Bad guys go phishing in Gmail accounts

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Hack­ers have report­ed­ly devised a new phish­ing method, which seems to be trick­ing expe­ri­enced and tech savvy users into reveal­ing their account details. The phish­ing cam­paign seems to be run­ning on a sophis­ti­cat­ed automa­tion fea­ture that pounces on new­ly com­pro­mised Gmail accounts to mount a sec­ondary attack on users in the con­tact list. Hack­ers launch their sec­ondary attack by send­ing emails dis­guised under recent­ly sent attach­ments and a rel­e­vant sub­ject line. The email con­tains a thumb­nail ver­sion of the attach­ment that, when clicked, opens up a con­vinc­ing Gmail login box—a trap that tricks users into reveal­ing their Gmail account pass­word. What makes this new tech­nique effec­tive is that the emails are received from some­one the vic­tim knows. Source: The Express Tribune

The game’s afoot: Russians may have hacked Mr. Holmes

sh_sherlock-holmes_280Sunday’s eager­ly await­ed finale of the acclaimed TV series Sher­lock leaked online before it aired—and the BBC wants to know whether Russ­ian state TV is to blame. Sue Vertue, pro­duc­er of the series, con­firmed that the episode leaked Sat­ur­day. The British news­pa­per The Tele­graph report­ed that a Russ­ian-lan­guage ver­sion of the finale appeared online Sat­ur­day with a short announce­ment pro­mot­ing state-run Chan­nel One TV, which airs the show in Rus­sia. Source: NBC News

Basta! Italian authorities arrest siblings for targeting officials

An Ital­ian broth­er and sis­ter have been arrest­ed on charges of spear phish­ing and plant­i­ng a remote-access trojan/keylogger onto the com­put­ers of promi­nent peo­ple. Vic­tims include two for­mer prime min­is­ters, the pres­i­dent of the Euro­pean Cen­tral Bank, sev­er­al car­di­nals, the for­mer may­or of Turin, and sev­er­al mem­bers of a Mason­ic lodge. The mal­ware they’re accused of plant­i­ng, code-named Eye­Pyra­mid, was used to exfil­trate more than 87 giga­bytes of data, includ­ing user names, pass­words, brows­ing data, and file sys­tem con­tent. Source: Naked Secu­ri­ty

They’ll never be royals, but they might get their photos

sh_pippa-middleton_280Police inves­ti­gat­ing the hack­ing of Pip­pa Middleton’s iCloud arrest­ed a cou­ple on sus­pi­cion of con­spir­a­cy to com­mit fraud and pos­ses­sion of a false iden­ti­ty doc­u­ment with improp­er intent. The arrests relate to an inves­ti­ga­tion that began last year after claims that the Duchess of Cambridge’s sis­ter had her iCloud account hacked. The sus­pects alleged­ly tried to sell thou­sands of images to a news­pa­per. Source: The Tele­graph

The presses start rolling on their own with nasty fliers

Print­ers at Van­der­bilt Uni­ver­si­ty start­ed inex­plic­a­bly print­ing anti-Semit­ic fliers in an inci­dent that offi­cials said could be linked to a round of hack­ing that tar­get­ed print­ers at sev­er­al uni­ver­si­ties last year. A white suprema­cist com­put­er hack­er took respon­si­bil­i­ty for a series of sim­i­lar inci­dents at Prince­ton Uni­ver­si­ty, Brown Uni­ver­si­ty and sev­er­al oth­er col­leges last March, when print­ers began churn­ing out fliers filled with swastikas and mes­sages that spoke against Jew­ish peo­ple. Source: The Ten­nessean

A breach can mean an end to job security in IT

Six out of the top nine rea­sons that IT pro­fes­sion­als can be fired are relat­ed to secu­ri­ty, accord­ing to a sur­vey con­duct­ed by Oster­man Research. Fire­able offens­es include: hav­ing a tech invest­ment that leads to a secu­ri­ty breach; a data breach that becomes pub­lic; fail­ing to mod­ern­ize a secu­ri­ty pro­gram; data breach­es with unknown caus­es; data breach­es that do not become pub­lic; and the fail­ure of a secu­ri­ty prod­uct or pro­gram invest­ment.Source: CSO Online

