Tag: phishing
-
$150k in cryptocurrency stolen through combined BGP-DNS hijack
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP hijacks – in which a malicious attacker essentially takes over one or more ranges of IP addresses – are not extremely common, but for a protocol…
-
$150k in cryptocurrency stolen through combined BGP-DNS hijack
If the Internet is, as is often said, held together with elastic bands and pieces of Sellotape, BGP is essentially a bunch of post-it notes that serve as traffic signs. BGP hijacks – in which a malicious attacker essentially takes over one or more ranges of IP addresses – are not extremely common, but for a protocol…
-
Facebook helps you determine whether emails really came from its servers
There are many good reasons to criticize Facebook for its collecting of our personal data, but the company also deserves credit for being at the forefront when it comes to online security. The company has long had a generous bug bounty program , can send PGP-encrypted notifications, and has even set up a .onion version…
-
Facebook helps you determine whether emails really came from its servers
There are many good reasons to criticize Facebook for its collecting of our personal data, but the company also deserves credit for being at the forefront when it comes to online security. The company has long had a generous bug bounty program , can send PGP-encrypted notifications, and has even set up a .onion version…
-
Firefox 59 to make it a lot harder to use data URIs in phishing attacks
While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently points to and has pointed to in the past; the associated name servers; past activity observed using the domain. For this reason, domain names play an…
-
Firefox 59 to make it a lot harder to use data URIs in phishing attacks
While a domain name is really just a short string, this string comes with a large amount of implicit metadata: the registration date; the IP address(es) the domain currently points to and has pointed to in the past; the associated name servers; past activity observed using the domain. For this reason, domain names play an…
-
DMARC: an imperfect solution that can make a big difference
US Senator Ron Wyden has written a letter ( pdf ) to the Department of Homeland Security, urging the US government to implement DMARC to “ensure hackers cannot send emails that impersonate federal agencies”. DMARC is an email security standard that was launched by a few major players in the field of email in 2012…
-
DMARC: an imperfect solution that can make a big difference
US Senator Ron Wyden has written a letter ( pdf ) to the Department of Homeland Security, urging the US government to implement DMARC to “ensure hackers cannot send emails that impersonate federal agencies”. DMARC is an email security standard that was launched by a few major players in the field of email in 2012…
-
VB2015 paper: Mobile Banking Fraud via SMS in North America: Who’s Doing it and How
While SMS has been declared dead many times, the service remains frequently used – and abused. In a paper presented at VB2015 in Prague, Adaptive Mobile researcher Cathal Mc Daid looked at fraudulent SMS campaigns, in particular those targeting banking users in North America. He showed how these campaigns tend to target specific banks and…
-
VB2015 video: Making a dent in Russian mobile banking phishing
Sebastian Porst explains what Google has done to protect users from phishing apps targeting Russian banks. In the last few years, mobile malware has evolved from a mostly theoretical threat to a very serious one that affects many users. Indeed, several talks at VB2015 dealt with various aspects of mobile security in general and that…