HackDig : Dig high-quality web security articles for hackers

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
Publish At:2020-08-06 04:45 | Read:40 | Comments:0 | Tags:Cybercrime Social engineering bec business cybersecurity Bus

iOS Mail bug allows remote zero-click attacks

On Monday, ZecOps released a report about a couple concerning vulnerabilities with the Mail app in iOS. These vulnerabilities would allow an attacker to execute arbitrary code in the Mail app or the maild process that assists the Mail app behind the scenes. Most concerning, though, is the fact that even the most current version of iOS, 13.4.1, is vulnerable.
Publish At:2020-05-03 14:39 | Read:422 | Comments:0 | Tags:Mac Apple Apple mail iOS iOS mail iOS mail bug iOS mail vuln

Addressing Critical iOS “Zero-Click” Mail Vulnerabilities

Recently, two vulnerabilities were disclosed in the default iOS Mail application that have existed since 2012 (iOS 6). According to the disclosing company, ZecOps, both vulnerabilities allow remote code execution capabilities and enable an attacker to remotely infect a device. ZecOps has also reported that both vulnerabilities were triggered in-the-wild aga
Publish At:2020-05-03 08:10 | Read:457 | Comments:0 | Tags:Mobile Security iOS mail vulnerability ZecOps zero-click IOS

Instagram clamps down on fake messages with anti-phishing tool

Instagram accounts will always be a popular target for scammers. You might not think it’s a big deal if someone has their account swiped, but it’s often the vanguard of many online businesses. A takeover, or a deletion, can be absolutely devastating. Smart hacking crews are always in the background, waiting to see what they can get away with—and it’s not jus
Publish At:2019-10-15 23:20 | Read:1027 | Comments:0 | Tags:Social engineering anti-phishing anti-phishing tool email em

Spam: “Your $100 Amazon Prime credit will expire”

If you’re an Amazon Prime member, you’ll want to avoid the below spam currently dropping into mailboxes which claims “$100 of Prime Credit” will soon be lost if not made use of: Attn:-Your ($100)-AmazonPrime-Credit, Will Expire, on: 5/10/16. AMAZ0N .com Prime. *****ATTN:(-1-) NEW MSG. RECEIVED: REGARDING YOUR AMAZ0N-REWARDS-POINT
Publish At:2016-05-06 05:20 | Read:5413 | Comments:0 | Tags:Cybercrime Social engineering adverts amazon amazon prime em

Trump spam and torrents, oh my

We have another round of Donald Trump spam to take a look at today, as scammers naturally assume his “incredibly wealthy businessman” approach is a shoe-in for tricking people with cash related shenanigans. The mail in question is a fake CNN missive complete with Small picture of the Statue of Liberty Awesome satellite dish radio tower image nex
Publish At:2016-04-28 14:50 | Read:3864 | Comments:0 | Tags:Cybercrime Social engineering donald trump mail russian scam

“BMW Lottery Department” 419 Spam

Good news, oh lucky winner! You’ve won a car, laptop, and a frankly terrifying amount of money after being entered in a prize draw. Well, that’s what the senders of the below missive want you to think, should you open it up in your mailbox. Titled “Dear Lucky Winner” and sent from the so-called “BMW Lottery Department”, th
Publish At:2016-04-12 05:15 | Read:3602 | Comments:0 | Tags:Cybercrime Social engineering 419 BMW email fake mail money

Avoid these Nextflix themed scams

We’re seeing a couple of different spam mails coming through which all loop back to Netflix in some way. Here’s an Apple ID phish from the last few days which uses Netflix payments via iTunes as bait: The email reads as follows: Order Receipt No. 493092733 This email confirms your purchase of the following subscription: Name of Subscriptio
Publish At:2016-04-02 08:25 | Read:7048 | Comments:0 | Tags:Cybercrime Social engineering Apple email mail netflix phish

Teslacrypt Spam Campaign: “Unpaid Issue…”

We have all seen the current upsurge in Ransomware attacks. It has been covered on an international scale, with new variants appearing at a very fast pace, some target Windows, some target Macs and some have cross platform capabilities. Recently a major healthcare organization fell victim to Ransomware, and surely there are more high profile victims to come.
Publish At:2016-03-18 23:15 | Read:5524 | Comments:0 | Tags:Malware Analysis email mail ransomware scam spam teslacrypt

Backdoors in messaging apps – what’s really going on?

We are in one of those phases again. The Paris attacks caused, once again, a cascade of demands for more surveillance and weakening of encryption. These demands appear every time, regardless of if the terrorists used encryption or not. The perhaps most controversial demand is to make backdoors mandatory in communication software. Encryption technology can be
Publish At:2015-12-15 00:20 | Read:4186 | Comments:0 | Tags:Privacy Security anti-terrorism backdoor chat communication

Automatic MIME Attachments Triage

[The post Automatic MIME Attachments Triage has been first published on /dev/random] A few weeks ago I posted a diary on the ISC SANS website about a script to automate the extraction and analyze of MIME attachments in emails. Being the happy owner of an old domain (15y), this domain is present in all spammer’s mailing lists. I’m receiving a lot
Publish At:2015-12-04 08:00 | Read:4637 | Comments:0 | Tags:Malware Security Attachment Mail MIME Spam

Backscatter or misdirected bounces

In this post we will try to explain how it is possible that you receive notifications of bounced emails when you are unaware of sending them in the first place. The scenario that you might be afraid of and the first one that might come to mind is that your mail account has been hacked and is being used to send spam. If you fear that this has happened, the fi
Publish At:2015-11-04 09:00 | Read:3756 | Comments:0 | Tags:Online Security backscatter bounce email mail NDR Pieter Arn

Another Day, Another 419 Fakeout

It seems 419 mails are like buses this week – you wait ages for one to come, and then three show up at once and try to empty your bank account (okay, maybe they’re not exactly like buses).  Thankfully this one isn’t doing the normal trick of trying to outdo Leo Tolstoy in a word count danceoff, and is mercifully brief as a result. The mail
Publish At:2015-04-17 11:45 | Read:5104 | Comments:0 | Tags:Fraud/Scam Alert 419 email fake fraud mail scam

Spotlight Search in OS X Yosemite Falls Foul of Another Privacy Glitch

Oh dear. Spotlight search on OS X Yosemite has another privacy problem.You may remember that we raised concerns before about how Spotlight search in OS X Yosemite can leak your private information back to Apple, if you weren't careful enough to change its default settings.Now a new concern about OS X's search feature has come to light, and it could help scam
Publish At:2015-01-12 18:30 | Read:3739 | Comments:0 | Tags:Security & Privacy Security News Software & Apps email Mac M

Automatic MIME Parts Scanning with VirusTotal

Here is a Python script that I developed for my personal use: mime2vt.py. I decided to release it because I think it could be helpful for many of you. In 2012, I started a project called CuckooMX. The goal was to automatically scan attachments in emails with Cuckoo to find for potential malicious files. Unfortunately, the project never reached a milestone to
Publish At:2014-12-15 15:45 | Read:4704 | Comments:0 | Tags:ELK Security Attachments Mail MIME Python Tool Virustotal Vi

Tools

Tag Cloud