HackDig : Dig high-quality web security articles for hacker

Infographic: The Mall of American Data Breaches

2014 was a record year for data breaches, with big name companies like Home Depot, Staples, Michaels and Neiman Marcus all disclosing breaches that affected millions of consumers. Heading into the 2014 holiday shopping season, some security insiders are warning that another big data breach disclosure is only a matter of time. To help illustrate the data brea
Publish At:2014-11-25 12:15 | Read:3058 | Comments:0 | Tags:ThreatTrack Security Labs data breach Infographic

2015 Security Predictions from the Front Lines

ThreatTrack Security today published the study 2015 Predictions from the Front Lines which found that expectations for data security next year are surprisingly optimistic given the harsh reality of 2014, which has been the worst year on record for data breaches. Enterprise security staffers are so confident that 81% of survey respondents said they would “per
Publish At:2014-11-18 18:10 | Read:2865 | Comments:0 | Tags:ThreatTrack Security Labs

ADP Past Due Invoice Spam is After Your Bank Login

ThreatTrack Security Labs researchers spotted a nasty malicious spam campaign making the rounds. Users receive an email that claims to be from ADP (see image and full email text below), with urgent warnings about a non-existent past due invoice. The message attempts to make recipients click one of two malicious links. Your ADP past due invoice is ready for
Publish At:2014-11-14 06:10 | Read:5401 | Comments:0 | Tags:Featured ThreatTrack Security Labs ADP Spam Dyre email spam

In a Crypto World, Rogue AV Still Finds a Niche

Is Rogue AV dead? That’s one of those questions people like to ask from time to time, especially when threats like CryptoLocker or CryptoWall emerge with the ability to extort money out of victims to recover encrypted files. After all, when you have something as powerful as a Crypto tool at your disposal, why would a cybercriminal go with the old “Your machi
Publish At:2014-10-31 18:10 | Read:3086 | Comments:0 | Tags:Featured ThreatTrack Security Labs asprox crypto cyrptowall

Bitstamp Users Targeted by Bitcoin Thieves

Earlier this month, ThreatTrack Security researchers observed the credential stealing Trojan, Dyre, adding Bitcoin wallet sites to its list of targets, including Bitstamp.net. Recently, the team spotted a malicious spam campaign directly targeting Bitstamp users. The message (see image below) misappropriates Bitstamp’s branding and claims “We would like to i
Publish At:2014-10-30 15:10 | Read:3124 | Comments:0 | Tags:ThreatTrack Security Labs Bitcoin bitstamp Dyre Dyreza spam

RIG Exploit Kit Dropping CryptoWall 2.0

ThreatTrack Security Labs today observed spammers exploiting vulnerable WordPress links to redirect users to servers hosting the RIG Exploit Kit, which takes advantage of any number of vulnerabilities in unpatched Silverlight, Flash, Java and other applications to drop CryptoWall 2.0. CryptoWall 2.0, of course, is the nasty updated version of CryptoWall, whi
Publish At:2014-10-17 17:25 | Read:4540 | Comments:0 | Tags:Featured ThreatTrack Security Labs adobe exploit CryptoLocke

ThreatTrack Security Joins Industry Peers to Disrupt APT Axiom

ThreatTrack Security today announced that it is lending its extensive cybersecurity and malware analysis expertise to the Cyber Security Coalition. Led by Novetta – a leader in advanced analytics technology solutions – the coalition was established to interdict malware used by advanced threat groups. Coalition members include F-Secure, ThreatConnect, ThreatT
Publish At:2014-10-16 14:35 | Read:2371 | Comments:0 | Tags:Featured ThreatTrack Security Labs Advanced Persistent Threa

