Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Social Warfare WordPress Plugin Zero-Day: Details and Attack Data

In our earlier post, we issued a warning to users of the Social Warfare plugin regarding a zero-day vulnerability affecting their sites. At this time, the plugin’s developers have issued a patch for the flaw. All users are urged to update to version 3.5.3 immediately.


Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Tell Congress to Restore Full Net Neutrality Protections

From the Electric Frontier Foundation (EFF).  Do you  like what has happened to your cable and Internet service?  In December 2017, the FCC voted to roll back the 2015 Open Internet Order, giving Internet service providers (ISPs) free reign to engage in unfair and discriminatory data practices. That decision ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


The Computer Programmer Who Ran a Global Drug Trafficking Empire

A new book uncovers the intricacies of Paul Le Roux’s cartel and how it fueled the opioid epidemic ravaging the U.S. today.  This facinating story is covered in detail on the Smithsonian website.  Or read Evan Ratliff’s new book The Mastermind.  I did, and the ...

Continue Reading →
0

Too Legit – The DocuSign No Malware Phishing Exploit

You or your CFO receive an email offering business capital at attractive interest rates.  The company that sent you the offer has provided an application for the loan using the legitimate document presentation platform, DocuSign.  Everything looks legit, and it is.  No fake web pages or near-miss web addresses.  But this is the latest in “no malware” phishing scams.

Filling out the form will give ...

Continue Reading →
0

Common Phishing Subject Lines

Phishing is still the number one tactic used by malicious actors to collect passwords and other information.  Phishing works because the attacker is able to create an email that is believable and looks realistic.  The best ones appear to come from a customer, supplier, coworker or other trusted source, and the content makes sense for your business or personal life.  The most successful way to prevent phishing from ruining your day ...

Continue Reading →
1

Phishing – Not Just For Email Anymore

You know those surveys, games, and “like and copy” messages that your Facebook “friends” share with you?  Would you be surprised to learn that many of these “fun with friends”  activities are just cover for a new form of phishing exploit?  In the last few years phishing attacks have evolved from a primarily email-based attack into attacks using other vectors including surveys, games, gifts and prizes, and social networks.

Continue Reading →

0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


This online quiz is now confirmed to be a phishing scam

Those social media quizzes and surveys? Yeah, they’re probably stealing your data.


All the reasons why cybercriminals want to hack your phone

Hacking’s not just for computers anymore. See why your phone is vulnerable.


Tax Identity Theft Awareness Week

01/24/2019 12:17 PM EST Original release date: ...

Continue Reading →
0

It’s Income Tax Fraud Season Again

Every year about this time, cyber-criminal groups start to ramp up for the annual income tax fraud season.  If you would prefer to receive your own tax refund, as opposed to letting some scam artist get it instead, the basic solution is to file your returns as early as possible.  Here are some things to be watching for.

  • W-2 reports phishing scam – This phishing scan usually targets company HR department personnel, ...
Continue Reading →
0

Irainian Phishing Campaign Attempts to Bypass 2FA

A new phishing campaign by the Iranian state-sponsored group known as “Charming Kitten” is using new tactics to trick users out of their passwords and both SMS and app generated two-factor codes.  Charming Kitten is tied to the Islamic Revolutionary Guard.  This campaign has been ongoing since October 2018.  Information on this attack was released on December 18, 2018 by Certfa Lab.

Targets of these attacks are high-ranking individuals in the financial ...

Continue Reading →
0

A Timeline of Russian Cyber-Exploits

We have been investigating Russian cyber-attacks this week.  Today we publish a timeline of Russian cyber-activities.  In the interest of space, I am publishing just the timeline with little descriptive content.  I have included a download link to a PDF and spreadsheet of the timeline with more detail, and links to sources.

Notice how these cyber attacks started out in 2004 as small, unsophisticated ...

Continue Reading →
2
Page 1 of 9 12345...»