You or your CFO receive an email offering business capital at attractive interest rates. The company that sent you the offer has provided an application for the loan using the legitimate document presentation platform, DocuSign. Everything looks legit, and it is. No fake web pages or near-miss web addresses. But this is the latest in “no malware” phishing scams.
Filling out the form will give ...
Continue Reading →
Phishing is still the number one tactic used by malicious actors to collect passwords and other information. Phishing works because the attacker is able to create an email that is believable and looks realistic. The best ones appear to come from a customer, supplier, coworker or other trusted source, and the content makes sense for your business or personal life. The most successful way to prevent phishing from ruining your ...
You know those surveys, games, and “like and copy” messages that your Facebook “friends” share with you? Would you be surprised to learn that many of these “fun with friends” activities are just cover for a new form of phishing exploit? In the last few years phishing attacks have evolved from a primarily email-based attack into attacks using other vectors including surveys, games, gifts and prizes, and social networks.
A quick Saturday digest of cybersecurity news articles from other sources.Those social media quizzes and surveys? Yeah, they’re probably stealing your data.
Hacking’s not just for computers anymore. See why your phone is vulnerable.
01/24/2019 12:17 PM EST Original release ...
Continue Reading →
Every year about this time, cyber-criminal groups start to ramp up for the annual income tax fraud season. If you would prefer to receive your own tax refund, as opposed to letting some scam artist get it instead, the basic solution is to file your returns as early as possible. Here are some things to be watching for.
A new phishing campaign by the Iranian state-sponsored group known as “Charming Kitten” is using new tactics to trick users out of their passwords and both SMS and app generated two-factor codes. Charming Kitten is tied to the Islamic Revolutionary Guard. This campaign has been ongoing since October 2018. Information on this attack was released on December 18, 2018 by Certfa Lab.
Targets of these attacks are high-ranking individuals in the ...
Continue Reading →
We have been investigating Russian cyber-attacks this week. Today we publish a timeline of Russian cyber-activities. In the interest of space, I am publishing just the timeline with little descriptive content. I have included a download link to a PDF and spreadsheet of the timeline with more detail, and links to sources.
Notice how these cyber attacks started out in 2004 as small, ...
Continue Reading →
Was the election of Donald Trump the result of the successful application of “active measures” by Russia? Did the massive Facebook and Twitter campaigns by the Russians change public opinion enough in the final days of the Presidential campaign to move the needle and help Trump win?
According to Retired KGB Maj. Gen. Oleg Kalugin, former Director of Foreign ...
Continue Reading →
It seems that hardly a week goes by without some new cyber-attack being attributed to Fancy Bear, Cozy Bear, Grizzly Steppe, or some other cute-sounding Russian hacker collective. One the one hand, we have the DHS, FBI, and US-CERT attributing these attacks to the Russians. There are others, including those working in the cybersecurity profession, that are suggesting that the attackers are not agents of the Russian government, but merely ...
A quick Saturday digest of cybersecurity news articles from other sources.
Six routers with serious security flaws are considered end of life (EOL) and may never be updated. The D-Link models affected are the DWR-116, DWR-140L, DWR-512, DWR-640L, DWR-712, DWR-912, DWR-921, and DWR-111, six of which date from 2013, with the DIR-640L first appearing in 2012 and the DWR-111 ...
Continue Reading →