Monthly Archives: August 2010
Mark Zuckerberg spots friend's Facebook account is hacked
Early on Monday I blogged about the iPhone and iPad tester scams which had been affecting many Facebook users' accounts, posting images on their walls in an attempt to direct the unwary into the arms of the scammers. It appears Read more…
Twitter tightens security - Good news for social media safety
I have been waiting for this day for over a year now. Death to the Twitter HTTP API. Long live OAuth! I have written several times that Twitter needed to get rid of their old, insecure authentication mechanism if they Read more…
Don't panic! The ragtime jazz virus hasn't infected Gmail
Gmail users who run Google Chrome are up in arms today following the launch of the new Gmail priority inbox service. Not because the feature doesn't work for internet users who've chosen the Chrome browser to access their email, but Read more…
Fake TweetDeck update preys on Twitter users
It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day. But it appears that at least one bunch of criminals Read more…
Shocking hidden message on Coca-Cola logo, and other Facebook scams
Once the bad guys have tricked you into adding a rogue application to your Facebook account, don't be surprised if they use it to spread more of their scams. Here's an account which suddenly started advertising a scam page, even Read more…
Encryption with no separate external key
Most typical modern malware variants tend to hide critical parts of their functionality (strings, URLs/IPs of its dodgy servers, etc.) using some form of encryption. In most cases only trivial algorithms are used. However, these suffice as the intention is Read more…
PCI data security song [VIDEO]
If your company handles customer credit card payments from the likes of Visa, Mastercard and American Express, then it's paramount that you keep that information securely. The Payment Card Industry (PCI) has created a data security standard, explaining how firms Read more…
iPad and iPhone 4 tester scams hit Facebook
Can you really get a free iPad 3G or iPhone 4 by signing up just to be a tester? It sounds too good to be true, doesn't it? And it is. But, like me, you may have seen users on Read more…
This could save your LIFE!
The following internet advice, which may have a subject title such as above, could just get you killed. Like any other middle aged, balding, over-weight chap my mother still worries about me. So when her friend sent this to her Read more…
Guest blog: Snap a Marlin!
This week's guest blog comes from Rob Forsyth, Managing Director of Sophos in Asia Pacific, and long-time Manly Marlins mainstay. Over to you Rob... Snap a Marlin! Sophos, proud sponsors of the Manly Marlins for the last eight years, will Read more…
Phish net stockings, or spammer attempt at a phish?
An interesting phish was just escalated to me for analysis. Well, ironic more than interesting. Looking at the following phish: The message is a typical phish with clues to its nefarious origins. Dear Valued Customer, Your New Online Statement Summary Read more…
Did Gmail make you look like a spammer this week?
How mortified would you feel if you found that you had been spamming someone through no fault of your own? Well, up to 4 million Gmail users found out this week. I'm not talking about your computer being taken over Read more…
Girl who had sex with 5000 men exploited by sleazy Facebook scammers
The story of a British woman who claims to have slept with 5000 men over the course of the last nine years, has been exploited by Facebook scammers.
Outbreak: Fake Fedex Tracking Number emails carry malware
Cybercriminals have spammed out a widespread email attack, distributing malware in messages pretending to come from Fedex. The emails, which have subject lines beginning "Fedex Tracking number" followed by a random reference number, pretend to come from named personnel inside Read more…
Canada Revenue Agency decides your privacy isn't important
The largest data breach in the history of the Canada Revenue Agency (our version of the IRS) recently occurred here in Vancouver, but you probably didn't hear about it. Why? The CRA decided that you don't need to know. According Read more…
DLL pre-loading attack vector addressed by Microsoft
We have been discussing the issue of unsafe DLL loading in the lab since the release of the Microsoft advisory about a potential attack vector that uses the default Windows DLL Search Order to load a malicious DLL into the Read more…
Microsoft addresses recent DLL order of operations flaw
Microsoft released an advisory this week discussing bad practices in DLL loading that could lead to remote exploitation. They have released a tool that can help mitigate the risk, but the real solution is for developers to patch their applications Read more…
The Pentagon awakens from cyberslumber
I must start this post by professing that I am a proud American citizen. I am proud of what my country stands for, its accomplishments and what its citizens are capable of when we come together for a common purpose. Read more…
It's that time again...
Today in Boston is a special day. Yes it's raining, but today the yellow buses have started their engines. It's back to school time! I thought I might use this as a reminder to talk to your kids about computer Read more…
Malicious spammers launch major fake anti-virus attack
SophosLabs's worldwide network of email-monitoring stations has seen a tidalwave of malicious messages being spammed out with an attachment that redirects users' web browsers to a fake anti-virus attack. The emails have subject names such as: Parking Permit and/or Benefit Read more…
![Have your say - LulzSec: helpful, harmless or hideous? [VOTE NOW]](http://sophosnews.files.wordpress.com/2013/05/lulzsec-poll-thumb.jpg?w=75&h=75&crop=1)
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