Dyre Hunts Bitcoin

The rapid evolution of Dyre (or Dyreza) continues, and this time it wants your Bitcoins. In September of 2014, the credential stealing Trojan, Dyre, was observed taking its game beyond targeting financial and banking institutions to pursue login data of Salesforce users. Then, in early October, researchers at Proofpoint reported on Dyre’s ability to download
Publish At:2014-10-16 14:35 | Read:3487 | Comments:0 | Tags:Featured ThreatTrack Security Labs Bitcoin Dyre Dyreza malwa

Gameover Zeus Accessorizes at Vogue.com

Our researchers this week spotted a Gameover Zeus sample receiving commands to download Zemot from hxxp://media.vogue[dot]com/voguepedia/extensions/dimage/cache/1zX67.exe Gameover Zeus is a pervasive botnet that was disrupted by authorities in June. According to the FBI at the time, “GameOver Zeus is an extremely sophisticated type of malware designed specif
Publish At:2014-10-10 10:50 | Read:3679 | Comments:0 | Tags:Featured ThreatTrack Security Labs gameover zeus Trojan vogu

Red Cross 419 Scam Exploits Typhoon Haiyan

There are a number of emails currently in circulation attempting to cash in on the generosity of individuals and organisations wanting to assist the Typhoon Haiyan relief efforts. Another one just landed in our spamtraps, and reads as follows: click to enlarge Donate-to-victims-of-super-typhoon Emergency Relief Dear Sir/Madam Donate Now To Emergency Relief i
Publish At:2014-08-15 09:18 | Read:2029 | Comments:0 | Tags:Scams ThreatTrack Security Labs 419 scam haiyan red cross sp

Pokemon X and Y Tumblrs: Warn your Kids

A gentle reminder not to leave your kids alone with their best friend ever, the internet. Pokemon X and Y is by all accounts a raging success, and if the smaller members of your household go Googling for things related to said title, they may well end up on a site such as the below promising a PC download of the new game. pokemonxetyromemulateur(dot)tumblr(d
Publish At:2014-08-15 09:18 | Read:3216 | Comments:0 | Tags:Scams ThreatTrack Security Labs children kids pokemon

TESCO Online Banking / Credit Card Customers: Watch where you’re logging in

If you do your online banking with TESCO, or indeed have a credit card with them you may want to be on the lookout for the following website which is hosting a rather large tally of login pages. The site in question is mrqos(dot)com(dot)au/kate/tess/tescr/login(dot)html and that particular site was flagged not so long ago in the Zone-H defacement mirror, wit
Publish At:2014-08-15 09:18 | Read:3662 | Comments:0 | Tags:ThreatTrack Security Labs Web threats banking compromise phi

A Look Inside a CVE-2013-3918 Exploit

Editor’s Note: Berman Enconado is a senior software security engineer in the Security Labs. He’s been in the industry for more than 10 years and has given talks to local universities on several occasions as part of the company’s security awareness drives. Last November 8, our friends at FireEye had discovered an exploit malware that targets
Publish At:2014-08-15 09:18 | Read:3113 | Comments:0 | Tags:Featured ThreatTrack Security Labs Web threats CVE-2013-3918

Trust Financial Lends Adware to Clients

Our researchers in the Labs found a fake loan page from an equally fake financial institution called “Trust Financial Group”. click to enlarge Once users visit trustfinancial(dot)org, they are redirected to a default page serving a loan decision document. In order for visitors to see its unblurred version, they have to install a “secure loa
Publish At:2014-08-15 09:18 | Read:2783 | Comments:0 | Tags:Scams ThreatTrack Security Labs adware fake document viewer

ThreatSecure Catches Air Canada Ticket Malware En Route

For our blog readers, we wanted to share a quick look at how ThreatSecure’s proactive behavior-based malware detection identified a new malware sample attacking networks via email, as well as the threat analysis and details it provides users. At RSA Conference 2014, ThreatTrack Security launched the ThreatSecure email appliance, a new approach to catching em
Publish At:2014-08-15 09:18 | Read:3427 | Comments:0 | Tags:Featured ThreatTrack Security Labs air canada air canada spa

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud