International Business Times

Facebook phishing: How to stay safe from new scam that pads URLs with hyphens

The new phishing attempt by hackers targets smartphone owners most of whom are Facebook users.

If you frequently use the Facebook on your smartphones beware! Researchers have uncovered a new phishing attempt by hackers that targets smartphone owners most of whom are Facebook users.

Security researchers from PhishLabs say the new tactic relies on the vulnerability that mobile browsers have very narrow URL address bars, which prevents users from viewing the entire contents of a link. Taking advantage of this hackers are padding URLs with sub-domains and hyphens, which make links look authentic on mobile devices but in reality will redirect them to dodgy sites.

Trend Micro Image

Flying Under the Radar: How Hackers Use Protection Strategies for Attack

It’s a recurring theme in sports movies, war stories and crime stories alike: In order to defeat the enemy, one must think like the enemy.

This approach has been taken – oftentimes quite successfully – in an array of settings, including the cybersecurity realm. Security researchers are constantly working to pinpoint and better understand the techniques used by hackers in an effort to create targeted protections for specific threats. What many don’t realize, however, is that there’s a similar trend growing on the other side of the fence.

Similar to their white hat counterparts, malicious hackers are always looking to advance their capabilities. Instead of leveraging known system vulnerabilities, though, some attackers are now seeking to use the very protection measures organizations deploy to block malicious activity against them.

Hackers Ran Through Holes in Swift’s Network

The Society for Worldwide Interbank Financial Telecommunication has James Bond-level security at the facilities it uses to move millions of bank-payment orders around the world every day.

Visitors to a Swift operations center in Culpeper, Va., say their car trunks were inspected upon arrival by armed guards, who used mirrors to check under the chassis. Security inside included a fingerprint scan, a test for chemical weapons and an iris scanner in the most restricted areas.

“It’s like Fort Knox,” says Mohan Murali, chief executive of Axletree Solutions Inc., which helps banks and companies connect to Swift.

Ransomware Attack on Texas Clinic Affects 33k, Some Patient Records Lost

A ransomware attack on Grand Prairie, Texas-based Rainbow Children’s Clinic in early August reportedly affected 33,638 patients, according to Information Management.

On Aug. 3, a hacker launched a ransomware attack on the clinic’s computer system, encrypting data on the clinic’s servers. Rainbow Children’s Clinic attempted to quickly shut down its system, but an investigation conducted by a forensic expert proved a number of patient records had been deleted, reports Healthcare Finance News.

The potentially “irretrievably deleted” records may include patients’ names, addresses, dates of birth, Social Security numbers, medical information and payment guarantors.

Read More>>

Weebly Data Breach Affects 43 Million Customers

Weebly, a San Francisco-based company that has allowed more than 40 million people create websites with since 2007; will start sending notification letters to all of their customers on Thursday, informing them of a data breach that occurred eight months ago.

The breach, affecting 43,430,316 customers, happened February 2016, but the root cause remains unknown. The compromised database is just now coming to the public’s attention after an anonymous source sent it to LeakedSource.

SC Magazine

Nearly 6,000 online stores hit by hackers

Thousands of retailers have been hit by credit card detail stealing malware. They way the hackers got in? unpatched software flaws. Over 5,900 e-commerce sites contain malware that steals victim’s credit card details, according to a security researcher. The malicious code has been placed on 5,925 compromised sites by hackers, according to Dutch security analyst Willem De Groot. He said that hackers gained access to a store’s source code using various unpatched software flaws.

Breach Alert: POS Vendor Lightspeed

Montreal-based Lightspeed POS, founded in 2005, sells a cloud-based point-of-sale system to retailers and restaurateurs that’s used to process both physical and online transactions, and which competes with the likes of Shopify and Square. According to the notification, the breach affects the company’s cloud-based POS product, Lightspeed Retail, which doesn’t handle card data or customers’ personal information, and which is mainly used by retailers.

LinkedIn and MySpace hacker hits Yahoo in latest breach

Yahoo is investigating a potential data breach after a hacker claimed to have uploaded the details of 200 million accounts to underground marketplace ‘The Real Deal.’

The hacker – who goes by the name ‘Peace’ – was also behind the recent LinkedIn and MySpace breaches that compromised millions of users. He now appears to have uploaded usernames, dates of births and hashed passwords from Yahoo accounts.

Speaking to IBTimes UK, a Yahoo spokesperson tsaid: “We are aware of a claim. We are committed to protecting the security of our users’ information and we take any such claim very seriously. Our security team is working to determine the facts.

Acer suffers data breach through online store

Taiwanese hardware and electronics giant Acer has announced that it has suffered a data breach via its e-commerce site, and is preparing to inform those customers affected.

Due to unauthorised access by a third-party, anyone who accessed the online store between 12 May, 2015 and 28 April, 2016 could have had their personal information compromised.

Acer revealed that names, addresses, payment card numbers, card expiration dates and card security codes may have been accessed by the hackers but, following investigations by internal and external professionals, believes login details were not compromised.

45m passwords stolen from VerticalScope forums in massive data breach

A hacker breached Toronto-based firm VerticalScope’s systems and stole 45 million records from its network of more than 1,100 websites and forums. The attack was reportedly carried out in February.

The company operates scores of major properties for automotive, sports, outdoor, health and hobby enthusiasts, including AutoGuide.com, Motorcycle.com, Boat.com, TennisUniverse.com, PetGuide.com and Mothering.com.

Scroll to Top