authorities' certificates after the pair the pair incorrectly issued base …
Darren Pauli, 02 Nov 2016
google_vs_ms_648

Microsoft flips Google the bird after Windows kernel bug blurt

Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about …
Kieren McCarthy, 01 Nov 2016

Nymaim malware got a major 'upgrade', says Verint

The miscreants behind the Nymaim malware dropper have updated their code to include better obfuscation and blacklisting against security software. Analytics outfit Verint, which discovered the latest version and offers its analysis here, says the new code base targets phishing rather than the drive-by-download approach …
Man shouting the news from a rolled up newspaper

Promoted tweet phish fiddle

Crooks have served up what's reckoned to be the first phish through a sponsored link on Twitter. The rogue promoted tweet claims to offer verification, but actually directs users to a phishing site, which asks prospective marks for login credentials before requesting payment and contact information in return for a non-existent …
John Leyden, 31 Oct 2016
image by Leonardo Gonzalez http://www.shutterstock.com/gallery-650461p1.html

Obey Google, web-masters, or it will say you can't be trusted

Criminals are about to lose a reliable attack vector for malware infection and phishing, thanks to Google's Certificate Transparency initiative that will force websites to enforce proper certificate security within a year. Stolen and mis-issued SSL certificates allow attackers to spin up malicious sites that pass browser …
Darren Pauli, 31 Oct 2016
Rat

Dutch webcam perv jailed

A 21 year-old Dutch man has been jailed for one month with another year suspended for infecting more than 2,000 computers to spy on minors via webcams. The man known as Jair M was arrested in October 2013 after he infected the machines with remote access trojans and recorded and captured footage of minors in compromising …
Darren Pauli, 28 Oct 2016

'Fappening' hacker gets 18 months in US federal clapper

The 36 year-old hacker behind some of a massive public leak of private celebrity photos has been sentenced to 18 months prison. 36 year-old Ryan Collins, of Pennsylvania, was one of two suspects in the September 2014 leaks known online as the Fappening or CelebGate. Celebrities impacted include Jennifer Lawrence, Kate Upton, …
Darren Pauli, 28 Oct 2016

Phishing fraudsters pose as UK bank social media types

Cybercrooks are posing as customer support staff from UK banks in a ruse designed to hoodwink gullible customers out of their credentials. The social media phasing scam relies on the creation of bogus Twitter profiles, such as @BarclaysHelpUK (real example, now suspended). Customers are already expecting a response from a …
John Leyden, 27 Oct 2016
Image: Seinfield. Credit: NBC.

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own. That cert could be used to impersonate the website, allowing passwords and other sensitive information to be swiped from victims in man-in-the-middle attacks. The infosec bods, Florian Heinz …
Shaun Nichols, 21 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016
Riven Media http://www.shutterstock.com/gallery-1141187p1.html

'Dyre' malware re-surfaces as 'TrickBot', targets Australian banks

Malware now targeting Australian users could be based on one of the world's worst banking trojans. Fidelis malware mangler Jason Reaves says the TrickBot malware has strong code similarities to the Dyre trojan, a menace that ripped through Western banks and businesses in the US, the UK, and Australia, inflicting tens of …
Darren Pauli, 18 Oct 2016
Groucho Marx in Duck Soup

Netflix reminds password re-users to run a reset

Netflix has reminded people whose user IDs are circulating in breach-lists to check their security and if necessary reset their passwords. The issue resurfaced late last week, when an Adweek writer posted that he'd received a “reset your password” message: “As part of our regular security monitoring, we discovered that …

Personal info on more than 58 million people spills onto the web from data slurp biz

A US-based data aggregator that trades people's personal information with the automotive industry and real estate companies has seemingly spilled the private information of more than 58 million people online. A large MongoDB file – which belongs to Modern Business Solutions and containing tens of millions of records – was …
John Leyden, 13 Oct 2016
Acer XR341CKA gaming monitor

Time to crack down on sales of dragon's gold - securobods

Security researchers have urged gaming companies to crack down on virtual currency auction and sales sites, reckoning criminals are cashing in to launder stolen money. The research team at Trend Micro says most black hats steal the currency using online game exploits or by using malware and phishing to compromise players, …
Darren Pauli, 13 Oct 2016
Embarrassed/exhausted man sits in front of laptop in hipstery office. Photo by Shutterstock

Email security: We CAN fix the tech, but what about the humans?

Last month’s Mr Chow ransomware attacks serve as a timely reminder that security should be at the top of any business IT strategy. Ransomware is on the increase, at least according to the FBI and while it is not all email borne, it is an example of how sophisticated hackers and criminals are getting with technology. Certainly …

Telnet, SSH prod of death smashes Cisco broadband boxes offline

Cisco has issued six software updates to address security vulnerabilities in its networking products, ranging from denial of service conditions to authentication bypasses. The most serious of the flaws is the authentication bypass hole in the Cisco Meeting Server. Cisco warns that, due to improper handling of XMPP messaging, a …
Shaun Nichols, 12 Oct 2016
Hacker

Oz infosec spooks: ease back on the “cybers”, this is serious

Sensationalist language is making it hard to educate businesses and the public about infosec risks*, according to the Australian Cyber Security Centre's 2016 threat report. While every ICMP ping is treated as an attack by some, the report says unequivocally: “Australia still has not been subjected to malicious cyber activity …

