phishing

A security researcher has warned that a fake browser could be used to more effectively scam users into handing over login details. Password managers and similar tools may be one way to combat the tactic. The warning comes from a security researcher ... who chooses to use the pseudonym mrd0x. They dubbed the approach a "browser-in-the-browser" attack. (Source: mrd0x.com ) The tactic would take advantage of websites that have registration and accounts but let users sign in with a third party account such as Google or Facebook. This works by displaying a pop-up window that's hosted by the ... (view more)

Microsoft has warned users to pay particularly close attention to emails that appear to come from "microsoft.com". A simple trick involving spelling was the key to a security attack that Microsoft believes was instigated by North Korea. A US court ... has given Microsoft legal control of 50 web domains it says were used to carry out cyber attacks on Windows users. It's said to be the work of a group dubbed Thallium operating out of North Korea. Microsoft says the attacks were targeted at "government employees, think tanks, university staff members, members of organizations ... (view more)

A tech expert has spotted a security risk in the mobile edition of Chrome. The way the exploit works means that scammers could make the browser appear to show a fake website address. This type of exploit would be particularly useful in a phishing ... scam, where hackers could develop a bogus website (such as a major banking site) to trick people into handing over personal information or passwords to sensitive data. James Fisher noted a potential problem with what's meant to be a useful measure in mobile Chrome. As the user scrolls down the page - which is much more likely to happen on a phone ... (view more)

Question site "Quora" has become the latest high-profile hacking victim, with details of more than 100 million users breached. Fortunately, the implications likely won't be as serious as some previous hacks. The site lets users post questions and ... then get answers from other users. A voting system means more helpful answers from its community means the best answers float to the top. Quora says its systems were accessed without authorization and that it discovered the breach on November 30, 2018. It says the exposed information included account information such as name, email address ... (view more)

Security researchers have warned that nearly half of all phishing sites falsely display the browser padlock symbol commonly associated with secure websites. It's a reminder that the browser padlock symbol only covers one aspect of security. Most ... major browsers display the padlock symbol when a website uses a technology, most commonly Secure Sockets Layer (SSL), to encrypt data as it passes between the user's computer and the website, or vice versa. Such sites have an address starting "https://" rather than "http://". The purpose of the padlock symbol is to indicate to the user that the ... (view more)

A man has been arrested for allegedly stealing more than a billion dollars in cyber attacks. The tactics were so outlandish, they almost sounded like the words used by Richard Pryor's character in Superman III. The unnamed man was arrested in Spain ... after an investigation that involved officials from six countries on three continents plus private cyber security firms. The man is alleged to have led a gang that attacked more than 100 banks and other financial institutions around the world. The gang has been operating for at least three years using three forms of malware, known as Anunak, ... (view more)

A man has been arrested after allegedly scamming two US companies into sending him more than a hundred million dollars online. He posed as a legitimate computer manufacturer and issued bogus requests for payment. The companies haven't been named, ... but prosecutors say one is a "multinational technology company" and the other a "multinational online social media company." Evaldas Rimasauskus was arrested in Lithuania last week and has been charged in US courts with one count of wire fraud, one count of aggravated identify theft, and three counts of money laundering. Bogus ... (view more)

The people behind phishing emails appear to be getting more sophisticated. Reports from both sides of the Atlantic say such emails are including more personal details, something that was previously used only for high value target. Phishing emails ... are a way to try to trick people into either providing confidential information such as bank details or online passwords, or by clicking on links that install malware, usually through security weaknesses in web browsers or office software. More and more phishing attacks now involve trying to install ransomware that locks up a computer until the ... (view more)

Facebook is to warn users when it believes a government is trying to hack their account. The company is giving few details about how it will detect such attempts, or which governments may be involved. The warnings will appear when Facebook has ... reason to believe an "account has been targeted or compromised by an attacker suspected of working on behalf of a nation-state." According to Facebook, the message is not meant as an indication that Facebook's own servers or systems have been compromised - whether by a government or anyone else. Early Warning System Instead, Facebook will ... (view more)

According to security firm Symantec, the proportion of spam emails has fallen to their lowest levels in 12 years. It's the first time since 2003 that the majority of emails are not spam. While the figures are compiled from a variety of sources, the ... main source comes from customers using Symantec security products containing some form of email filtering. That could mean the report is slightly distorted towards those who find spam especially problematic, and thus overstate their level of spam. Overall, Symantec estimates that 49.7 percent of email messages contain spam. This covers all email ... (view more)