Facebook has had a fair share of problems, being a large community of course it’s going to be a ripe target for spammers, scammers and malware distributors.
The latest to hit is a spam e-mail claiming to be from the Facebook team that actually spreads a nasty piece of malware called Bredolab. It’s also been observed [...]

For people of my age and generation and I’d guess for most readers of Darknet, Michael Jackson would have had a great influence on our lives.
The biggest news last week was most certainly his death, as usual the bad guys were extremely quick to capitalize on this and were sending out spam within hours of [...]

We’ve mentioned Twitter a few times lately as it has become a larger and larger part of the social web and the premier ‘micro-blogging’ platform.
There was a recent Phishing issue on Twitter and before that Twitter Jacking and a CSRF bug that allowed auto-following.
Due to the large update of Twitter, the amount of datable available [...]

It seems like ‘vishing‘ (basically Phishing – but utilising VoIP call services) as it’s known is getting bigger, especially since the scammers have been using a flaw in Asterisk systems that allows them to hijack the VoIP exchange.
Older versions of Asterisk do have quite a number of serious flaws and it looks like scammers and [...]

No surprise here, the malware authors are leveraging on the social engineering aspect of the US presidential elections.
In less than half a day Google Adwords adverts and custom malware was popping up conning users into a sense of security by using Obama’s name.

Malware purveyors have wasted no time capitalizing on Barack Obama’s landslide victory in [...]

So it turns out you don’t need any fancy password cracking software like John the Ripper or Cain and Abel you just need a handful of £5 gift vouchers for Marks and Spencers!
But we had discussed this in part before, some people will give out their passwords if you just ask, some if you offer [...]

It seems like the Phishing crews at trying to get some new ideas on how to con people into giving away their credentials and leaking info.
The latest target appears to be Google Calendar.
As always be on your guard as these scams are coming from all directions.

A few months ago, spam came to Google Calendar. Now [...]

Vishing, now there’s a new term for you. Basically its Phishing – but utilising VoIP call services, which makes it very easy to spoof the Caller ID.
Even though Caller ID Spoofing was Made Illegal in the USA – people will still continue to do it, remember the FCC said it’s still easy to spoof caller [...]

It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.
In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between [...]

The same old story, if you ask people for something they will most likely give it without thinking of the consequences..
Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out my [...]

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on.
The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more likely [...]

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault.
It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites.
CNN even?

Rogue anti-spyware software that pushes fraudulent PC scans has found its way [...]

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting.
It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data.
A subtle form of social engineering too, by leveraging on [...]

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number.
The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack.

Symantec is reporting on a Trojan horse that mimics the Windows activation interface.
What they are calling Trojan.Kardphisher doesn’t do most of [...]

It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm.
21 million Euros of diamonds, that’s one hell of a catch.

A thief has evaded one of the world’s most expensive hi-tech security systems, and [...]

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD.
Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided by [...]

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things.
Summary
The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and is intended [...]

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they [...]

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity.
Whatever you want to label it really
USB drives are a real security risk..

We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard on the [...]

Another HUGE information leak from the US government, seems they can’t help themselves.
Or perhaps people are just ramping up the efforts against them..

The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website.
The Navy said Friday the information was [...]

There’s a good interview with Kevin Mitnick on Social Engineering.
Well afterall, that is where his skill lies, not in technical hacking.

Arrested by the FBI in 1995 and convicted of breaking into the systems of Fujitsu Siemens, Nokia and Sun Microsystems, Mitnick served five years in prison–eight months of it in solitary confinement.
In his days on [...]

I’ve seen similar figures from other organisations and countries, so the stats don’t suprise me.
My peers and I have always called this Armadillo security, hard on the outside, soft on the inside.
Firewall, IDS, etc…all protecting the exterior of the network, only edge devices, nothing inside, not much policies, not much privelege segregation, anyone inside can [...]