HackDig : Dig high-quality web security articles for hackers

Malsmoke operators abandon exploit kits in favor of social engineering scheme

Exploit kits continue to be used as a malware delivery platform. In 2020, we’ve observed a number of different malvertising campaigns leading to RIG, Fallout, Spelevo and Purple Fox, among others. And, in September, we put out a blog post detailing a surge in malvertising via adult websites. One of those campaigns we dubbed ‘malsmoke’ h
Publish At:2020-11-16 15:06 | Read:164 | Comments:0 | Tags:Exploits Social engineering Threat analysis exploit kits Fal

How to do cybersecurity – join us online for the Sophos Evolve event!

byPaul DucklinIf you are a regular Naked Security reader, you’ll know that we generally steer clear of publishing content that deals specifically with Sophos products and services.That’s because our primary goal on this site is to help all of you learn more about cybersecurity by offering information and tips that work whatever operating system,
Publish At:2020-11-16 13:25 | Read:84 | Comments:0 | Tags:Evolve hacking Social Engineering Sophos Evolve threat respo

Attacks on industrial enterprises using RMS and TeamViewer: new data

 Download full report (PDF) Executive Summary In summer 2019, Kaspersky ICS CERT identified a new wave of phishing emails containing various malicious attachments. The emails target companies and organizations from different sectors of the economy that are associated with industrial production in one way or another. We reported these attacks in 2018 in
Publish At:2020-11-05 07:18 | Read:175 | Comments:0 | Tags:Featured Industrial threats Backdoor JavaScript Malware RAT

QBot Trojan delivered via malspam campaign exploiting US election uncertainties

This blog post was authored by Jérôme Segura and Hossein Jazi. The 2020 US elections have been the subject of intense scrutiny and emotions, while happening in the middle of a global pandemic. As election night ended and uncertainty regarding the results began to creep in, threat actors decided to jump in on it too. Those tracking the threat landscape
Publish At:2020-11-04 18:23 | Read:149 | Comments:0 | Tags:Cybercrime Social engineering elections malspam Pinkslipbot

Fake COVID-19 survey hides ransomware in Canadian university attack

This post was authored by Jérôme Segura with contributions from Hossein Jazi, Hasherezade and Marcelo Rivero. In recent weeks, we’ve observed a number of phishing attacks against universities worldwide which we attributed to the Silent Librarian APT group. On October 19, we identified a new phishing document targeting staff at the University of Brit
Publish At:2020-10-28 14:47 | Read:150 | Comments:0 | Tags:Cybercrime Social engineering phish phishing ransomware UBC

Scammers are spoofing bank phone numbers to rob victims

It can be a very convincing trick… “You can check the number in your display online sir. You’ll see I’m really calling from your bank.” That is, of course, if you are unaware that phone numbers can be spoofed. Then again, they wouldn’t be successful scammers if they weren’t convincing. If you suggest calling them back, they’ll tell you it’s
Publish At:2020-10-28 10:53 | Read:165 | Comments:0 | Tags:Social engineering 2fa caller id cold callers fake banksites

XSS to TSS: tech support scam campaign abuses cross-site scripting vulnerability

Tech support browser lockers continue to be one of the most common web threats. Not only are they a problem for end users who might end up on the phone with scammers defrauding them of hundreds of dollars, they’ve also caused quite the headache for browser vendors to fix. Browser lockers are only one element of a bigger plan to redirect traffic from
Publish At:2020-10-21 18:59 | Read:238 | Comments:0 | Tags:Cybercrime Social engineering cross-site scripting tech supp

Deepfakes and the 2020 United States election: missing in action?

If you believe reports in the news, impending deepfake disaster is headed our way in time for the 2020 United States election. Political intrigue, dubious clips, mischief and mayhem were all promised. We’ll need to be careful around clips of the President issuing statements about being at war, or politicians making defamatory statements. Everything is up for
Publish At:2020-10-16 14:11 | Read:255 | Comments:0 | Tags:Cybercrime Social engineering 2020 US election AI conspiracy

FIFA 21 game scams: watch out for unsporting conduct

Despite COVID-19, soccer season is slowly ebbing its way back into daily life around the world. It’s also sneaking back onto TV screens in the form of huge-budget video games. Step up to the plate, FIFA 21. FIFA games: the football juggernaut The FIFA series is an absolute monster in terms of sales, clocking in at around 280 million copies across
Publish At:2020-10-14 15:23 | Read:288 | Comments:0 | Tags:Cybercrime Social engineering coins EA fake FIFA football FU

Malvertising campaigns come back in full swing

Malvertising campaigns leading to exploit kits are nowhere near as common these days. Indeed, a number of threat actors have moved on to other delivery methods instead of relying on drive-by downloads. However, occasionally we see spikes in activity that are noticeable enough that they highlight a successful run. In late August, we started seeing a Fallou
Publish At:2020-09-09 15:55 | Read:470 | Comments:0 | Tags:Social engineering ad networks bad ads exploit kit exploit k

Hackers use overlay screens on legitimate sites to steal Outlook credentials

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are dis
Publish At:2020-09-05 11:47 | Read:628 | Comments:0 | Tags:Breaking News Cyber Crime Hacking hacking news information s

Missing person scams: what to watch out for

Social media has a long history of people asking for help or giving advice to other users. One common feature is the ubiquitous “missing person” post. You’ve almost certainly seen one, and may well have amplified such a Facebook post, or Tweet, or even blog. The sheer reach and virality of social media is perfect for alerting others. It really is akin to
Publish At:2020-08-27 15:21 | Read:437 | Comments:0 | Tags:Cybercrime Social engineering abduction facebook fake missin

Business email compromise: gunning for goal

The evergreen peril of business email compromise (BEC) finds itself in the news once more. This time, major English Premier League football teams almost fell victim to their trickery, to the tune of £1 million. First half: fraudsters on the offensive Somebody compromised a Managing Director’s email after they logged into a phishing portal via bogus ema
Publish At:2020-08-06 04:45 | Read:474 | Comments:0 | Tags:Cybercrime Social engineering bec business cybersecurity Bus

Avoid these PayPal phishing emails

For the last few weeks, there’s been a solid stream of fake PayPal emails in circulation, twisting FOMO (fear of missing out) into DO THIS OR BAD THINGS WILL HAPPEN. It’s one of the most common tools in the scammer’s arsenal, and a little pressure applied in the right way often brings results for them. Claim people are going to lose something, or incur ch
Publish At:2020-07-31 11:50 | Read:484 | Comments:0 | Tags:Cybercrime Social engineering account is limited intl-limite

Social Engineering: Hacking Brains…It’s Easier than Hacking Computers

The audience in the room is weirdly quiet. The contestant is in a small plexiglass booth with nothing but a phone, a laptop computer and some notes. On a set of speakers outside, the booth broadcasts the sounds of a dial tone as a woman on the stage begins to dial a number. It is apparent she is not phoning a friend. The dial tone changes to a ring tone, and
Publish At:2020-07-30 15:36 | Read:492 | Comments:0 | Tags:Featured Articles Security Awareness cyberattack cybersecuri

Tools