A new report has identified which countries to blame for the continuing presence of spam in our daily lives. Sophos’ ‘Spampionship’ found that the US remained the number one provider of spam by volume across the first three months of the year.
Sophos calculated the results through a global network of ‘spamtraps’ – sites and accounts set up around the world with the sole purpose of obtaining spam, with the sender’s IP addresses used to identify its location.The company also produced a separate leaderboard based on identifying the highest spam-producing countries relevant to their population, showing which countries are becoming adept at sneaking under the radar.
Read moreIt was the middle of the day, and my cell phone rang with a local number I didn't recognize. Figuring it was one of my kids calling from a friend's phone to tell me that they had forgotten their cell phone and needed a ride, I answered — and found myself rapidly descending into the uncanny valley.
"Amy" was, in fact, an outbound interactive voice response program running on a server, likely somewhere in a cloud data center. The company behind the call was the latest incarnation of a sweepstakes and magazine subscription scam operation currently known as North American Direct Services, Inc.
Read moreIBM Security has identified an active campaign using a variant of Dyre malware that has successfully stolen more than $1 million from targeted enterprise organizations. The campaign shows a brazen twist from the once-simple Dyre malware by adding sophisticated social engineering tactics likely to circumvent two-factor authentication.
In recent incidents, organizations have lost millions to attackers. While many popular banking Trojans have targeted individuals, Dyre has always been used to target organizations. Dyre has evolved to become simultaneously sophisticated and easy to use.
Read moreGamers come in all ages and from all walks of life; they may or may not have files they feel are irreplaceable enough as to be tempted to pay a ransom to get those files decrypted. But what if it was your saved games and your Steam account that was encrypted and held for ransom?
That’s exactly what the crypto-ransomware is doing: in fact it targets over 50 file extensions related to video games including Steam, single and multiplayer games, and even game development software. Although the ransom window which announces “your personal files are encrypted” may look like CryptoLocker, don’t be fooled.
Read moreA new Android Trojan uses some clever techniques to silently subscribe victims to premium services. The threat is still under development, but it’s already capable of carrying out a wide range of tasks.
Cybercrooks can use the malware to send SMS messages, set a filter on incoming messages and calls, display ads, delete messages and call records, upload the HTML source code of specified webpages to a remote server, perform DDoS attacks, make outgoing calls, subscribe the victim to paid content, delete security apps, and export incoming messages based on instructions received from the command and control server.
Read moreSecurity experts warned about a new attack on users of WhatsApp messenger. Under the guise of the web version of messenger is distributed Trojan. Attackers send out e-mail letters of invitation to download the desktop application WhatsApp Web, issued by the manufacturer at the end of January 2015.
Referring to users, scammers use social engineering techniques. Messages contain a link, supposedly leading to the official website of WhatsApp. Actually clicking the user goes to another site where download the executable file WhatsAppInstall.exe. Under this name hides a Trojan Downloader.
Read moreA new spam wave has hit hundreds of mailboxes with malicious .chm attachments to spread the infamous Cryptowall ransomware.
Cryptowall is an advanced version of Cryptolocker, a file-encrypting ransomware known for disguising its viral payload as a non-threatening application or file. Its payload encrypts the files of infected computers in an effort to extract money for the decryption key. Malware researchers found that the email blast, which took place in February, targeted users from around the world, including the UK, the US, the Netherlands, Denmark, Sweden, Slovakia and Australia.
Read moreSeveral large banks of the United Kingdom may be at risk because of a security hole in their two-factor authentication systems, and regulators aren’t acting to deal with the problem, a security essentials research company has revealed.
To exploit the vulnerability in the banks’ online banking systems, cyberattackers could use phishing emails to plant malware on customers’ computers, then infiltrate the bank’s networks by piggybacking off legitimate activity, according to the security company that first uncovered the problem at one large UK bank. Other big UK banks that use a similar two-step authentication process would also be vulnerable.
Read moreThe whole US credit card security system is deeply flawed – that’s the problem. In essence, the hardcore tech stuff for Apple Pay works fine: no one is breaking TouchID, stealing iPhones to pay for stuff, or hacking the NFC transmission protocol. Rather, the flaw lies in credit cards themselves.
People are buying credit-card numbers online, then loading those same numbers into Apple Pay, in essence making themselves a handy fake credit card, without going to the trouble of making a physical fake. Most problematically, it's easy for hackers to steal credit-card numbers from shops and then sell those numbers online.
Read moreEarlier we wrote a lot about different skimming techniques, different ways of compromising bank cards, and flaws in new secure credit cards that lets hackers steal money.
Now let’s talk about the less apparent dangers that run the risk of remaining unnoticed by the majority of users. We will relate stories about risks attributed to cross-border payments, as well as some inherent flaws found in payment systems. Many think that indicating a CVV code is necessary for processing any online transaction. However, some online shops provide an opportunity to avoid this step, and do not transmit the secret code to a payment gateway.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland