RSS Reader for Computer Security Articles
As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us rely on email notifications from our banks to track the damage to our finances. So what happens when we suddenly get notified about charges for things we never bought?…
Read MoreAttackers have been using social engineering to avoid the increasing costs of exploitation due to the significant hardening and exploit mitigations investments in Windows. Tricking a user into running a malicious file or malware can be cheaper for an attacker than building an exploit which works on Windows 10. In our previous blog, Where’s the…
Read MoreThe latest Nemucod campaign shows the malware distributing a spam email attachment with a .wsf extension, specifically ..wsf (with a double dot) extension. It is a variation of what has been observed since last year (2015) – the TrojanDownloader:JS/Nemucod malware downloader using JScript. It still spreads through spam email attachment, typically inside a .zip file,…
Read MoreWe recently came across a file (ORDER-549-6303896-2172940.docm, SHA1: 952d788f0759835553708dbe323fd08b5a33ec66) containing a VBA project that scripts a malicious macro (SHA1: 73c4c3869304a10ec598a50791b7de1e7da58f36). We added it under the detection TrojanDownloader:O97M/Donoff – a large family of Office-targeting macro-based malware that has been active for several years (see our blog category on macro-based malware for more blogs). However, there wasn’t…
Read More | |
| Verified Twitter accounts tend to be a little more secure than those belonging to non-verified users due to the amount of extra hoop jumping required to get one of those ticks in the first place. A number of security requirements, including providing a phone number and setting up 2FA, are all things a would-be verified Twitter user needs to do. Unfortunately, things can still go wrong… Categories: Tags: social mediaspamsponsored tweetstwitterverifiedVerified Twitter |
 | |
| Interest in Tor based threats is increasing to the extent that some vendors will scoop up all activity they find on Tor and provide you a nice front end to search through it at your leisure. This might lead the casual observer to assume that the darkness is a one stop shop for cyber threats, but criminals existed on the internet prior to Tor, and still do quite well for themselves without it. In fact, bad guys with good OPSEC tend to be the exception, rather than the rule. So let’s take a quick look at some unpleasant stuff and the nadir of bad OPSEC, Facebook. Categories: Tags: darknetfacebookscamsocial mediatech supporttech support scam |
 | |
| Watch out: sponsored Tweets leading to phishing pages are doing the rounds once more. We take a look at the latest phishing scam being pushed to unsuspecting Twitter users, and show how the scammers are after a double-whammy of login credentials and credit card information. Categories: Tags: phishphishingscamscammerssponsoredtweettwitter |
