Source: Brian Krebs, Krebs on Security
A new open source toolkit makes it ridiculously simple to set up phishing Web sites and lures.
Posts tagged “Phishing”
Hackers in China reportedly launched clandestine attacks against users of Google’s Gmail service intending to steal their passwords and monitor their emails.
The company reported in a blog post the targets of these attacks (among others) were senior government officials in the United States, Chinese activists, officials in several Asian countries, military officials and journalists, the New York Times reported.
Rafal Rohozinski, a network security specialist at the SecDev Group in Ottawa, told the Times it’s impossible to lay blame on the Chinese government for the intrusion with any certainty. Because the internet is borderless by nature, it’s easy for intruders to mask their identities by connecting through a series of proxy servers.
For the full original article, see here
Criminal networks that use the Internet to facilitate their scams are finding a virtual haven in Canada, according to a new study.
According to Websense, a company that develops software for content filtering, – Canada now ranks as the sixth most likely country to host servers running malicious programs, up from 13th the year before.
Rafal Rohozinski, CEO of the SecDev Group and Senior Fellow at the Canada Centre for Global Security Studies points out in this article that Ottawa has been dragging its feet on cyber security. The federal government announced its strategy only last year, long after other G8 countries began investing heavily in tackling the problem, partly because successive minority governments had made the esoteric subject of cyber security a non-starter of an issue in Canada. The new Conservative majority government now has the clout to tackle the issue, if it chooses to do so, Mr. Rohozinski said.
From The Globe and Mail
“The Children’s Place Retail Stores Inc. said Tuesday that its customer email address database was recently accessed by an unauthorized third party. The database is stored at an external e-mail service provider, which confirmed that only e-mail addresses were accessed and no other personal information was obtained.
The New Jersey-based children’s specialty apparel retailer said the hacker sent out an unauthorized email that attempts to phish sensitive information from customers.
The notice comes just weeks after e-mail service provider Epsilon Interactive told clients they had experienced a major security breach, prompting many U.S. corporations to warn their customers to be aware of potential spear phishing attacks.”
From PC World
“How did a hacker manage to infiltrate one of the world’s top computer-security companies? And could the data that was stolen be used to impair its SecurID products, which are used by 40 million businesses that are trying to keep their own networks safe from intruders?
In the attack on RSA, the attacker sent “phishing” e-mails with the subject line “2011 Recruitment Plan” to two small groups of employees over the course of two days. Unfortunately, one was interested enough to retrieve one of these messages from his or her junk mail and open the attached Excel file. The spreadsheet contained malware that used a previously unknown, or “zero-day,” flaw in Adobe’s Flash software to install a backdoor. RSA said that Adobe had since released a patch to fix that hole.”
From The New York Times
“Almost one third of internet users in the European Union caught a PC virus despite the majority having security software installed, statistics show.
Viruses were most prevalent in Bulgaria and Hungary, the survey of 30 countries reveals.
The 2010 figures, released by the EU’s statistics office to mark Internet Safety Day, show the safest countries were Austria and Ireland.”
From BBC News