HackDig : Dig high-quality web security articles for hackers

Beware “secure DNS” scam targeting website owners and bloggers

byPaul DucklinIf you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners.We certainly do – both Naked Security and our sister site Sophos News are hosted by WordPress VIP.That’s not a secret (nor is it meant to be), not least
Publish At:2020-06-29 11:39 | Read:75 | Comments:0 | Tags:Uncategorized DNS DNSSec phish Scam

Lock and Code S1Ep6: Recognizing facial recognition’s flaws with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, and whether improving the technology would actually be ̶
Publish At:2020-05-18 13:42 | Read:215 | Comments:0 | Tags:A week in security Podcast esports facial recognition lock a

A week in security (April 13 – 19)

Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote positions, it’s worth noting that a study found malware on 45 percent
Publish At:2020-04-20 14:01 | Read:556 | Comments:0 | Tags:A week in security adware Android coronavirus malware phish

How to stay on top of coronavirus scams – and all the others too

byPaul DucklinIt’s not like cybercriminals to take advantage of a world event… and this is a rather large world event.Since COVID-19 hit the headlines, we’ve covered a selection of coronavirus-related scams, phishing attacks and malware campaigns in which crooks have adapted existing sextortion emails, mobile malware and password stealing t
Publish At:2020-03-30 14:17 | Read:472 | Comments:0 | Tags:Fake news Malware Phishing SophosLabs coronavirus COVID-19 m

Watch out! Scummy scammers target home deliveries

byPaul DucklinThanks to the team at SophosLabs for sending us the SMS used in this scam.If you’re sitting at home right now, sheltering from the coronavirus pandemic – and there’s a good chance you are – then you are probably either thinking about a home delivery, or waiting for one.In the UK, for example, even people who have no symp
Publish At:2020-03-26 11:38 | Read:519 | Comments:0 | Tags:Phishing coronavirus home delivery phish Scam

Phishing Threat Actor Blocking Techniques: Geoblocking by IP

<p><img src="https://info.phishlabs.com/hs-fs/hubfs/Blocking%20techniques%20geoblocking%20by%20ip.png?width=300&amp;name=Blocking%20techniques%20geoblocking%20by%20ip.png" alt="Blocking techniques geoblocking by ip" width="300" style="width: 300px; float: right; margin: 0px 0px 10px 10px;"></p> <p>In order to increase the lifesp
Publish At:2020-02-20 16:53 | Read:480 | Comments:0 | Tags:Phish blocking geoblocking

Spear phishing 101: what you need to know

Phishing, a cyberattack method as old as viruses and Nigerian Princes, continues to be one of the most popular means of initiating a breach against individuals and organizations, even in 2020. The tactic is so effective, it has spawned a multitude of sub-methods, including smishing (phishing via SMS), pharming, and the technique du jour for this blog: spear
Publish At:2020-01-29 16:50 | Read:812 | Comments:0 | Tags:Social engineering 101 business malspam organisation organiz

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs, we took a look at a new version of the IcedID Trojan, described web skimmers up to no good, and took a deep dive into containerization. We also explored a report bringing bad news for organizations and insider threats, and threw a spotlight on a video game phish attack. Other cybersecurity news Delivery firm runs into trouble
Publish At:2019-12-09 16:50 | Read:888 | Comments:0 | Tags:A week in security amazon bank buckets phish week in securit

Fake Elder Scrolls Online developers go phishing on PlayStation

A player of popular gaming title Elder Scrolls Online recently took to Reddit to warn users of a phish via Playstation messaging. This particular phishing attempt is notable for ramping up the pressure on recipients—a classic social engineering technique taken to the extreme. A terms of service violation? In MMORPG land, the scammers take a theoretically pla
Publish At:2019-12-06 16:50 | Read:907 | Comments:0 | Tags:Social engineering elder scrolls online ESO gamers gaming ga

Help prevent disaster donation scams from causing more misery

It’s a sad day when we have to warn people about medical charity scams, or tax fakeouts, or even have a week dedicated to foiling charity fraud—but here we are. With so many natural disasters occurring, from wildfires in California to tornadoes in Dallas, disaster donation scams remain a top resource for scammers looking for free cash. Unfortunately, disaste
Publish At:2019-11-11 23:20 | Read:722 | Comments:0 | Tags:Social engineering 419 419 scams charity cold call scams col

A week in security (October 14 – 20)

Last week on Malwarebytes Labs, we tried to unlock the future of the password (its vulnerabilities, current alternatives, and possible future disappearance), analyzed the lagging response by many businesses in adopting a patch for Pulse VPN vulnerability, looked at Instagram’s bulked-up security against phishing emails scams, and were reminded that ransomwar
Publish At:2019-10-21 16:50 | Read:1251 | Comments:0 | Tags:A week in security amazon Dark Web domestic abuse domestic a

Threat Announcement: Phishing Sites Detected on Emoji Domains

<p>Since September 21, PhishLabs analysts have detected a number of phishing sites hosted on emoji domains. So far, all detected sites have a few things in common:</p> <ul> <li>They are hosted on the .WS Top Level Domain (TLD)</li> <li>They utilize domains with numerous subdomains (also emojis)</li> <li
Publish At:2019-09-19 22:40 | Read:605 | Comments:0 | Tags:Threat Analysis Phish

Fresh Phish. (So Many Puns, So Little Time.)

Today’s phish blog breaks our format a bit so we can bring you lots of examples. Enjoy. And then get protected! Phishing is prevalent because it works. Even savvy users can be tricked into opening the wrong emails. I’ve seen a couple of clear examples of this recently. The first is one that quite convincingly mimics the invoice emails from a fairly sig
Publish At:2017-05-23 12:10 | Read:4624 | Comments:0 | Tags:Threats apps attachments browsing files humans Isolation Mal

Dutch Website Builder Used Secret Script to Hack 20,000 Users

A Dutch website builder leveraged a secret script to steal 20,000 users’ login credentials, hack their accounts, and commit payment fraud.On 17 January, police in the northern Netherlands announced they’re contacting 20,000 users with the advice that they change their passwords as soon as possible. This move comes several months after the world f
Publish At:2017-01-17 17:20 | Read:4443 | Comments:0 | Tags:Latest Security News computer crime payment fraud phish

Advanced phishing tactics used to steal PayPal credentials

Phishers are back to using an old tactic in a new fashion to get hold of their victims’ credentials. One of the first lessons you will learn during anti-phishing training is to hover over the links in a mail to see if they point to the site where you would expect them to point. Although good advice, this is NOT a guarantee that you are going to be safe. Alwa
Publish At:2016-06-14 19:15 | Read:3884 | Comments:0 | Tags:Cybercrime Social engineering fake JavaScript PayPal phish P


Share high-quality web security related articles with you:)