HackDig : Dig high-quality web security articles for hackers

“I have full control of your device”: Sextortion scam rears its ugly head in time for 2021

Malwarebytes recently received a report about a fresh spate of Bitcoin sextortion scam campaigns doing the rounds. Bitcoin sextortion scams tend to email you to say they’ve videoed you on your webcam performing sexual acts in private, and ask you to pay them amount in Bitcoin to keep the video (which doesn’t exist) private. This type of blackm
Publish At:2021-01-07 15:06 | Read:159 | Comments:0 | Tags:Social engineering bitcoin blackmail email 2020 BitCoin Scam

Retrohunting APT37: North Korean APT used VBA self decode technique to inject RokRat

This post was authored by Hossein Jazi On December 7 2020 we identified a malicious document uploaded to Virus Total which was purporting to be a meeting request likely used to target the government of South Korea. The meeting date mentioned in the document was 23 Jan 2020, which aligns with the document compilation time of 27 Jan 2020, indicating that th
Publish At:2021-01-06 11:48 | Read:131 | Comments:0 | Tags:Social engineering Threat analysis APT37 Hangul korea Office

S3 Ep12: A chat with social engineering hacker Rachel Tobac [Podcast]

byPaul DucklinHow do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac! Rachel Tobac, CEO of SocialProof SecurityJoin us for a fascinating interview with Rachel about her journey, why you should always be “politely paranoid”, and the people who inspired her along th
Publish At:2020-12-24 10:07 | Read:278 | Comments:0 | Tags:Phishing Podcast Social networks Vulnerability Women in secu

4 Free Easy Wins That Make Red Teams Harder

In this post, I will cover some easy things that defenders can do to make it harder for attackers to succeed. As you all know, there is never a silver bullet when it comes to security, so these tips will only make it harder for attackers by focusing on the basics, and sometimes, that helps a lot. This post assumes you have basic knowledge such as how to crea
Publish At:2020-12-10 15:30 | Read:196 | Comments:0 | Tags:Penetration Testing Red Team Adversarial Attack Simulation S

Get a head start on defending against tax scams

It may not be tax season in your part of the world right now but you’ll no doubt be pleased to know a prolific tax scammer is on their way to jail for 20 years. If you’re annoyed by tax scam missives, or had the misfortune to hand money over, this is probably satisfying news. Between 2013 and 2016, Hitesh Patel ran a particularly sophisticated operation.
Publish At:2020-12-08 17:30 | Read:125 | Comments:0 | Tags:Social engineering 2fa HMRC money laundering phish phishing

A week in security (November 23 – November 29)

Last week on Malwarebytes Labs, we talked with Chris Boyd about charities that track you online. We also looked back at Zoom, and wondered whether it’s any safer months after its first vulnerability was reported. We talked about how Apple’s security is hampering the detection of potentially unwanted programs (PUPs). Lastly, we reported on Spot
Publish At:2020-11-30 10:36 | Read:176 | Comments:0 | Tags:A week in security Apple awis Chris Boyd covid-19 fbi lock a

November spam roundup: Stalkers, property tips, porn, stern words and PayPal

Today we’re rounding up some of the interesting pieces of spam currently in circulation, taking in everything from housing deals to mysteriously free slices of cash. You may have seen some of these already. Hopefully we can help make up your mind about whatever’s lurking in your mailbox. A full house of spam Whether by accident or design, y
Publish At:2020-11-30 10:36 | Read:207 | Comments:0 | Tags:Cybercrime Social engineering email mail phish phishing roun

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, we’ve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One of those campaigns we dubbed ‘malsmoke’ h
Publish At:2020-11-16 15:06 | Read:311 | Comments:0 | Tags:Exploits Social engineering Threat analysis exploit kits Fal

How to do cybersecurity – join us online for the Sophos Evolve event!

byPaul DucklinIf you are a regular Naked Security reader, you’ll know that we generally steer clear of publishing content that deals specifically with Sophos products and services.That’s because our primary goal on this site is to help all of you learn more about cybersecurity by offering information and tips that work whatever operating system,
Publish At:2020-11-16 13:25 | Read:203 | Comments:0 | Tags:Evolve hacking Social Engineering Sophos Evolve threat respo

Attacks on industrial enterprises using RMS and TeamViewer: new data

 Download full report (PDF) Executive Summary In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in
Publish At:2020-11-05 07:18 | Read:303 | Comments:0 | Tags:Featured Industrial threats Backdoor JavaScript Malware RAT

QBot Trojan delivered via malspam campaign exploiting US election uncertainties

This blog post was authored by Jérôme Segura and Hossein Jazi. The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided to jump in on it too. Those tracking the threat landscape
Publish At:2020-11-04 18:23 | Read:354 | Comments:0 | Tags:Cybercrime Social engineering elections malspam Pinkslipbot

Fake COVID-19 survey hides ransomware in Canadian university attack

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of Brit
Publish At:2020-10-28 14:47 | Read:272 | Comments:0 | Tags:Cybercrime Social engineering phish phishing ransomware UBC

Scammers are spoofing bank phone numbers to rob victims

It can be a very convincing trick… “You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you suggest calling them back, they’ll tell you it’s
Publish At:2020-10-28 10:53 | Read:250 | Comments:0 | Tags:Social engineering 2fa caller id cold callers fake banksites

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from
Publish At:2020-10-21 18:59 | Read:454 | Comments:0 | Tags:Cybercrime Social engineering cross-site scripting tech supp

Deepfakes and the 2020 United States election: missing in action?

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. Everything is up for
Publish At:2020-10-16 14:11 | Read:426 | Comments:0 | Tags:Cybercrime Social engineering 2020 US election AI conspiracy


Tag Cloud