HackDig : Dig high-quality web security articles for hacker

Spam and phishing in Q3 2017

Quarterly highlights Blockchain and spam Cryptocurrencies have been a regular theme in the media for several years now. Financial analysts predict a great future for them, various governments are thinking about launching their own currencies, and graphics cards are swept off the shelves as soon as they go on sale. Of course, spammers could not resist the top
Publish At:2017-11-03 07:15 | Read:260 | Comments:0 | Tags:Featured Spam and phishing reports Malicious spam Malware De

Pick a Card, Any Card: Deception, the Human Mind and the Social Engineering Challenge

Even as the technology deployed by both cyberattackers and cybersecurity defenders grows more sophisticated and powerful, the central role of the human factor remains critical. The most effective way to break into a computer network is to trick a legitimate user into opening the door to let you in. The techniques used to achieve this trickery are known as so
Publish At:2017-10-22 05:00 | Read:222 | Comments:0 | Tags:Fraud Protection Fraud Prevention Phishing Phishing Attacks

WiNX: The Ultra-Portable Wireless Attacking Platform

When you are performing penetration tests for your customers, you need to build your personal arsenal. Tools, pieces of hardware and software are collected here and there depending on your engagements to increase your toolbox. To perform Wireless intrusion tests, I’m a big fan of the WiFi Pineapple. I’ve one for years (model MK5). It’s not
Publish At:2017-09-29 02:25 | Read:171 | Comments:0 | Tags:Pentesting Security Social Engineering Hardware WiFi WiNX Wi

A simple example of a complex cyberattack

We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘M
Publish At:2017-09-26 14:25 | Read:268 | Comments:0 | Tags:Research DLL hijacking Dropper Microsoft Word Social Enginee

Miners on the Rise

Miners are a class of malware whose popularity has grown substantially this year. The actual process of cryptocurrency mining is perfectly legal, though there are groups of people who hoodwink unwitting users into installing mining software on their computers, or exploiting software vulnerabilities to do so. This results in threat actors receiving cryptocurr
Publish At:2017-09-12 13:30 | Read:296 | Comments:0 | Tags:Research Botnets Cryptocurrencies Malware Descriptions Socia

Dissecting the Chrome Extension Facebook malware

It’s been a few days since Kaspersky Lab’s blog post about the Multi Platform Facebook malware that was spread through Facebook Messenger. At the same time as Kaspersky Lab were analyzing this threat, a few researchers where doing the same, including Frans Rosén, Security Advisor at Detectify. After Frans saw David’s tweet about the blog po
Publish At:2017-08-31 14:55 | Read:272 | Comments:0 | Tags:Research Browser Plugins Google Chrome Social Engineering So

Spam and phishing in Q2 2017

Spam: quarterly highlights Delivery service Trojans At the start of Q2 2017, we registered a wave of malicious mailings imitating notifications from well-known delivery services. Trojan downloaders were sent out in ZIP archives, and after being launched they downloaded other malware – Backdoor.Win32.Androm and Trojan.Win32.Kovter. The usual trick of present
Publish At:2017-08-22 09:10 | Read:437 | Comments:0 | Tags:Featured Quarterly Spam Reports Malicious spam Malware Descr

SMS Phishing induces victims to photograph its own token card

Renato Marinho detailed an unusual SMS phishing campaign that hit Brazilian users. All started with an SMS message supposedly sent from his bank. Introduction Today I faced quite an unusual SMS phishing campaign here in Brazil. A friend of mine received an SMS message supposedly sent from his bank asking him to update his registration data through the given
Publish At:2017-07-17 20:20 | Read:556 | Comments:0 | Tags:Breaking News Cyber Crime Digital ID Hacking phishing SMS Ph

The Enemy Within: Identifying Insider Threats in Your Organization

Security professionals and managers are increasingly concerned that the leading information security risk to organizations comes from within. But despite the sinister overtones of this problem, insider threats are associated more with accidents and oversights than malicious actors. The danger is amplified by shortfalls in training and expertise, and the ch
Publish At:2017-06-22 11:35 | Read:644 | Comments:0 | Tags:Identity & Access Risk Management Critical Data Data Protect

Back to Basics: Six Simple Strategies to Strengthen Your Security Posture

Security threats can be scary, and the fear factor is understandable. Technological progress makes security a fast-moving target, with new and more sophisticated threats constantly emerging. The Internet of Things (IoT) is raising the stakes, putting the means of physical destruction in the hands of malicious actors. A sophisticated criminal underworld ecos
Publish At:2017-06-16 08:15 | Read:588 | Comments:0 | Tags:Risk Management Data Protection Passwords Patch Management S

Two Tickets as Bait

Over the previous weekend, social networks were hit with a wave of posts that falsely claimed that major airlines were giving away tickets for free. Users from all over the world became involved in this: they published posts that mentioned Emirates, Air France, Aeroflot, S7 Airline, Eva Air, Turkish Airlines, Air Asia, Air India, and other companies. We cann
Publish At:2017-06-10 09:25 | Read:662 | Comments:0 | Tags:Phishing Fraud Social Engineering Social networks

Five Tips to Stay Safe on Social Media While Traveling

Oversharing your travel plans can put you, your colleagues, your corporate data systems, your property and even your loved ones at risk. Similarly, announcing to the world that your home is vacant obviously increases the odds of a break-in, so what happens to your corporate laptop or personal devices containing corporate data that you leave at home? Furthe
Publish At:2017-06-07 21:40 | Read:684 | Comments:0 | Tags:Risk Management Identity Theft Phishing Security Awareness S

Four New Cyberthreats on the CISO’s Radar

Enterprises today face new cyberthreats from many different vectors, including some that didn’t exist just a few years ago. Chief information security officers (CISOs) need to keep their eyes on the evolving ways their companies can be breached and close any gaps to minimize the damage. Four New Cyberthreats Facing CISOs 1. Ransomware The latest high
Publish At:2017-05-30 22:30 | Read:579 | Comments:0 | Tags:CISO Chief Information Security Officer (CISO) Cyberthreats

Spam and phishing in Q1 2017

Spam: quarterly highlights Spam from the Necurs botnet We wrote earlier about a sharp increase in the amount of spam with malicious attachments, mainly Trojan encryptors. Most of that spam was coming from the Necurs botnet, which is currently considered the world’s largest spam botnet. However, in late December 2016, the network’s activity almost
Publish At:2017-05-02 05:05 | Read:927 | Comments:0 | Tags:Analysis Featured Quarterly Spam Reports Malicious spam Malw

Personalized Spam and Phishing

Most spam, especially the sort that is mass-mailed on behalf of businesses, has quite an impersonal format: spammers create a message template for a specific mailing purpose and often drastically diversify the contents of that template. Generally, these kinds of messages do not personally address the recipient and are limited to common phrases such as “
Publish At:2017-04-19 08:45 | Read:1184 | Comments:0 | Tags:Blog Phishing Social Engineering Spam Letters

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud