VB Migration

Tag: spear-phishing

  • Paper: MWI-5: Operation HawkEye

    Gabor Szappanos looks at how macro malware campaigns spread a commercial keylogger to harvest banking details. Macro malware was a plague in the late 1990s, when Microsoft Office executed macros by default, making the writing of computer viruses literally child’s play. Macro execution has long been disabled by default, but in the last two years,…

  • CSRF vulnerability in USB modems allows for infrastructure-less phishing

    Credentials sent to attacker by built-in SMS functionality. Modems and routers aren’t typically known for their security, and modems that allow one to connect to mobile broadband are no exception. Now, a Swedish security researcher has discovered how this lack of security can be exploited in a spear-phishing attack that requires only very minimal infrastructure.…

  • India believed to be source of sophisticated surveillance campaigns

    In-depth investigations find widespread worldwide snooping, Pakistan primary target. Several reports have emerged recently covering a highly organised campaign of targeted espionage malware that has been seen in many countries around the world and stealing data from many industries. Close investigation has provided strong hints that the campaign originated in India, with Pakistan the most…

  • From spear phishing to watering holes

    Symantec reports increase in ‘watering hole attacks’. Imagine that for some reason you wanted to gain access to my computer. One thing you could do is send me an email with some malware attached, or a link to a site serving malware. That is called spear phishing. Spear-phishing is commonly used in targeted attacks; for…

  • RSA gives insight into anatomy of attack on its systems

    Publicly available information used to spear phish employees. Security company RSA has released some information about how hackers gained access to its systems, giving a good insight into how such attacks take place and providing some useful lessons for the industry as a whole. The first step taken by the hackers was to obtain publicly…

  • ‘Job application’ contains malicious attachment

    $150,000 lost via banking trojan. An unidentified US company has learned the hard way that email attachments – even to those that appear to be solicited – may contain malware. The company in question had posted a job advertisement on an employment website, to which it received a response with what appeared to be a…