Health field continues to be a top target

sh_medical recordsThe Delaware Depart­ment of Insur­ance is inves­ti­gat­ing a data breach at High­mark Blue Cross Blue Shield, one of the state’s biggest health insur­ers. The data breach occurred at Sum­mit Rein­sur­ance Ser­vices and BCS Finan­cial, both sub­con­trac­tors of High­mark Blue Cross Blue Shield of Delaware. The data breach com­pro­mised the per­son­al infor­ma­tion of about 19,000 plan mem­bers, includ­ing health plan and Social Secu­ri­ty num­bers, the name of the plan member’s doc­tor and claims records con­tain­ing some med­ical infor­ma­tion. … More than 5,000 patient records at Sen­tara Health­care in Nor­folk, Vir­ginia, were involved in a cyber­se­cu­ri­ty breach. Vas­cu­lar and/or tho­racic patients seen between 2012 and 2015 are affect­ed. A third-par­ty ven­dor expe­ri­enced the breach, which was dis­cov­ered Nov. 17. Accessed infor­ma­tion includes patients’ names, med­ical record num­bers, dates of birth, Social Secu­ri­ty num­bers, pro­ce­dure infor­ma­tion, demo­graph­ic infor­ma­tion and med­ica­tions. Sources: Inter­net Health Man­age­mentThe Vir­gin­ian Pilot

Convenience tops worries when it comes to doing business

A glob­al sur­vey by Gemal­to finds that despite being aware of online secu­ri­ty risks, cus­tomers con­tin­ue to take chances but expect pro­tec­tion from busi­ness­es that han­dle their data. Only 29 per­cent believ­ing that com­pa­nies will pro­tect their data; 58 per­cent fear a future data breach. Of the more than 9,000 con­sumers sur­veyed, 66 per­cent say they will not work with com­pa­nies that were breached. Source: Dark Read­ing

Cyber continues to play a role in politics

sh_giuliani-cyber_280For­mer New York City May­or Rudy Giu­liani is coor­di­nat­ing a group of cor­po­rate cyber­se­cu­ri­ty advis­ers for Pres­i­dent-elect Don­ald Trump. “The idea here is to bring togeth­er cor­po­rate lead­ers and their tech­no­log­i­cal peo­ple,” Giu­liani said. “The pres­i­dent will meet with them on an ongo­ing basis.” Cyber­se­cu­ri­ty came to the fore­front dur­ing the 2016 elec­tion, after alleged Russ­ian hack­ers breached the Demo­c­ra­t­ic Nation­al Com­mit­tee and Hillary Clinton’s cam­paign in what intel­li­gence offi­cials said even­tu­al­ly was an attempt to help Trump win. Source: Politi­co

Security breach incident leads to $1.9 million payout

MAPCO Express will pay $1.9 mil­lion in a set­tle­ment over data secu­ri­ty breach­es at mul­ti­ple stores. Win­south Cred­it Union and First Nation­al Com­mu­ni­ty Bank claimed in 2014 that MAPCO cost them mon­ey when cus­tomers’ pay­ment card data was com­pro­mised fol­low­ing a breach of the retailer’s com­put­er sys­tems in May 2013. They accused the com­pa­ny of hav­ing inad­e­quate secu­ri­ty sys­tems. Source: Con­ve­nience Store News

Homeland Security issues post-cyber attack guidelines

sh_homeland security_280The Depart­ment of Home­land Secu­ri­ty released an updat­ed ver­sion of the Nation­al Cyber Inci­dent Response Plan, which out­lines the roles and respon­si­bil­i­ties of fed­er­al, state, local and pri­vate stake­hold­ers in the wake of a cyber attack. It also iden­ti­fies the capa­bil­i­ties required to respond to a sig­nif­i­cant cyber inci­dent, and describes the way the fed­er­al gov­ern­ment will coor­di­nate its activ­i­ties with those affect­ed. Source: The Fed­er­al Times