Security News
Read the latest news regarding cybersecurity and your business.

Compromised LinkedIn accounts used to send phishing links via private message and InMail

Phishing continues to be a criminals’ favorite for harvesting user credentials with more or less sophisticated social engineering tricks. In this post, we take a look at a recent attack that uses existing LinkedIn user accounts to send phishing links to their contacts via private message but also to external members via email.

What makes this campaign interesting is the abuse of long standing and trusted accounts that were hacked, including Premium membership accounts that have the ability to contact other LinkedIn users (even if they aren’t a direct contact) via the InMail feature. The fraudulent message includes a reference to a shared document and a link that redirects to a phishing site for Gmail and other email providers which require potential victims to log in.

Continue reading

Fake DHS email – “Give us $350 in the next 24 hours”

Who likes threats?

Nobody, as it turns out. That hasn’t stopped scammers from jumping on the menacing email train – next stop, your inbox.

Continue reading

Equifax breach: What you need to know [updated]

[updates 9/14/2017]

Equifax has released information and confirmed the vulnerability (CVE-2017-5638) that was used in this breach after several days of intense scrutiny around Apache Struts. To make matters worse, there already was a patch available for this flaw in March 2017, two months prior to the incident.

1) Updated information on U.S. website application vulnerability.Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted. We know that criminals exploited a U.S. website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement.

Continue reading

Google reminds website owners to move to HTTPS before October deadline

With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields—like contact forms and search bars—and all HTTP websites viewed in Incognito mode as “NOT SECURE” in the address bar. The company has started sending out warning emails to web owners in August as a follow-up to an announcement by Emily Schechter, Product Manager of Chrome Security Team, back in April.

Google began marking sites in Chrome v56, which was issued in January of this year. They targeted HTTP sites that collect user passwords and credit card details.

Continue reading

Explained: False positives

What are false positives?

False positive, which is sometimes written as f/p, is an expression commonly used in cybersecurity to denote that a file or setting has been flagged as malicious when it’s not.

In statistics, false positives are called Type I errors, because they check for a particular condition and wrongly give an affirmative (positive) decision. The opposite of this is false negative, or Type II error, which checks for a particular condition is not true when, in fact, it is. In this blog post, we will focus on false positives in cybersecurity, but note that false negatives in this field are commonly referred to as “misses.” So “misses” are malicious files or malicious behavior that the scanner or protection software did not detect.

Continue reading