Brian Krebs has written a new post warning about the dangers of fake order confirmation e-mails. 2 of the screenshots in the post show examples of fake order confirmation e-mails from Home Depot and Walmart, respectively. I don’t know with absolute certainty the dates the e-mails in these screenshots were sent, but because both e-mails mentioned Thanksgiving and have a copyright date of (or ending in) 2014, they are likely to be recent.
Nevertheless, Krebs is correct in referring to this type of e-mail as a “perennial scourge.” A quick Google search reveals similar scams going back as far as 2004, though the DSLReports scam does not seem to explicitly mention the holidays. Here’s another example in 2012 that probably linked to a phishing website. Here’s a third example Continue reading Protecting Yourself Against Fake Order Confirmation E-mails
Since the spread of Ebola outside of Africa this year, the disease has been dominating the headlines. Unsurprisingly, scammers have tried to capitalize on the topic by sending out phony emails purportedly from the World Health Organization. The article reports that if you open the attachment, it will install a Trojan called DarkComet on your computer. DarkComet contains, among other features, keylogging and webcam hijacking functions.
I am not an expert on the topic of public health, so take the following with a grain of salt, but to me, the text of the e-mail doesn’t look as legitimate as the article says. Continue reading Ebola Email Scam is Making The Rounds
Remember the major USB flaw demonstrated by Karsten Nohl about 2 months ago? Although Nohl never released the code he used in the demonstration, two other researchers have managed to perform the same tricks, and they’ve made their code publicly available on Github. Now anybody can use this code to perform attacks. The researchers say they released the code in an attempt to start the process whereby the security architecture of USB devices is fundamentally redesigned.
At the time Nohl first made his presentation, he gave Continue reading Code with BadUSB Tricks Published on Github
Blizzard’s Battle.net, Microsoft’s Xbox LIVE, and Sony’s Playstation Network have all been hit by DDoS attacks, causing disruption in the services.
A DDoS (distributed denial of service) attack is basically a large-scale attempt to disrupt a web server using requests from many different “zombie” computers. Suppose there’s a pizza store in your town, and it normally gets 3-4 orders by phone every hour. Continue reading Several Gaming Services hit by DDoS Attacks
Two researchers appear to have discovered a serious flaw in USB. This isn’t just your everyday virus. Malware planted using this flaw is not merely stored on the flash memory itself; it’s actually in the firmware that the drive depends on to run. One article blames the flaw on the USB Implementers Forum, which supports and promotes the USB specification. The flaw is able to spread from a USB flash drive to a computer and vice versa.
Until device makers come up with a fix, Nohl, one of the two researchers, proposes a short-term solution: Don’t connect untrusted USB drives to your computer, and don’t connect your USB drives into untrusted computers.
Simple enough, right? Even before this flaw was discovered, Nohl’s suggestion would have been sound advice; untrusted computers can plant more run-of-the-mill malware on your drive or tamper with your files. But the fact that the article describes Nohl’s suggestion as a “fundamental change in how we use USB gadgets” reflects on how most of us in fact use our USB flash drives. This is unsurprising, considering how convenient it is to carry our files around from one computer to another, but it is also an attitude that should be reexamined, particularly in light of these latest discoveries.