Heartbleed affected around 17 percent of all TLS-enabled websites
McAfee Labs today released its Threats Report for August 2014. The lead topic for the last quarter concerns the Heartbleed vulnerability, which McAfee Labs says was the most significant security event since the Target data breach in 2013. Heartbleed affected more than 600,000 websites, and in its aftermath, the cost for repair is likely to be hundreds of millions of dollars, McAfee Labs said.
Phising has become the top network security concern for enterprises
Hewlett-Packard sponsored a study conducted by research organization Ipsos Observer that shines a light on the number one concern for enterprises today. According to the study, almost 70 percent of IT professionals experience phishing attacks at least once a week, with customer data cited most often as the type of data attacked. After that, phishers are most interested in financial information.
'Tis the season for phishing scams. You've probably already seen quite a few here and there, and now there's another one to add to the list. There's a license key scam swirling around inboxes from scammers claiming to be Adobe, straight from the company itself.
Knowledge is power, and Spiderman always said that great power came with great responsibility, but what we're learning this week isn't making us feel proactive -- instead it's making us want to don our tinfoil hats and curl up in a ball in the deepest corner of our darkest closets. A day after Google filled us in on just how many speech-squashing takedowns it gets from the U.S. government, the company pulled the curtain even farther with a blog post this morning sharing just how many badware-peddling sites are online. It's a lot.
Give a man a virus and he'll wreak havoc on a single machine. But teach a man to phish and, well, he'll become a pain in the ass for potentially thousands of computer users. Unfortunately, phishing is a 'skill' every two-bit hacker acquires right off the bat, but not all of them move on to bigger and more insidious things. Some phishers concentrate on honing their craft in hopes of not only ensnaring the gullible and less computer savvy, but even sophisticated ones. Security firm ESET warns of a new phishing method that has popped up in the last few weeks.
Thirty-four-year-old Tien Truong Nguyen is finding out the hard way that you shouldn't do the crime if you can't do the time. U.S. District Judge Morrison England Jr. ruled that Nguyen was in fact guilty of scamming more than 38,000 victims by designing copycat banking websites intended to dupe users into inputting their personal information, and ordered him to serve 12 years in prison.
There are a million different ways malware can be delivered to your PC (or so it seems), yet the easiest way to spread foul files is to go phishing. It doesn't require exploiting any vulnerabilities or coding clever workarounds, and instead puts the onus on PC users to educate themselves on safe computing practices, a fundamental skill still largely in short supply. It's also the method Skype scammers are using, only the bait has changed.
Sony just can't catch a break. Just as the Japanese company was pulling itself out of the hole following the PSN and SOE hacks, a phishing site has been found living on Sony's servers. The site is hosted on a sub-domain of Sony's official Thailand site. Who's running this company's servers anyway?
Any power user who's ever fixed a friend or family member's PC or worked a job in IT knows that less savvy computer users are easy targets for spreading malware. But just in case there was any doubt, PhishMe, a provider of anti-phishing training, announced the results from its free online game intended to assess a player's phishing knowledge. The results? Not good, but you'll have to hit the jump to see how bad participants fared.
Most of those charged by the US authorities, including many Russian nationals, acted as “money mules,” or money-laundering agents, merely concerned with moving stolen funds for their Zeus-armed clients.
“The mule organization typically recruited mules from Eastern Europe who were either planning to travel to or were already present in the United States on J1 visas,” reads one of the complaints in the matter.
"The mules kept a portion of the fraudulent proceeds for themselves -- usually 8 to 10 percent -- and transferred the rest to other participants in the fraudulent scheme."
The trojan, which mainly spreads through phishing and drive-by download attacks, is said to have helped thugs rake in over $200 million since 2006.