HackDig : Dig high-quality web security articles for hackers

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from
Publish At:2020-10-21 18:59 | Read:123 | Comments:0 | Tags:Cybercrime Social engineering cross-site scripting tech supp

Deepfakes and the 2020 United States election: missing in action?

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. Everything is up for
Publish At:2020-10-16 14:11 | Read:138 | Comments:0 | Tags:Cybercrime Social engineering 2020 US election AI conspiracy

FIFA 21 game scams: watch out for unsporting conduct

Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. It’s also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sales, clocking in at around 280 million copies across
Publish At:2020-10-14 15:23 | Read:145 | Comments:0 | Tags:Cybercrime Social engineering coins EA fake FIFA football FU

Malvertising campaigns come back in full swing

Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight a successful run. In late August, we started seeing a Fallou
Publish At:2020-09-09 15:55 | Read:312 | Comments:0 | Tags:Social engineering ad networks bad ads exploit kit exploit k

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are dis
Publish At:2020-09-05 11:47 | Read:431 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

Missing person scams: what to watch out for

Social media has a long history of people asking for help or giving advice to other users. One common feature is the ubiquitous “missing person” post. You’ve almost certainly seen one, and may well have amplified such a Facebook post, or Tweet, or even blog. The sheer reach and virality of social media is perfect for alerting others. It really is akin to
Publish At:2020-08-27 15:21 | Read:357 | Comments:0 | Tags:Cybercrime Social engineering abduction facebook fake missin

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
Publish At:2020-08-06 04:45 | Read:284 | Comments:0 | Tags:Cybercrime Social engineering bec business cybersecurity Bus

Avoid these PayPal phishing emails

For the last few weeks, there’s been a solid stream of fake PayPal emails in circulation, twisting FOMO (fear of missing out) into DO THIS OR BAD THINGS WILL HAPPEN. It’s one of the most common tools in the scammer’s arsenal, and a little pressure applied in the right way often brings results for them. Claim people are going to lose something, or incur ch
Publish At:2020-07-31 11:50 | Read:393 | Comments:0 | Tags:Cybercrime Social engineering account is limited intl-limite

Social Engineering: Hacking Brains…It’s Easier than Hacking Computers

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to dial a number. It is apparent she is not phoning a friend. The dial tone changes to a ring tone, and
Publish At:2020-07-30 15:36 | Read:342 | Comments:0 | Tags:Featured Articles Security Awareness cyberattack cybersecuri

New Deepfakes using GAN stirs up questions about digital fakery

Subversive deepfake campaigns that enter the party unannounced, do their thing, then slink off into the night without anybody noticing are where it’s at. Easily debunked clips of Donald Trump yelling THE NUKES ARE UP or something similarly ludicrous are not a major concern. We’ve already dug into why that’s the case. What we’ve also explored are the peopl
Publish At:2020-07-23 11:20 | Read:319 | Comments:0 | Tags:Social engineering AI article blog deepfake deepfakes deepfa

What Are Insider Threats and How Can You Mitigate Them?

What is an insider threat? Insider threats are users with legitimate access to company assets who use that access, whether maliciously or unintentionally, to cause harm to the business. Insider threats aren’t necessarily current employees, they can also be former employees, contractors or partners who have access to an organization’s systems or d
Publish At:2020-07-17 14:07 | Read:413 | Comments:0 | Tags:CISO Endpoint Identity & Access Access Management Cost of a

#TwitterHack: Power, Privilege and Pandemic

On Wednesday, July 15, the Twitterverse was ablaze with what Twitter itself has described as a “coordinated social engineering attack” that was launched at around 4pm ET. The outcome of this breach was compromised Twitter accounts of many well-known people and organizations, including Jeff Bezos, Elon Musk, Bill Gates, former President Barack Obama, Joe Bide
Publish At:2020-07-17 14:07 | Read:339 | Comments:0 | Tags:Advanced Threats Security Services Chief Information Securit

Coordinated Twitter attack rakes in 100 grand

“I’m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” This and similar Tweets asking readers to send US$1,000 to a Bitcoin address with the promise of a double return payment went out yesterday. Too good to be true? Once again,
Publish At:2020-07-16 14:35 | Read:405 | Comments:0 | Tags:Social engineering 2fa bitcoin Social Engineering tweets twi

Top 9 free security training tools

Cybersecurity training is one of the best defenses against cyber attacks targeting organizations and individuals alike. Although security training is a tried-and-true defense against cyber attacks and data breaches, security training is not one-size-fits all. Every organization faces unique threats based on their industry, cybersecurity tools and secur
Publish At:2020-07-07 11:43 | Read:428 | Comments:0 | Tags:Security Awareness general security phishing security awaren

Adventures in Phishing Email Analysis

Opening Phishing attacks are a daily threat to all organizations and unfortunately, they are one of the hardest threats to protect against. No matter how many defensive layers an organization has put in place following best practice defense-in-depth design, it only takes one (1) user to click on that malicious link or open that weaponized attached documen
Publish At:2020-06-18 10:09 | Read:456 | Comments:0 | Tags:Incident Response Incident Response & Forensics Penetration

Tools

Tag Cloud