Bad guys go phishing in Gmail accounts

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Hackers have reportedly devised a new phishing method, which seems to be tricking experienced and tech savvy users into revealing their account details. The phishing campaign seems to be running on a sophisticated automation feature that pounces on newly compromised Gmail accounts to mount a secondary attack on users in the contact list. Hackers launch their secondary attack by sending emails disguised under recently sent attachments and a relevant subject line. The email contains a thumbnail version of the attachment that, when clicked, opens up a convincing Gmail login box—a trap that tricks users into revealing their Gmail account password. What makes this new technique effective is that the emails are received from someone the victim knows. Source: The Express Tribune

The game’s afoot: Russians may have hacked Mr. Holmes

sh_sherlock-holmes_280Sunday’s eagerly awaited finale of the acclaimed TV series Sherlock leaked online before it aired—and the BBC wants to know whether Russian state TV is to blame. Sue Vertue, producer of the series, confirmed that the episode leaked Saturday. The British newspaper The Telegraph reported that a Russian-language version of the finale appeared online Saturday with a short announcement promoting state-run Channel One TV, which airs the show in Russia. Source: NBC News

Basta! Italian authorities arrest siblings for targeting officials

An Italian brother and sister have been arrested on charges of spear phishing and planting a remote-access trojan/keylogger onto the computers of prominent people. Victims include two former prime ministers, the president of the European Central Bank, several cardinals, the former mayor of Turin, and several members of a Masonic lodge. The malware they’re accused of planting, code-named EyePyramid, was used to exfiltrate more than 87 gigabytes of data, including user names, passwords, browsing data, and file system content. Source: Naked Security

They’ll never be royals, but they might get their photos

sh_pippa-middleton_280Police investigating the hacking of Pippa Middleton’s iCloud arrested a couple on suspicion of conspiracy to commit fraud and possession of a false identity document with improper intent. The arrests relate to an investigation that began last year after claims that the Duchess of Cambridge’s sister had her iCloud account hacked. The suspects allegedly tried to sell thousands of images to a newspaper. Source: The Telegraph

The presses start rolling on their own with nasty fliers

Printers at Vanderbilt University started inexplicably printing anti-Semitic fliers in an incident that officials said could be linked to a round of hacking that targeted printers at several universities last year. A white supremacist computer hacker took responsibility for a series of similar incidents at Princeton University, Brown University and several other colleges last March, when printers began churning out fliers filled with swastikas and messages that spoke against Jewish people. Source: The Tennessean

A breach can mean an end to job security in IT

Six out of the top nine reasons that IT professionals can be fired are related to security, according to a survey conducted by Osterman Research. Fireable offenses include: having a tech investment that leads to a security breach; a data breach that becomes public; failing to modernize a security program; data breaches with unknown causes; data breaches that do not become public; and the failure of a security product or program investment.Source: CSO Online

Health field continues to be a top target

sh_medical recordsThe Delaware Department of Insurance is investigating a data breach at Highmark Blue Cross Blue Shield, one of the state’s biggest health insurers. The data breach occurred at Summit Reinsurance Services and BCS Financial, both subcontractors of Highmark Blue Cross Blue Shield of Delaware. The data breach compromised the personal information of about 19,000 plan members, including health plan and Social Security numbers, the name of the plan member’s doctor and claims records containing some medical information. … More than 5,000 patient records at Sentara Healthcare in Norfolk, Virginia, were involved in a cybersecurity breach. Vascular and/or thoracic patients seen between 2012 and 2015 are affected. A third-party vendor experienced the breach, which was discovered Nov. 17. Accessed information includes patients’ names, medical record numbers, dates of birth, Social Security numbers, procedure information, demographic information and medications. Sources: Internet Health ManagementThe Virginian Pilot

Convenience tops worries when it comes to doing business

A global survey by Gemalto finds that despite being aware of online security risks, customers continue to take chances but expect protection from businesses that handle their data. Only 29 percent believing that companies will protect their data; 58 percent fear a future data breach. Of the more than 9,000 consumers surveyed, 66 percent say they will not work with companies that were breached. Source: Dark Reading

Cyber continues to play a role in politics

sh_giuliani-cyber_280Former New York City Mayor Rudy Giuliani is coordinating a group of corporate cybersecurity advisers for President-elect Donald Trump. “The idea here is to bring together corporate leaders and their technological people,” Giuliani said. “The president will meet with them on an ongoing basis.” Cybersecurity came to the forefront during the 2016 election, after alleged Russian hackers breached the Democratic National Committee and Hillary Clinton’s campaign in what intelligence officials said eventually was an attempt to help Trump win. Source: Politico

Security breach incident leads to $1.9 million payout

MAPCO Express will pay $1.9 million in a settlement over data security breaches at multiple stores. Winsouth Credit Union and First National Community Bank claimed in 2014 that MAPCO cost them money when customers’ payment card data was compromised following a breach of the retailer’s computer systems in May 2013. They accused the company of having inadequate security systems. Source: Convenience Store News

Homeland Security issues post-cyber attack guidelines

sh_homeland security_280The Department of Homeland Security released an updated version of the National Cyber Incident Response Plan, which outlines the roles and responsibilities of federal, state, local and private stakeholders in the wake of a cyber attack. It also identifies the capabilities required to respond to a significant cyber incident, and describes the way the federal government will coordinate its activities with those affected. Source: The Federal Times