HackDig : Dig high-quality web security articles for hackers

FBI Warns of Spoofed FBI-Related Domains

The Federal Bureau of Investigation (FBI) this week issued an alert to warn the public of spoofed FBI-related Internet domains.According to the agency, “unattributed cyber actors” are registering domains designed to spoof legitimate websites pertaining to the FBI, “indicating the potential for future operational activity.”In addition to spoofed domains, stat
Publish At:2020-11-24 10:29 | Read:108 | Comments:0 | Tags:NEWS & INDUSTRY Fraud & Identity Theft Phishing Trac

Lookalike domains and how to outfox them

Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to discuss. But let’s start from a different angle: how rel
Publish At:2020-11-24 07:37 | Read:78 | Comments:0 | Tags:Featured Security technologies Malicious spam Phishing Secur

5 Digital Threats to Watch Out for on Black Friday and Cyber Monday

Widely regarded as the official start to the Christmas shopping season, Black Friday and Cyber Monday are exciting because many retailers announce limited-time sales that promise huge savings to die-hard consumers. Not even the pandemic looks like it will dent consumers’ enthusiasm. In September 2020, for instance, Bloomberg shared research from Deloitte tha
Publish At:2020-11-24 07:32 | Read:106 | Comments:0 | Tags:Security Awareness Black Friday malware Phishing scams cyber

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. The incident is the latest incursion at GoDaddy that relied on tricking employees into transf
Publish At:2020-11-21 15:30 | Read:69 | Comments:0 | Tags:A Little Sunshine Web Fraud 2.0 Bibox Celcius.network Dan Ra

Black Friday 2020: How to shop safely online

Black Friday 2020 promises to be somewhat different from years gone by thanks to COVID-19. The annual surge of in-store chaos and trolley dashes isn’t compatible with social distancing, and so retailers will be looking to drive shoppers online. Friday 27th November is when things kick off this year, and yet some aspects will be radically different. If you
Publish At:2020-11-20 12:42 | Read:114 | Comments:0 | Tags:Scams black friday hacking malware online phishing retail sc

IT threat evolution Q3 2020

Targeted attacks MATA: Lazarus’s multi-platform targeted malware framework The more sophisticated threat actors are continually developing their TTPs (Tactics, Techniques and Procedures) and the toolsets they use to compromise the systems of their targets. However, malicious toolsets used to target multiple platforms are rare, because they required sig
Publish At:2020-11-20 06:07 | Read:78 | Comments:0 | Tags:Featured Malware reports Backdoor Exploit Kits Malware Descr

Phishers Using Redirector Sites with Custom Subdomains for Evasion

Malicious actors launched a phishing attack that’s using redirector websites with custom subdomains in order to evade detection.On November 16, Microsoft Security Intelligence tweeted out that it had spotted the phishing attack attempting to lure in recipients with emails disguised as password update reminders, helpdesk tickets and other seemingly legi
Publish At:2020-11-19 10:32 | Read:143 | Comments:0 | Tags:IT Security and Data Protection Latest Security News Phishin

Sophos 2021 Threat Report: Navigating cybersecurity in an uncertain world

byPaul DucklinWe know what you’re thinking: “Another year; another vendor; another threat report……and when I open it, I’ll be stuck in a thinly disguised product brochure.”Well, not this one.We’ve combined research from a number of threat prevention groups inside Sophos, including SophosLabs, Sophos Managed Threat Re
Publish At:2020-11-18 12:13 | Read:107 | Comments:0 | Tags:Android BEC Botnet Data loss Linux Machine Learning Malware

Phishing campaign targets LATAM e-commerce users with Chaes Malware

Experts from Cybereason Nocturnus uncovered an active campaign that targets users of a large e-commerce platform in Latin America with Chaes malware. Cybereason Nocturnus security researchers have identified an active campaign focused on the users of a large e-commerce platform in Latin America. Experts at Cybereason Nocturnus have uncovered an active
Publish At:2020-11-18 12:01 | Read:165 | Comments:0 | Tags:Breaking News Cyber Crime Malware Chaes Hacking hacking news

Office 365 phishing campaign uses redirector URLs and detects sandboxes to evade detection

Microsoft is tracking an ongoing Office 365 phishing campaign aimed at enterprises that is able to detect sandbox solutions and evade detection. Microsoft is tracking an ongoing Office 365 phishing campaign that is targeting enterprises, the attacks are able to detect sandbox solutions and evade detection. “We’re tracking an active credential phi
Publish At:2020-11-18 11:30 | Read:152 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Microsoft Office 365 phish

A week in security (November 9 – November 15)

Last week on Malwarebytes Labs, we reported on multiple patch releases: from Mozilla’s Firefox and Thunderbird to Google’s Chrome. We also had a chat with our resident experts, Adam Kujawa and John Donovan, about the future of IoT cybersecurity in our latest Lock and Code podcast episode. Lastly, we took a look at a new ransomware called RegretLo
Publish At:2020-11-16 15:06 | Read:101 | Comments:0 | Tags:A week in security amazon amazon scam android malware BBB Be

Creative Office 365 phishing inverts images to avoid detection bots

Experts spotted a creative Office 365 phishing campaign that inverts images used as backgrounds for landing pages to avoid getting flagged as malicious. Researchers at WMC Global have spotted a new creative Office 365 phishing campaign that has been inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by security s
Publish At:2020-11-08 09:41 | Read:178 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

Limited Impact of Phishing Site Blocklists and Browser Warnings

<p>The life of a phishing site is brief, but impactful. A <a href="https://www.usenix.org/system/files/sec20-oest-sunrise.pdf">study</a> published earlier this year found the average time span between the first and last victim of a phishing attack is just 21 hours. &nbsp;The same study observed the average phishing site shows up in indu
Publish At:2020-11-06 12:45 | Read:132 | Comments:0 | Tags:Phishing Digital Risk Protection

Russian Hacker Group Continues Stealing Money From Industrial Enterprises

A Russian-speaking threat actor has been targeting hundreds of industrial enterprises for more than two years, Kaspersky’s security researchers report.Focused on companies in Russia, the ongoing attacks are highly targeted, leveraging phishing emails for malware deployment. In some cases, legitimate documents that were stolen in previous attacks are leverage
Publish At:2020-11-06 09:34 | Read:213 | Comments:0 | Tags:NEWS & INDUSTRY Virus & Threats Phishing Malware Cyb

BEC Scammers Exploit Flaw to Spoof Domains of Rackspace Customers

A threat actor specializing in business email compromise (BEC) attacks has been observed exploiting a vulnerability to spoof the domains of Rackspace customers as part of its operations.UK-based cybersecurity company 7 Elements identified the vulnerability while conducting incident response activities for a customer. An analysis of the attack revealed that t
Publish At:2020-11-05 10:10 | Read:144 | Comments:0 | Tags:NEWS & INDUSTRY Email Security Fraud & Identity Thef

Tools