Phishing

Facebook on Thursday said it had disabled six rogue apps that were stealing Facebook users' log-in credentials and spamming people, and within hours more appeared.

Five more of the apps appeared on Thursday, called "Friends," "Friends Gifts," "Matching," "Pok," and "Your Photos," according to an updated blog post by Trend Micro researcher Rik Ferguson.

By that night those new ones were disabled too. Facebook "will continue to ensure that all applications on Facebook Platform comply with Facebook policies," a spokeswoman for the company said.

According to Ferguson's … Read more

Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims' friends.

So far, six malicious applications have been identified: "Stream," "Posts," "Your Photos," "Birthday Invitations," "Inbox (1)," "Inbox (2)" according to a blog post by Trend Micro researcher Rik Ferguson.

As of Wednesday afternoon, all of the apps were live except for "Stream," he said in an e-mail.

The activity started earlier in the week with a Facebook notification Ferguson says he got from an … Read more

LAS VEGAS--Researchers at the Black Hat security conference on Thursday showed how an attacker could spoof a type of SMS message that appears to be sent from the carrier or some other trusted source.

This attack on MMS (multimedia messaging service) messages, a type of SMS message, could allow an attacker to trick the recipient into visiting a malicious Web site or ultimately do something else to harm the phone or steal data.

The attacks work potentially on any type of phone that is MMS-enabled and operating on Global System for Mobile communications (GSM) networks, said Zane Lackey, a senior … Read more

LAS VEGAS--Two researchers have separately uncovered flaws in the way domain names are verified on the Internet that could allow attackers to impersonate a site and steal information from unsuspecting Web surfers.

Dan Kaminsky, who discovered a serious flaw in the Domain Name System (DNS) last year, and Moxie Marlinspike gave presentations at the Black Hat security conference on Wednesday about how someone could acquire certificates for domains they don't own and thus trick people into visiting those illegitimate sites or inadvertently sharing information.

Marlinspike, an independent researcher, said a flaw in the way browsers and mail clients implement … Read more

The U.S. government on Monday launched a national talent search for high school and college students interested in working in cybersecurity.

With the U.S. Cyber Challenge the goal is to find 10,000 young Americans to be "cyber guardians and cyber warriors," according to a statement from the Center for Strategic & International Studies, which is sponsoring the event.

"Mostly now we have people (in government) writing policies and reports about security rather than people who can do it," said Alan Paller, director of research at the SANS Institute. "And we're getting … Read more

Cyber scammers are banking on the notion that many people who might not fall for a phishing scam via e-mail may still be easy targets through their mobile phone, according to security report released Tuesday from Cisco Systems.

Text message scams are on the rise, particularly fake messages that appear to come from a legitimate bank, said the report, which covers a wide variety of cybercrime topics.

In many of the scams, the SMS messages direct the recipient to call a telephone number where an automated message prompts the caller to provide log-in ID or account number and PIN. Other … Read more

I'm seeing a new pattern of malicious emails in my inbox. The body of the email message is nothing but a link to a blog at blogspot.com. The subject is a single word such as: Hey, Ave or Hallo.

One message linked to   uyxmwrmxaxquiuxti.blogspot.com.

My browser stayed there for only a second before getting re-directed to xykribwams.com which claims to be My Canadian Pharmacy.

This is a great example of the value you can get from the Flagfox extension for Firefox (which I wrote about back in July). Flagfox shows that xykribwams.com is … Read more

Last summer, Sen. Barack Obama's presidential-campaign computers came under cyberattack from an "unknown entity." His machines weren't alone; John McCain's computers were also attacked, according to a report appearing Wednesday on the site of Newsweek magazine.

The Obama attack was initially thought to be a piece of malware downloaded from a phishing site. Newsweek reports that "the next day, both the FBI and the Secret Service came to the campaign with an ominous warning: 'You have a problem way bigger than what you understand,' an agent told them. 'You have been compromised, and a … Read more

I have a lot of e-mail addresses and thus attract my fair share of unwanted and malicious e-mail. The latest malware spreading e-mail to land in my in-boxes has purported to be from the package delivery company UPS. Thursday, I received two of these, but there have been other similar messages recently.

As you can see in the picture below, it came with an attached ZIP file.

ZIP files are commonly used as a container to transmit malicious software. The number in the name of the ZIP file is probably there to evade detection by antivirus software; the numbers were … Read more