Phishing

You’ve Been Hacked By APT! (The Video)

The whole APT – or “Advanced Persistent Threat” – meme has received a lot of attention in the media. This site and others have written about APT-style hacks, such as the recent compromise at The New York Times. But what does an APT hack look like? And what would it mean if you or your employer were in the crosshairs of an APT-type actor? The SANS Institute’s Securing The Human project has put together a nice training video that helps answer some of these questions, and to explain how APT-style attacks work. This is good stuff – explaining the difference between cyber crime and APT, and generic enough that any organization could use it as a training video. SANS says that it will produce one of these a month, and post them on the first of each month. My only criticism here is that, after they do a solid job describing […]

New Phishing Toolkit Uses Whitelisting To Keep Scams Alive

Researchers at RSA say that a new phishing toolkit allows attackers to put a velvet rope around scam web pages – bouncing all but the intended victims. The new toolkit, dubbed “Bouncer,” was discovered in an analysis of attacks on financial institutions in South Africa, Australia and Malaysia, said Daniel Cohen, Head of Business Development for Online Threats Managed Services at RSA.  The kit allows attackers to generate a unique ID for each intended victim, then embed that in a URL that is sent to the victim. Outsiders attempting to access the phishing page are redirected to a “404 page not found” error message, Cohen said. In phishing attacks, attackers pose as a legitimate online entity in an attempt to obtain a user’s username, password or other sensitive information. Phishing attacks often rely on imposter web sites to trick users into giving up their secret information. The discovery of “Bouncer” underscores the […]

Does Your LinkedIn Profile Hold The Key To Your Password?

Say what you want about social media. The bare fact is that folks use it – more of them every day. In fact, social media sites like Facebook, Twitter and YouTube are growing – quickly – and have come to define our modern online experience. That said: the sites represent a huge security risk. Sites like Facebook, Twitter and Instagram are increasingly used as platforms to circulate scams and malicious links. A larger and more nebulous threat is posed by all the information that organizations and their workers are spilling online. It’s already common knowledge that hackers and other “bad guys” comb through worker profiles or LinkedIn, Facebook and other sites to help craft targeted attacks. But could your social networking profile provide more useful information – like your password? Independent security researcher Itzik Kotler thinks so. Kotler is the creator of Pythonect, a new, experimental dataflow programming language based […]

Web Attacks Target Foreign Exchange, Payment Processing Sites

A currency trading web site was compromised and used to serve malicious java applications to unwitting visitors, according to researchers at the security firm Websense- part of what might be a larger trend. Websense said in a blog post on Wednesday that the site tradingforex.com, which is used by foreign currency traders, was infected with a malicious Java applet that, when installed, key logging and screen capture software. Tradingforex.com (@Tradingforexxx) is a Cyprus-based online trading web site. It allows individuals to trade on the global foreign exchange market (or Forex). Users can trade everything from foreign currencies to precious metals, commodities and other financial instruments. According to an investigation by Websense researcher Gianluca Giuliani, the site was pushing a back door program to visitors using a malicious Java plugin to exploit known Java vulnerabilities on the victims’ computers. Further investigation by Websense and Giuliani revealed that the malware being pushed […]

Profile Poisoning the Next Frontier for Hackers

Google and Facebook already know everything about you – your interests, friends, tastes and even your movements. That’s already a privacy nightmare, but researchers at the Georgia Institute of Technology’s Information Security Center (GTISC) think it could soon be a security nightmare, also. Automated information systems already determine what version of the news most of us see. But researchers at Georgia Tech warn that the power of such systems to shape what each of us see online could soon become a powerful tool in the hands of sophisticated attackers, who might look for ways to manipulate victims’ online profile to steer them to certain sites, according to the report “Emerging Cyber Threats Reports 2013.” Researchers at Georgia Tech said attacks that manipulate a victim’s search history, part of their online profile, using cross-site request forgery are already technically feasible. In practice, they would allow for a kind of super-search engine […]