phishing

(get it in RSS or Atom)

Phish of the Week - when adjectives just aren't enough

We aren't really supposed to chuckle at spams and scams.

But here's a phishing story that will make you smile yet still be educational...

SSCC 179 - What kind of a name is "Lizard Squad"? [PODCAST]

Here's the latest episode of our regular security podcast.

This week: phishing, spamming, zombification, SCADA and the Internet of Things, and the curiously named cybervandals that go by "Lizard Squad."

Can malware and hackers really cause giant physical disasters?

Could you really have a hacker or malware initiated meltdown?

Yes, says the 2014 report of the German Office for Information Security...

Yes, I got an iTunes gift card for Christmas - but HOW DID THE CROOKS KNOW THAT?

You *are* being doubly cautious for phishing campaigns over the holiday season, aren't you?

Spammers and scammers don't have to know anything about you to hit the bullseye in what might feel like a targeted attack.

The email that caused a literal meltdown - 60 Sec Security [VIDEO]

Enjoy the last episode of "60 Second Security" for 2014!

Learn from the week's news in just one minute...

SSCC 178 - Are we there yet? [PODCAST]

Here's the latest episode of our weekly security podcast.

Enjoy...and "Happy Holidays," whether you're away on vacation yourself, or a sysadmin enjoying the time when everyone else is on vacation!

Yes, ICANN keep your data safe...oops, sorry, no I can't - 60 Sec Security [VIDEO]

Time for the latest episode of our weekly 60 Second Security video!

The news, in just one minute...enjoy.

Don’t let the Grinch steal Christmas: how to avoid festive fraudsters

Don’t let the Grinch steal Christmas: tips for avoiding festive fraudsters

Take a little more time to record what you've bought, from who or where, and how much it cost - and don't let your guard slip at this hectic time of year.

Old-time phishing scams are working just fine, Google finds

Old-time phishing scams are working just fine, Google finds

A new Google study has found that the true masterpieces of phishing are successful 45% of the time. It's just another example of how phishers may be old dogs, but they can sure learn new tricks.

SSCC 172 - Ransomware's not dead! [PODCAST]

Here's the latest episode of our weekly security podcast.

News you can use!

GATSO! Speed camera phish leads to CryptoLocker ransomware clone...

gatso-250

Recently, we came across an intriguing phishing campaign that combines two feared products of the information age.

Gatsos (speed cameras) and ransomware, rolled into one attack!

US Nuclear Regulatory Commission hacked 3 times in 3 years

US Nuclear Regulatory Commission hacked 3 times in 3 years

According to documents obtained under an open-records request, two of the hacks, perpetrated via phishing emails, are believed to have originated in foreign countries, while the source of the third remains unknown because incident logs have been destroyed. The report does not say when the attacks occurred, nor does it divulge what, if any, data was compromised.

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Jailed Apple phishing duo also imported pickpockets and cloned credit cards

Constanta Agrigoroaie and Radu Savoae. Images courtesy of Metropolitan Police.

How's this for irony? A pair of fraudsters phished bank account details out of over 150 Apple users by sending them hairy-scary messages about their accounts having been compromised.

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Syrian Electronic Army uses Taboola ad to hack Reuters (again)

Code dynamically inserted into Reuters web pages by content serving company, Taboola, appears to have been poisoned by the Syrian Electronic Army in order to redirect visitors to another page under the hackers' control. It highlights the need for websites to consider security in a broad context and to not rely solely on traditional server-based defenses.