HackDig : Dig high-quality web security articles for hacker

Spammers Serve Trump and Movie Survey Mashup

I wondered for a moment if I’d been signed up to some sort of political taskforce when I opened up the spamtraps, but as it turns out spammers are just jumping on the Donald Trump bandwagon with the following missive: Claiming to be from “D. Trump”, the mail is titled “$ Trump reveals groundbreaking secrets to triple your income fast
Publish At:2016-01-20 22:10 | Read:3325 | Comments:0 | Tags:Online Security money movies spam trump

A Week in Security (Jan 10 – Jan 16)

  It’s time for our weekly roundup! First off, a look at the items covered on the blog this past week. We explored the oft-ignored world of Windows Vaults, and the pros and cons of storing credentials. Elsewhere, we had an extensive deep dive into Ransom32, a particularly troublesome form of Ransomware which has a lot of secrets tucked away in its
Publish At:2016-01-18 15:55 | Read:3557 | Comments:0 | Tags:Online Security recap weekly blog roundup

A Week in Security (Jan 03 – Jan 09)

Last week, we sent our readers a survey that they may want to check out and answer. We created it in the hopes of improving our PUP Friday posts. We also spotlighted on a defaced UK site, questioned the veracity of the data behind the Mac OS X being “the most vulnerable of 2015”, and delved into another phishing campaign on Facebook, claiming dis
Publish At:2016-01-11 21:10 | Read:2999 | Comments:0 | Tags:Online Security recap weekly blog roundup

The Windows Vaults

The Credential Manager in Windows is a relatively unknown feature, even though a lot of people are using it without being aware of its existence. Windows stores credentials in special folders that they call “vaults” to help users login to websites and other computers. The Credential Manager as such is introduced with Windows 7. Operation Reviewin
Publish At:2016-01-11 21:10 | Read:3321 | Comments:0 | Tags:Online Security credentials login passwords Pieter Arntz win

A Week in Security (Dec 27 – Jan 02)

Last week, we touched on several online threats that were in the wild: Safe Browsing Scam: From Amazon to Rackspace. Senior security researcher Jérôme Segura observed that some tech support actors moved from using Amazon as their service-of-choice when it comes to serving their tech support pages to using Rackspace, another cloud provider. WebSearcher PUP a
Publish At:2016-01-05 02:25 | Read:2179 | Comments:0 | Tags:Online Security recap weekly blog roundup

A Week in Security (Dec 20 – Dec 26)

“Learn from yesterday, live for today, hope for tomorrow.” ~ Albert Einstein’s New Year’s resolution Last week, we touched on several online threats that were in the wild: HSBC Phish: “Your account is currently locked!” In this post, Malware Intelligence Analyst Christopher Boyd found a phishing campaign targeting HSBC ba
Publish At:2015-12-29 07:40 | Read:2455 | Comments:0 | Tags:Online Security recap weekly blog roundup

Mintcast PUPs disable safebrowsing settings in Firefox

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at some interesting and
Publish At:2015-12-25 13:15 | Read:4075 | Comments:0 | Tags:Online Security adwareroi firefox mintcast Pieter Arntz PUP

“Turn off your Two Factor Authentication…”

Going on holiday can cause headaches for people making use of two factor authentication – perhaps some of you reading this now are already familiar with the “I can’t receive SMS while overseas, may as well turn it off” dance. In fact, one Australian Government Twitter feed has caused a bit of a furore by making this a piece of actual
Publish At:2015-12-24 19:10 | Read:2763 | Comments:0 | Tags:Online Security password two factor two step

A Week in Security (Dec 13 – Dec 19)

Last week, we touched on a bogus service called “Steam VAC Remover”, more spam leading to fake pharmaceutical sites, DNS hijacking on routers, and that massive data breach that affected MacKeeper users. For our PUP Friday post, we discussed about programs claiming to download and install security software. You can read more about it on the post e
Publish At:2015-12-21 18:50 | Read:1912 | Comments:0 | Tags:Online Security recap weekly blog rooundup

PUPs Masquerade as Installer for Antivirus and Anti-Adware

Author’s Note: We at Malwarebytes continue to do our part in educating our product users and constant blog readers about day-to-day online threats and how they can avoid falling prey to them. “PUP Friday”, our latest attempt at getting users acquainted with files they may need to watch out for in the Wild Web, offers an in-depth look at som
Publish At:2015-12-19 12:35 | Read:3494 | Comments:0 | Tags:Online Security fake PUP PUP Friday Virus

DNS Hijacks: Routers

Our Support department has noticed a significant increase in the number of people that have had their DNS settings hijacked. Not only on their computers, but on their routers as well. For some background information on DNS hijacks, please read “DNS Hijacks: What to Look For”. How does it work? In a typical home setup, we have: A modem provided b
Publish At:2015-12-18 00:25 | Read:4806 | Comments:0 | Tags:Online Security default password dns hijack Pieter Arntz rou

A Week in Security (Dec 06 – Dec 12)

Last week, we touched on Tunecore’s breach, a phishing attempt at Lloyd’s bank, and a deeper look at the Chimera ransomware. We also took a dive at several malvertising campaigns spotted in real-time in-the-wild: one had hit the popular video streaming site, DailyMotion to serve up the Angler exploit kit (EK); the other involved a campaign that s
Publish At:2015-12-15 18:10 | Read:2673 | Comments:0 | Tags:Online Security recap weekly blog roundup

“Steam VAC Remover” Leads to Mobile Offers

There are 398 game titles on Steam which make use of the Valve Anti-Cheat system (VAC for short), and should you be hit with the Banhammer, you’ll be prevented from playing on VAC secured servers forever. Sites and programs often claim to be able to get around VAC bans, and the below website is no exception. steamunban(dot)fr They claim to have a R
Publish At:2015-12-15 18:10 | Read:3487 | Comments:0 | Tags:Online Security ban games steam VAC videogames

4 Things to Consider When Assessing Device Posture for Effective Network Access Control

By Benny Czarny One of the main reasons to have a NAC (Network Access Control) system in place is to keep risky devices from connecting to your organization’s network. Unfortunately, simply purchasing a NAC solution is not going to guarantee your protection. You will also need to consider several other elements in addition to acquiring an NAC solution, inclu
Publish At:2015-12-15 18:10 | Read:2860 | Comments:0 | Tags:Online Security Anti-Malware anti-virus encryption endpoint

Malware Targeting Steam Traders Banks on New Escrow System

“Steam escrow”—This is the term some video game players are familiar with, but officially, it’s known as the “Steam trade hold” system. It involves the use of the gaming platform’s updated Steam Guard Mobile Authenticator, the security feature that is part of the Steam Mobile app. According to its official Support page, a trade hold “is a period of time wher
Publish At:2015-12-09 17:30 | Read:3477 | Comments:0 | Tags:Online Security CSGO gaming malware steam

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud