tagged w/ Phishing
THIS IS NOT SPAM It’s Always Phishing Season: How to Avoid Becoming Prey-APPARENTLY FRUIT BATS ARE SUPER INTO ORAL SEX-Top scientists to Obama: Ban mutation experiments that will make avian flu more infectious-Adbusters Targets Goldman Sachs In New Campaign-Huff To Withdraw Protest Buffer Bill-Saudi youth accused of paralyzing friend to be paralyzed in return-Fukushima meltdown appears to have sickened American infants-Camp Nama: New Details of the US-Run Torture Prison in IraqTHIS IS NOT SPAM It’s Always Phishing Season: How to Avoid Becoming... more
Forget Nigerain pleas and pricesses who just need some help getting their fortunes to feed the poor... new scam is IRS mimics? LOLFrom the real inbox addressed to a whole lotta people with email addresses that are similar to mine, and all with same email domain:
subject line: "Your income tax information needs verification
With intent to assure that exact information is being maintained on our systems, and to be able to grant you better quality of service; INTUIT INC. has participated in the Internal Revenue Service [IRS] Name and TIN Matching Program.
It appears that your name and/or TIN, that is stated on your account is different from the information provided by the Social Security Administration.
In order to verify your account, please click here.
2632 Marine Way
Mountain View, CA 94043"
Now, how can we get this spam/scam into the mailboxes of all the pols running for office? }^)From the real inbox addressed to a whole lotta people with email addresses that are... more
"After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or self-XSS..."
http://www.infosecisland.com/blogview/19165-Facebook-Attacks-Feed-Affiliate-Marketing-Scams.html"After users first click on the scams, malware or malicious scripts are to blame... more
While it is reported that intercepting unencrypted drone communication data streams had first been known to US military since the mid-1990's, this exploitation continued on into 2009 where militant laptops were found with drone data and unencrypted video feeds from Predator drones...
https://www.infosecisland.com/blogview/18778-How-the-RQ-170-Was-Hijacked.htmlWhile it is reported that intercepting unencrypted drone communication data streams... more
“Effective cyber defense requires us to continually test and improve our crisis management and decision-making procedures. This exercise was a great opportunity to promote the practical implementation of NATO’s new Cyber Defense Policy adopted last June..."
https://www.infosecisland.com/blogview/18814-Exercise-Tested-NATO-Procedures-for-Cyber-Defense.html“Effective cyber defense requires us to continually test and improve our crisis... more
If we we consider the Occupy movements across the globe, demonstrating and protesting against income inequality and inequitable policies around commerce and taxation, the persistent cart vulnerability could become a seemingly benign form of occupation that could develop into a serious threat...
https://www.infosecisland.com/blogview/18630-OWWWS-The-Other-Form-of-Occupy.htmlIf we we consider the Occupy movements across the globe, demonstrating and protesting... more
Issues gaining attention over the past year include the weakening of the digital certificate authorities, surges in malware targeting mobile devices, designer malware, and the rash of corporate network breaches - be they by hacktivists, nation-state supported hackers, or criminal syndicates...
https://www.infosecisland.com/blogview/18771-Top-Seven-Emerging-Security-Trends-from-2011.htmlIssues gaining attention over the past year include the weakening of the digital... more
Section 954 of the the FY 2012 defense authorization act states that “Congress affirms that the Department of Defense has the capability, and upon direction by the President may conduct offensive operations in cyberspace to defend our Nation, allies and interests..."
https://www.infosecisland.com/blogview/18769-Congress-Sanctions-Offensive-Military-Action-in-Cyberspace.htmlSection 954 of the the FY 2012 defense authorization act states that “Congress... more
"The attack is not device specific and appears to be an issue with the way the Windows Phone messaging hub handles messages. The bug is also triggered if a user sends a Facebook chat message or Windows Live Messenger message to a recipient..."
https://www.infosecisland.com/blogview/18710-Windows-Phone-Denial-of-Service-Attack-Vulnerability.html"The attack is not device specific and appears to be an issue with the way the... more
"This [activation] is a tribute to the belief in the notion that our nation requires assured freedom of maneuver in cyberspace in this era of persistent conflict and the advent of the increasingly more sophisticated threats to our security," said Maj. Gen. Mary A. Legere...
