HackDig : Dig high-quality web security articles for hacker

TrickBot Spreads to the Nordics, Launches Redirection Attacks in France

IBM X-Force Research detected a new wave of TrickBot attacks targeting banks in Nordic countries. The malware expanded its configurations to launch fraud attacks against banks in Sweden, Finland, Norway, Denmark and Iceland, among the other geographies it targets. Moreover, the malware, which has been testing redirection attacks on one bank in France, now ta
Publish At:2017-06-20 22:45 | Read:91 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Zeus Sphinx Pushes Empty Configuration Files — What Has the Sphinx Got Cooking?

Lately, IBM X-Force Research has seen the Zeus Sphinx Trojan go through a targetless phase, an exceedingly rare occurrence in the cybercrime arena. Recent Zeus Sphinx samples have fetched configuration files in which all the target URLs were removed. This means that while Sphinx infection campaigns continue and the malware can infect new machines, it remains
Publish At:2017-06-15 13:50 | Read:188 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Financial Sector Remains a Top Target in 2017

It should come as no surprise that the financial sector is the top target for cybercriminals year after year. After all, money does make the world go ’round. What is more surprising, though, is fraudsters’ continued success. In 2016, we saw an influx in point-of-sale (POS) attacks, ATM jackpotting and SWIFT transaction manipulation. According t
Publish At:2017-06-12 12:11 | Read:193 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Cybercrime Dis

Asleep at the Switches: Don’t Let Cyber Fatigue Catch Your Enterprise Off Guard

Talk about cybersecurity is everywhere, from boardrooms to beach outings. But to chief information security officers (CISOs), it is more than conversation — it is the focus of their work. Just like thieves who rob from houses, cybercriminals target those who are least protected. That’s why awareness is critical to help security leaders combat cyber fa
Publish At:2017-06-12 12:10 | Read:247 | Comments:0 | Tags:CISO Data Protection Fraud Protection awareness training Pas

WannaCry II: The Sequel No One Wants to See

In filmmaking, sequels tend to raise the stakes with tougher antagonists, increased danger and more nightmarish scenarios with which the heroes have to contend. Audiences love to watch familiar characters, who barely survived the challenges of the first film, pushed to the absolute limit to overcome even higher odds, with much more on the line if they fail.
Publish At:2017-05-31 16:50 | Read:281 | Comments:0 | Tags:Fraud Protection Mobile Security

Relying on Data to Mitigate the Risk of WordPress Website Hijacking

One of the most common methods cybercriminals use to deliver phishing and malware to unsuspecting users is compromising legitimate websites, such as those hosted on WordPress, to house their own malicious content for free. The URLs of compromised sites used for phishing attacks reach users through spam emails, allowing security professionals to keep track of
Publish At:2017-05-30 22:30 | Read:260 | Comments:0 | Tags:Fraud Protection Risk Management Software & App Vulnerabilit

GootKit Malvertising Brings Redirection Attacks to Italian Banks

Earlier in May, I reported that GootKit had launched redirection attacks for the first time. The malware prepared for its new modus operandi in the U.K., targeting major banks there with this advanced browsing manipulation attack. I also predicted that this was just a test and that we’re about to see more. That prediction has come true. GootKit officia
Publish At:2017-05-24 00:45 | Read:270 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Cybercrime Has Become a Commodity

Today’s cybercriminals have new options that make their malicious efforts easier than ever. Cyberattacks can be purchased in several forms, including as-a-service packages and simple downloads to be installed in rogue servers. While these may not be the most cutting-edge techniques, they can be effective in infiltrating systems that have not been suff
Publish At:2017-05-24 00:45 | Read:276 | Comments:0 | Tags:Fraud Protection Network Advanced Threats Cybercrime Cybercr

WannaCry Ransomware Spreads Across the Globe, Makes Organizations Wanna Cry About Microsoft Vulnerability

On Friday, May 12, 2017, the world was alarmed to discover that cybercrime had achieved a new record. In a widespread ransomware attack that hit organizations in more than 100 countries within the span of 48 hours, the operators of malware known as WannaCry/WanaCrypt0r 2.0 are believed to have caused the biggest attack of its kind ever recorded. Perhaps more
Publish At:2017-05-14 19:35 | Read:544 | Comments:0 | Tags:Advanced Threats Fraud Protection Incident Response Malware

GootKit Launches Redirection Attacks in the UK

While going over some recent GootKit configurations, I came across an unfamiliar URL format that includes two URLs instead of one. It only takes a fraction of a second to understand: GootKit has launched redirection attacks — a more advanced way to manipulate online banking sessions than the typical webinjection attacks its operators had used up until now. M
Publish At:2017-05-14 01:10 | Read:223 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Neverquest Gang Takes Leave — Is It the End of the Quest?

I’ll bet no one is missing the Neverquest Trojan, and maybe that’s why many have not even realized one of the top cybergang-operated malware codes has taken a substantial plunge this year. The Neverquest Trojan, a consistent occupant of the top 10 most active banking Trojans in the world, has suffered a blow due to the arrest of one of its allege
Publish At:2017-05-05 01:55 | Read:245 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

The Increasing Sophistication of the Tech Support Scam

A typical tech support scam goes something like this: Someone calls you up, claims they’re from some technical support service and counts on you to be gullible enough to listen to a phony pitch. Instead of cleaning your computer, they convince you to download malware to your PC. They then ask for a ransom payment to remove it. Thanks, but no thanks. Su
Publish At:2017-05-03 13:10 | Read:234 | Comments:0 | Tags:Fraud Protection Fraud Fraud Schemes Malware Ransomware Scam

Gone Phishing: Don’t Fall for the Bait

What is phishing and why is it called that? That’s a pretty easy one, really: The act of stealing someone’s credentials is sort of like fishing in water. There’s a group of targets, bait that is known to be of interest to them and a pretty good chance of at least catching something, even if it’s not the original meal you were after.
Publish At:2017-05-02 19:00 | Read:240 | Comments:0 | Tags:Fraud Protection Credentials Theft login credentials Passwor

Zero-Day Malware Poses a Growing Threat

For much of the general public, including the enterprise world, security protection is synonymous with antivirus software. Security professionals, by contrast, have long understood that this applied to only one layer of protection and was by no means the most crucial. Indeed, the security community looks first to other defenses, such as keeping software secu
Publish At:2017-05-02 00:35 | Read:264 | Comments:0 | Tags:Fraud Protection Network Macro Malware Macros Malware Zero-D

TrickBot Is Hand-Picking Private Banks for Targets — With Redirection Attacks in Tow!

IBM X-Force research follows organized cybercrime and continually monitors the criminals’ targets and modus operandi. In a recent analysis of TrickBot campaigns in the U.K., Australia and Germany, I found that the operators of the infamous Trojan have been adding new redirection attacks focused on a list of brands that I had never seen in the past. Cur
Publish At:2017-04-27 19:35 | Read:473 | Comments:0 | Tags:Banking & Financial Services Fraud Protection Malware Threat

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud