Remember this cyberattack on JPMorgan Chase? According to the New York Times, the intrusion may have been thwarted if the bank had installed a security fix that provided two-factor authentication to an overlooked server. The attack apparently began with the simple theft of the login credentials of a JPMorgan employee, but the newspaper gives no further details as to how those credentials were stolen.
Some articles appear to be misinterpreting Continue reading What Really Caused the JPMorgan Chase Breach?
Have you ever received a call from a mysterious person claiming to represent a legitimate company? The person then proceeds to ask you for payment information for some bogus good or service he is providing after some social engineering to convince you of his legitimacy. Many years ago, I received a call claiming to be from the company I had purchased a computer from within the past 1-2 years. Within approximately 1 minute, I was being asked for my credit card number Continue reading Microsoft Sues Company For Allegedly Providing Phony Tech Support
Over 100,000 WordPress sites have been compromised by malware called SoakSoak. According to security company Sucuri, the compromise occurred via a plugin called RevSlider. The developers of the plugin have been criticized for making automatic updates difficult.
According to Gizmodo, the malware only affects self-hosted sites; not sites hosted on WordPress.com. Furthermore, WordPress itself is not affected, so you shouldn’t be vulnerable just because you’re using WordPress; you had to have used a vulnerable version of the RevSlider plugin. If you think you might have been affected though, Sucuri provides some technical details here. Its instructions, however, could have been clearer. For example, they tell you to “remove all backdooors [sic],” but don’t provide any specific instructions on how to remove these backdoors. An article in The Guardian hints that one such backdoor may consist of new administrator users.
There’s a new Pew report on what experts believe the future of privacy will look like. The responses range from optimistic to grim.
It seems even ICANN staffers aren’t immune to spear phishing attacks. See my old post for some tips on how to protect yourself against spear phishing.
This site was temporarily down yesterday due to some technical problems encountered during an update. Everything is back to normal now.
Brian Krebs has written a new post warning about the dangers of fake order confirmation e-mails. 2 of the screenshots in the post show examples of fake order confirmation e-mails from Home Depot and Walmart, respectively. I don’t know with absolute certainty the dates the e-mails in these screenshots were sent, but because both e-mails mentioned Thanksgiving and have a copyright date of (or ending in) 2014, they are likely to be recent.
Nevertheless, Krebs is correct in referring to this type of e-mail as a “perennial scourge.” A quick Google search reveals similar scams going back as far as 2004, though the DSLReports scam does not seem to explicitly mention the holidays. Here’s another example in 2012 that probably linked to a phishing website. Here’s a third example Continue reading Protecting Yourself Against Fake Order Confirmation E-mails