Second hacking group targets SWIFT-connected banks

A second group of hackers – Odinaff – has broken into the SWIFT system, the fulcrum of the global financial payments system. Odinaff were found to be using the same approach as those who stole $81m from the Bangladesh central bank earlier this year. Attacks involving the Odinaff trojan and associated tools appear to have …
John Leyden, 11 Oct 2016
Spotify

Is this the real life? Is this just fantasy? Spotify serving malware, no escape from reality

Spotify has apologized to its subscribers after it served up malicious adverts that attempted to infect listeners' computers. The problem occurred with Spotify Free, which lets people to stream music gratis in exchange for being played and shown adverts. One advertiser sneakily embedded nasty software code into its Spotify ads …
Fancy Bear Anonymous bear logo

Fancy Bears' who-takes-what in sports hack list ‘manipulated’ before leak

Hackers may have doctored athletes’ data prior to leaking it, according to the World Anti-Doping Agency (WADA). The "Fancy Bear" hacking group has been releasing details of athletes' Therapeutic Use Exemptions (TUE*) after breaking into the systems of the fair play enforcement agency, as previously reported. WADA, which …
John Leyden, 06 Oct 2016
Office 365, photo by dennizn via Shutterstock

Securing Office 365? There's always more you can do

Wherever you look there's yet another SME or enterprise migrating to Office 365. This says a lot for the attractiveness of cloud-based office suites, and perhaps it also says something about the attractiveness of letting someone else look after one's SharePoint and Exchange servers rather than having to fight with their …
Dave Cartwright, 06 Oct 2016

UK.biz ransom cluelessness

Three in five companies targeted by ransomware believe they will fall prey to attack again, according to a new survey. Trend Micro’s findings are based on a survey of 305 IT decision makers at firms that employ more than 1,000 staff. Almost a third of companies (33 per cent) do not have a programme to educate employees on the …
John Leyden, 05 Oct 2016

Sendspace shrugs at phishers exploiting free service

File delivery site Sendspace has said it isn't worried about a huge email spoofing issue with its free service – because legitimate businesses don't use it. Sendspace seems to be increasingly used in attempts to deliver dirty-looking files in phishing attacks, and the company has informed us that no plans are in place to …
Credit card fraud

Urgent! Log in for spear-phisher survey or your account will be deleted

Europol’s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks. Many threats remain from last year – banking trojan attacks are still an issue for businesses and …
John Oates, 28 Sep 2016

Avaya explains its 'hyper-segmentation' approach to security

Interview It's way too easy to get past a firewall, map out an enterprise's network, and start tapping IP addresses looking for vulnerable machines – so why are we using Layer 3 addressing as the basis of the enterprise network? Avaya's new software-defined-networking-based architecture proposes to stop TCP/IP-based attack traffic at …
USB sticks used in letterbox drops

Victoria Police warn of malware-laden USB sticks in letterboxes

Police in the Australian State of Victoria have warned citizens not to trust un-marked USB sticks that appear in their letterboxes. The warning, issued today, says “The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.” “Upon …
Simon Sharwood, 21 Sep 2016
Auctioneer with hammer

Going, going, done: Trio of prolific auction fraud fraudsters jailed

Three men have been jailed yesterday over a conspiracy to commit internet shopping fraud scam that involved taking payments for non-existent goods and services. Calin Serbenescu, 28, a former labourer, was sentenced to five years' imprisonment; Ionut Cotavian Anitescu, 26, unemployed, was sent down for three years; while Dorel …
John Leyden, 20 Sep 2016

Pramworld admits mailing list breach

UK baby care supplier Pramworld has admitted that a breach of its systems was the reason customers were sent spam emails on Friday. In a statement supplied to El Reg (below), Pramworld admitted its mailing list had been compromised while downplaying the problem and offering reassurance that payment information had not been …
John Leyden, 16 Sep 2016
lg_rolly_keyboard_648

Amex phishing tackle

Brazen phishing fraudsters are using counterfeit versions of American Express’s own identity theft prevention scheme as a scam lure. SafeKey, Amex’s name for 3D Secure technology, adds an additional layer of security to online transactions and is designed to help prevent identity theft. Fraudsters have turned the purpose of …
John Leyden, 16 Sep 2016
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Remote hacker nabs Win10 logins in 'won't-fix' Safe Mode* attack

Security researcher Doron Naim has cooked an attack that abuses Windows 10's Safe Mode to help hackers steal logins. The Cyberark man says remote attackers need to have access to a PC before they can spring this trap, which involves rebooting a machine into Safe Mode to take advantage of the lesser security controls offered in …
Darren Pauli, 16 Sep 2016
shutterstock_184661174

SMiShing on the rise

Fraudsters are increasingly targeting mobile messaging apps such as WhatsApp. A quarter (26 per cent) of chat app users say they receive an unsolicited message every day, while 49 per cent receive at least one a week. The research by global trade body Mobile Ecosystem Forum and messaging specialist CLX Communications confirmed …
John Leyden, 15 Sep 2016
Fancy Bear Anonymous bear logo

Sports doping agency WADA says hackers lifted Olympic athletes' medical records

The World Anti-Doping Agency (WADA) has confirmed that its Anti-Doping Administration and Management System (ADAMS) database has been accessed by a “Russian cyber espionage group operator by the name of Tsar Team (APT28), also known as Fancy Bear.” The breach was made possible by spear phishing of an “International Olympic …
Simon Sharwood, 14 Sep 2016