Viry a Červi

30,000 London gun owners hit by Met Police 'data breach'

The Register - Anti-Virus - 19 Duben, 2017 - 15:55
Who gave marketing agency access to super-sensitive address database?

London gun owners are asking questions of the Metropolitan Police after the force seemingly handed the addresses of 30,000 firearm and shotgun owners to a direct mail marketing agency for a commercial firm's advertising campaign.…

Kategorie: Viry a Červi

UK.gov survey shines light on cybersecurity threats to businesses

The Register - Anti-Virus - 19 Duben, 2017 - 14:51
Phishing, ransomware remain most pressing concerns

Phishing and ransomware remain the most pressing security threats for UK business, according to a government-backed survey out Wednesday.…

Kategorie: Viry a Červi

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

VirusList.com - 19 Duben, 2017 - 13:20
Oracle released a record 299 patches, including a fix for a Solaris vulnerability disclosed by the ShadowBrokers, and another for the recently disclosed Apache Struts 2 flaw.
Kategorie: Viry a Červi

Speaking in Tech: Hacking Microsoft Windows? That's cute

The Register - Anti-Virus - 19 Duben, 2017 - 12:35
Hacker whizz and Veracode co-founder Chris Wysopal joins the crew this week to talk secure software
Kategorie: Viry a Červi

Watch out for fraudsters attacking Amazon Marketplace accounts

Sophos Naked Security - 19 Duben, 2017 - 12:35
Are you a Marketplace seller? Here are some tips to help you avoid becoming a victim of the latest round of attacks

Personalized Spam and Phishing

Kaspersky Securelist - 19 Duben, 2017 - 11:58

Most spam, especially the sort that is mass-mailed on behalf of businesses, has quite an impersonal format: spammers create a message template for a specific mailing purpose and often drastically diversify the contents of that template. Generally, these kinds of messages do not personally address the recipient and are limited to common phrases such as “Dear Client”. The most that personal data is ever involved is when the name of the mailbox (or part of it) is substituted with the electronic address that the spammer has. Any specifics that may help the recipient ascertain whether the message is addressed personally to him or not, for example, an existing account number, a contract number, or the date of its conclusion, is missing in the message. This impersonality, as a rule, attests toa phishing attempt.

Lately, however, we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him. Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible. This information is sold to evildoers as ready-to-use databases with physical addresses (they are frequently offered for sale in spam messages), collected by evildoers from open sources, or obtained by evildoers when hacking email accounts, for example. Of course, cybercriminals will not have very many of these addresses at their disposal (compared to generated addresses), but they are much more valuable.

The way spammers organize their personalized attacks plays an important role as well. In general, messages are mass mailed on behalf of an existing company, while the technical headers of fake messages use the company’s actual details.

There are several ways to use valid details. The most unsophisticated method is spoofing, which is substitution of technical headers in messages. The headers can be easily placed with any mass mailing program. In particular, during the spoofing process, the “From” field contains the real address of the sender that the fraudsters have. In this case, spam will be mass-mailed on behalf of the spoofed company, which can stain the company’s reputation quite seriously. Yet, not all technical headers can be substituted when spoofing, and good anti-spam filters will not let these messages through.

Another method entails sending spam from so-called hijacked infrastructure, which is much harder to do technically, as the mail server of the target company has to be hacked. After gaining control over it, an evildoer can start sending messages with legitimate technical headers from any email address owned by the company and on behalf of any employee who works there. At the same time, the fake message looks quite credible for anti-spam filters and freely travels from server to server, as all of the necessary certificates and digital signatures in the header correspond to genuine counterparts. This would result in losses by both the recipient, who takes the bait of the evildoers (network infection and theft of personal data or business information), and the company, whose infrastructure is abused by the evildoers.

Usually, cybercriminals select small businesses (with up to several dozen employees) as victims for hacking. Owners of so-called parked domains are of particular interest, as parked domains are used by a company without creating a website on these domains.

In the samples detected by us, personalized malicious spam was mass-mailed on behalf of an existing business that was a small company specialized in staff recruitment. The messages contained order delivery notifications that are typical of malicious spam, but also indicated the real postal addresses of the recipients. The messages also contained URLs that were located on legitimate domains and were constantly changing throughout the mailings. If a user navigates to the URL, then malicious software will be downloaded to the user’s computer.

