tag
Social Engineering

Salesforce software – millions of users at risk of Dyre malware

A strain of malware which previously targeted banks has turned its attention to users of the popular Customer Relationship Management (CRM) software Salesforce, used by 100,000 organizations worldwide.

Online ad threat – Yahoo, Amazon, YouTube ‘victims of malvertising’

Anyone who has visited popular domains such as YouTube.com, Amazon.com or Ads.Yahoo.com could be a victim of a new, mutating malware attack distributed through the adverts displayed on the sites.

TorrentLocker now targets UK with Royal Mail phishing

Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While

Tax Scams, Malware, Phishing and a 419

A roundup of scam information, including a tax scams article, email with a link to malware, a phish, and the worlds laziest 419.

2013: a View to a Scam

There are plenty of scams effective enough to rate a warning or three, in the hope of alerting potential victims to the kind of gambit they use. And so, even though much of ESET’s business is focused on the bits and bytes of malicious software, I’ve spent a lot of time writing on WeLiveSecurity and

Phishing for Tesco Shoppers

A phishing scam targeting Tesco bank customers puts on a festive party hat and pretends to offer something for nothing. Is this a topical trend?

The Less Thoughtful Phisher

Less innovative than the scam mails described in my previous articles (Phish to phry  and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is

The Thoughtful Phisher II

In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some

Phish to phry: The Thoughtful Phisher Revisited…

[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a

Tech Support Scammers: Talking to a Real Support Team

It so happens that I live over 5,000 miles from the ESET North America office in San Diego, and so tend not to have water cooler conversations with the people located there. Of course, researchers working for and with ESET around the world maintain contact through the wonders of electronic messaging, but there are lots

Big companies still fall for social engineering “hacks” by phone – and it’s not getting better

Major companies such as Disney, Boeing and General Electric are still handing out information to “hackers” using the most basic tool of all – the human voice, according to a report on a competition at DefCon.

Needles and haystacks – the art of threat attribution

ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.

Iranian election phishing campaigns thwarted by Google

Google claims to have spotted and disrupted several phishing campaigns in Iran – attempts to compromise tens of thousands of email accounts in the run-up to the country’s presidential elections this Friday.

Twitter blames spear-phishing for recent hacks – and warns news companies to expect more

Twitter has warned media companies that attacks on their official Twitter accounts are liable to continue, after Britain’s Guardian newspaper became the latest high-profile news site to fall victim.

Preventable errors are behind most security breaches, says Verizon report

Most cyber attacks are simple and predictable, relying on basic tactics and preventable employee errors, according to Verizon’s annual Data Breach Investigations Report. The problem is made worse by the fact that companies often take months or even years to detect such breaches.

Hacked CBS Twitter accounts present followers with malware-tainted “news”

Twitter accounts used by CBS News were compromised on Saturday – and began serving up bogus news stories with links to malware.

U.S. Air Force team wins virtual “cyber war” against veteran hackers

A three-day “cyber war” ended in victory for a team from the U.S. Air Force Academy, who beat off attacks from hackers from the National Security AGency in the 13th annual Cyber Defense Exercise (CDX).

Warning over “too much information” after power company targeted with spear-phishing campaign

Utility companies have been warned not to share information such as email addresses on company websites, after a spear-phishing attack on an American electricity company.

Criminal hacking continues to cause headaches for Yahoo members

Malicious spam may still be spreading across Yahoo! Mail accounts. We show you how to turn on the added verification process that Yahoo! offers.

Hundreds of thousands of Facebook likes can certainly be wrong

Issues with malware are always with us. There may or may not be a current media storm, or companies hoping for a slice of the anti-malware pie by proclaiming the death of antivirus in a press release, but AV labs continue to slog their way every day through tens of thousands of potentially malicious samples.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.