A lot of Twitter users looking for a way to get their accounts verified have been duped by a single fake account promising to provide the service into visiting a phishing page.
How many of them actually went through the steps required is unknown, but according to Malwarebytes' Chris Boyd, this wasn't the only account of this kind to be suspended recently, and there are sure to be others popping up. The account in question successfully impersonated Twitter's official "Verified Account" account. The phishers used the same name and icon but, of course, couldn't get the blue badge with a check mark next to the username.Read more
The Chinese-language Naikon advanced persistent threat group is targeting military, government and civil organizations located in and around the South China Sea, which is an increasingly contentious hot-bed of territorial disputes between various Southeast Asian nations.
Naikon infects its victims with spear-phishing emails in which malicious executables masquerade as seemingly relevant document attachments. When a victim opens one of these malicious attachments, a decoy document appears as an executable file and quietly exploits an old Microsoft Office vulnerability, installing malware on the victim’s machine.Read more
IBM Security has identified an active campaign using a variant of Dyre malware that has successfully stolen more than $1 million from targeted enterprise organizations. The campaign shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication.
In recent incidents, organizations have lost millions to attackers. While many popular banking Trojans have targeted individuals, Dyre has always been used to target organizations. Dyre has evolved to become simultaneously sophisticated and easy to use.Read more
Phishing is a type of attack on personal data that comes in the form of a fake email or wesbsite, which is made to look like it comes from a reputable site – but does not.
A user might get an email that has all of the themes and imagery of a typical message from Facebook, except this email will tell the user they need to reset their password and will offer that user a login prompt to do so. The user clicks on the prompt, is directed to a fake webpage that looks like Facebook, and then the user enters their login and password. There are several ways to avoid phishing attacks. The common theme in each is to be highly suspicious of any online request for your personal information.Read more
Small and big firms working online have to be prepared for ‘unprecedented levels of attempted fraud’ this month, say payments experts. Payments business Worldpay claims instances of fraud could rocket by as much as 80 per cent in February as hackers capitalise on customer data harvested during the Christmas shopping period.
But it should be mentioned that small firms are the biggest target for hackers. Virtually all breaches happen online, the rest being at point of sale. The costs of being targeted can run to tens of thousands of pounds, with an investigation costing £11,250 on average and attracting a penalty of at least £8,000. There is also the cost of lost goods and damage to reputation.Read more
Researchers have uncovered a new variant of the infamous Zeus Trojan. It’s called Chthonic, a reference to spirits and deities from the underworld in Greek mythology, and it’s targeting 150 banks and 20 payment systems in 15 countries.
Zeus, as its name suggests, is the king of banking malware. It first emerged in 2007 and has been wreaking havoc on online bank accounts ever since. In 2011, its developers threw in the towel and posted its source code for all to see. It may seem as though this would be the end for Zeus, but, in fact, the opposite is true.Read more
ICANN is investigating a recent intrusion into our systems. We believe a "spear phishing" attack was initiated in late November 2014. It involved email messages that were crafted to appear to come from our own domain being sent to members of our staff. The attack resulted in the compromise of the email credentials of several ICANN staff members.
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password.Read more
A hacking group has been stealing identity information and reading emails to get the inside edge on stock markets to buy and sell to make quick profits. Vendor FireEye reckons the group sent articulate phishing emails with malicious attachments demonstrating "deep" knowledge of financial markets and corporate communications.
In one instance the attackers targeted five organisations involved in a then non-public merger, months before the deal was announced. In another, it used information gleaned from a hacked consultancy to better target that firm's clients. Malware researchers said the FIN4 group targeted a lot of firms.Read more
A survey by One Poll and Dimensional Research on holiday shopping security practices evaluated online cybersecurity awareness of consumers from the USA and United Kingdom, and revealed that a lot of people believe emails from “trusted brands” are safe to click, and some respondents anticipate doing at least part of their holiday shopping while at work.
Cybercriminals are very resourceful, and they know that the siren song of a good deal is almost always irresistible to bargain hunters. The number one reason to click is trust in a brand, which isn't good there are some very convincing phishing emails that look nearly identical to the real thing.Read more
The well-known delivery services became popular among spammers. Spammers pretended to be such companies as DHL, FedEx, UPS and TNT. Hackers have more chances to achieve results, posing as well-known companies. A large amount of phishing emails were explored with the help of which attackers pretended to be famous international delivery service.
Making phishing attacks, spammers have two main goals: to get customer‘s information, both financial and personal data; or to infect the victim's PC with malware. If the download is succeed, such computers start spamming or become first step for organizing DDoS-attacks.Read more