In this way, we may affirm that spam is becoming more personalized and mailing is becoming targeted. With the rising digital literacy of users, this is exactly what evildoers rely upon; It is not so easy to remember all your subscriptions, all your online orders, or where you’ve left your personal data, including addresses. Such an information load calls for the use of smart security solutions and the employment of security measures to protect your “information-driven personality”.

Fixing your oven can cook your computer

The Register - Anti-Virus - 19 Duben, 2017 - 08:26
Appliance vendor Hotpoint's UK service site is serving malware when you seek repairs

Updated  If your Hotpoint cooker or washer's on the blink, don't arrange a repair by visiting the manufacturer's website: the appliance vendor has been inadvertently foisting nastyware onto visitors.…

Kategorie: Viry a Červi

Revealed: Scammers plaster Google Maps with pins to lure punters from honest traders

The Register - Anti-Virus - 19 Duben, 2017 - 08:08
Research shows how web mapping service can be abused

Computer scientists at the University of California, San Diego, and Google, are clamping down on fake businesses trying to scam victims through Google Maps.…

Kategorie: Viry a Červi

Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs

The Register - Anti-Virus - 19 Duben, 2017 - 02:39
Mega load of updates lands for tons of Big Red gear

Oracle today emitted a huge batch of 299 security fixes for its software – including a patch for a vulnerability exploited by a leaked NSA tool that can hijack Solaris systems.…

Kategorie: Viry a Červi

Stop asking people for their passwords, rights warriors yell at US Homeland Security

The Register - Anti-Virus - 19 Duben, 2017 - 00:55
File request under: 'Trash can'

Civil and digital rights groups are leading a campaign to stop the US Department of Homeland Security's demanding access to foreigners' social media accounts when entering America.…

Kategorie: Viry a Červi

IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels

VirusList.com - 18 Duben, 2017 - 20:15
InterContinental Hotels Group said on Friday that it found malware designed to access payment card data at more than 1,000 of its hotels.
Kategorie: Viry a Červi

Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps

VirusList.com - 18 Duben, 2017 - 19:45
At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.
Kategorie: Viry a Červi

News in brief: Facebook introspects; Magento RCE; RIP Robert Taylor

Sophos Naked Security - 18 Duben, 2017 - 19:38
Your daily round-up of some of the other stories in the news

Internet routing weakness could cost Bitcoin users

Sophos Naked Security - 18 Duben, 2017 - 18:48
A flaw in the underlying design of the Internet could be very expensive for Bitcoin users, researchers find.

Researchers develop synthetic skeleton keys for fingerprint sensors

Sophos Naked Security - 18 Duben, 2017 - 17:40
Your fingerprint doesn't match anyone else's but parts of it might, and that could be enough

Profit with just one infection! Crook sells ransomware for $175

The Register - Anti-Virus - 18 Duben, 2017 - 16:47
Nifty dashboard shows the bitcoin rolling in

Cybercrooks have begun retailing a new easy-to-use ransomware strain that promises profit with only one successful infection.…

Kategorie: Viry a Červi

Burger King triggers Google Home devices with TV ad

Sophos Naked Security - 18 Duben, 2017 - 15:50
Inventive users took their revenge via Wikipedia

Large UK businesses are getting pwned way more than smaller ones

The Register - Anti-Virus - 18 Duben, 2017 - 14:31
But are they just better at sniffing out breaches?

Larger businesses in the UK are far more likely to be victims of attacks than smaller ones, according to a survey by the British Chamber of Commerce.…

Kategorie: Viry a Červi

Low-Cost Ransomware Service Discovered

VirusList.com - 18 Duben, 2017 - 14:23
A new ransomware-as-a-service called Karmen appeals to ransomware newbies with a low price, easy setup and developer updates.
Kategorie: Viry a Červi

Tuesday review – the hot 22 stories of the week

Sophos Naked Security - 18 Duben, 2017 - 12:38
From Word's zero-day booby-trap exploit and the patch that Microsoft released to how hard-coded passwords risk the industry, and more!
Syndikovat obsah