https://www.infosecisland.com/blogview/18709-Army-Officially-Activates-First-Dedicated-Cyber-Brigade.html"This [activation] is a tribute to the belief in the notion that our nation... more
Iranian Ambassador Mohammad Hassan Ghadiri discusses the potential for state sponsored attacks on the White House, FBI, CIA, and nuclear power plant systems within the US. The video shows the ambassador talking also asking about how to further the attacks by making certain contacts...
https://www.infosecisland.com/blogview/18708-Iranian-Ambassador-Discusses-Cyber-Attacks-on-US-Targets.htmlIranian Ambassador Mohammad Hassan Ghadiri discusses the potential for state sponsored... more
Santamarta uncovered multiple hidden accounts with default passwords in the systems that could allow an attacker to remotely access the network, view and modify the module's firmware, execute arbitrary malicious code, or cause a denial of service interruption...
https://www.infosecisland.com/blogview/18706-ICS-CERT-Issues-New-SCADA-Vulnerability-Advisory.htmlSantamarta uncovered multiple hidden accounts with default passwords in the systems... more
The first of a monthly webinar series on Industrial Control System (ICS) Cybersecurity is now available for review in this video. This session provides insight for those interested in ICS Cybersecurity including policy makers, asset owners, vendors, consultants and integrators....
https://www.infosecisland.com/security-videos-view/18705-Cybersecurity-in-Waste-Water-and-Water-Control-Systems.htmlThe first of a monthly webinar series on Industrial Control System (ICS) Cybersecurity... more
Have we now arrived at the point in obtaining medical care that in addition to looking into the medical practitioner's experience and confirming they are compliant with HIPAA, that we now must review their data handling policies before choosing a health care provider?
https://www.infosecisland.com/blogview/18525-Are-Your-Health-Records-at-Risk.htmlHave we now arrived at the point in obtaining medical care that in addition to looking... more
"According to the indictment, Poe used a favorite software tool of the Anonymous collective—a Low Orbit Ion Cannon, which is a computer program that is used to send extremely large numbers of “packets” or requests over a network in an attempt to overwhelm a target computer..."
https://www.infosecisland.com/blogview/18703-Anonymous-Affiliate-Arrested-for-2010-DDoS-Attack.html"According to the indictment, Poe used a favorite software tool of the Anonymous... more
Banks, motor vehicle registries, doctors’ offices, insurance companies, and even utilities often require a Social Security number to do business. Why? Sometimes it’s because it is attached to tax or criminal records, but most often it’s because the number is attached to your credit file...
https://www.infosecisland.com/blogview/18667-Social-Security-Numbers-The-All-Purpose-Identifier.htmlBanks, motor vehicle registries, doctors’ offices, insurance companies, and even... more
"Right now we have the worst of worlds. If you want to attack me you can do it all you want, because I can't do anything about it. It's risk free, and you're willing to take almost any risk to come after me," said James Cartwright, a former vice chairman of the Joint Chiefs of Staff...
https://www.infosecisland.com/blogview/18683-Handful-of-Chinese-Hackers-Responsible-for-Majority-of-Attacks.html"Right now we have the worst of worlds. If you want to attack me you can do it... more
Cyber warfare took place long before the release of Stuxnet, but its release caused the world to realize the benefits of using a domain of warfare with limited entry costs and the possibility of non-attribution, which is the ability to operate without positively being connected to an operation...
https://www.infosecisland.com/blogview/18675-The-Control-Systems-Community-and-Cyber-Warfare.htmlCyber warfare took place long before the release of Stuxnet, but its release caused... more
Breaking News (video): Networks at the North Pole have been breached by unidentified hackers leading to the disclosure of sensitive data - Santa's naughty list. Don’t worry – your secrets are safe! Included is a list of the things we really think are just that - a little bit naughty...
https://www.infosecisland.com/security-videos-view/18650-Santa-Gets-Hacked-Naughty-List-Leaked-video.htmlBreaking News (video): Networks at the North Pole have been breached by unidentified... more
"HTML 5 applications use DOM extensively and dynamically change content via XHR calls. DOM manipulation is done by several different DOM-based calls and poor implementation allows DOM-based injections. These injections can lead to a set of possible attacks and exploits..."
https://www.infosecisland.com/blogview/18649-Top-Ten-HTML5-Attack-Vectors.html"HTML 5 applications use DOM extensively and dynamically change content via XHR... more