Monthly Archives: August 2011

Viral marketing company sets new security lows with 'frame a friend' campaign

mugshot-square

Aussie-headquartered voicemail company Messages On Hold is no stranger to guerilla marketing campaigns.

But the company's latest effort at viral marketing is surely one of the most irresponsible yet: you're invited to 'frame' a friend for a crime.

SSCC 71 - Juicejacking, ATM skimming, Anonymous attacks BART and our digital bread crumb trail online

Sophos Security Chet Chat 41

Chester Wisniewski welcomes back Paul Ducklin to summarize the week's security news. This week they talk about ATM skimming and recent related research, Juicejacking, the latest Anonymous attacks and the digital bread crumbs we all leave behind on the internet.

First malware using Android Gingerbreak root exploit

gingerbreak-square

Gingermaster is the first Android malware to take advantage of a privilege escalation exploit against Android version 2.3, a.k.a. Gingerbread.

Unfortunately, many device vendors have not yet updated their devices with the latest OS patches.

Red Arrow crashes during air show - a cold-hearted Facebook clickjacking scam

Red Arrow crashes during air show video - a cold-hearted Facebook clickjacking scam

Scammers on Facebook have once again proven themselves to be cold-hearted opportunists, unafraid to take advantage of personal tragedies for their own financial ends.

This time, they're exploiting the death of an RAF pilot with the Red Arrows.

Why you shouldn't trust Google+ Verified Accounts

Why you shouldn't trust Google+ Verified Accounts

Google may have started to roll out verification badges for celebrities and public figures who have Google+ accounts. But, unfortunately, it's not going to close the door to fraud on the fledgling social network.

Louise Mensch MP claims Anonymous threatened her children

louise-mensch-thumb

British MP Louise Mensch claims that members of the Anonymous and LulzSec hacktivist groups have threatened her children, and demanded that she stop posting on Twitter.

Hackers deface Libya's top level domain registry with anti-Gaddafi message

Hackers deface Libya's top level domain registry with anti-Gadaffi message

With heavy fighting reaching the compound of Libyan leader Colonel Gaddafi's compound, hackers have also taken virtual arms overnight and defaced the website of domain name registry nic.ly.

Epson Korea hack impacts 350,000 customers

Epson Korea hack impacts 350,000 customers

Hackers have broken into Epson Korea's computer systems, and stole information including passwords, phone numbers, names, and email addresses of customers who had registered with the company.

Bikini-clad women and photo tags aid Facebook scammers

Bikini-clad women and photo tags aid Facebook scammers

If you're a Facebook user, please repeat after me:

"Facebook doesn't let you track who is viewing your profile. Third-party Facebook apps aren't allowed to do it either, and if they claim to offer the ability they are banned from Facebook."

Vanguard Defense Industries suffers Anonymous hack attack

Anonymous hack

Anonymous hackers - working under the flag of AntiSec - have targeted a US defense contractor, stealing and publishing thousands of emails and documents.

Do you know enough about ATM skimming? Learn more from Fiscal the Fraud Fighting Ferret!

Do you know enough about ATM skimming? Learn more from Fiscal the Fraud Fighting Ferret!

Here's an explanation of why and how to be on your guard when you're getting cash from an ATM.

It doesn't assume you're a computer expert, it doesn't talk down to you, it's easy to follow, and it's narrated by Fiscal, the Fraud Fighting Ferret!

Juicejacking - an emergency phone charge can be a security risk

prohibition-square

You've heard of hijacking. And carjacking, truckjacking and shipjacking. You've probably also heard of sidejacking, sheepjacking and clickjacking.

That's nothing. Here comes juicejacking!

Twitter is not charging in October, there is no petition, you're being phished

Twitter245

Twitter messages claiming people need to sign a petition or Twitter will begin charging this fall are false. What you really get is your password stolen and a bit of shame for clicking an unknown link. Lesson learned?

Inter-company invoice emails carry malware

Inter-company invoice emails carry malware

Have you received an unexpected "inter-company invoice" from a company for the period January 2010 - December 2010?

If so, chances are that your computer is being targeted by cybercriminals who are using the disguise as a method to infect your computer with a Trojan horse.

Trojans spammed out in malicious wave of fake DHL emails

dhl-vans-thumb

A significant wave of malicious emails is spammed out, posing as notification messages from courier firm DHL.

Don't click on the attached file, however, as it contains a Trojan horse.

Canada mulls warrantless internet info-gathering powers for police

billc52-square

A bill before the Canadian parliament includes two clauses specifically to reduce the 'due process' imposed when the cops need information from ISPs.

It's obvious how this would help law enforcement. But it might help the cybercrooks, too.

BART Police database hacked - names and addresses posted online

bart-police-thumb

A database belonging to the BART Police Officers Association appears to have been hacked, and the names, postal and email addresses of officers posted online.

Australian bomb hoax suspect tracked across internet and arrested in Kentucky, USA

suspect-square

For the last two weeks, Australia has been fascinated with a peculiar crime committed in one of Sydney's most prestigious suburbs.

If you've heard the name of the victim, Madeleine Pulver, you've probably heard the story behind the crime.

Uniform traffic ticket malware attack widely spammed out

Uniform traffic ticket malware attack widely spammed out

Computer users beware! There's a new widely spammed-out malware attack, claiming that you have being fined for speeding in New York City.

Lessons to learn after fired IT worker pleads guilty to hack attack

Lessons to learn after fired IT worker pleads guilty to hack attack

How careful is your firm about ensuring that staff who leave for pastures new don't continue to log into your network?