Spam

tripwire.com

Poisoned plugin allowed hackers to post spammy content on up to 200,000 WordPress websites

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…

Read more in my article on the Tripwire State of Security blog.


0 sec read

bitdefender.com

Insecure Office 365 setups could be a ticking time bomb for your business

Messages your customers receive from a hacker who has already compromised your email system are going to look much more convincing, and could result in your clients transferring large sums of money into a scammer’s bank account and you losing customer trust and future business.

Read more in my article on the Bitdefender Business Insights blog.


0 sec read

Smashing Security #040: The show that cost Troy Hunt 14 dollars

Are public figures lying about being hacked? What were online criminals doing with 711 million email addresses? And how could scammers profit from Hurricane Harvey?

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by HaveIBeenPwned’s Troy Hunt.


43 sec read

711 MILLION email accounts weaponized by Onliner for spam campaigns

The Onliner spambot weaponized a whopping 711 million email accounts to distribute spam emails laden with malware.

David Bisson reports.


2 min read

welivesecurity.com

Beware bogus ‘WhatsApp subscription ending’ emails and texts

You ultimately decide what links you click on, and whether you hand over your passwords and payment card details. Always think twice, because the wrong decision could prove costly.

Read more in my article on the We Live Security blog.


0 sec read

What’s worse than getting phished? Getting phished *and* sending a selfie of your Photo ID and credit card

Phishers are targeting PayPal users not only for their login credentials but also for selfies of them holding their ID and credit cards.

David Bisson reports.


1 min read

Pump-and-dump pot stock spam

You’d be a dope to take advice on the stock market from unsolicited spam.


1 min read

bitdefender.com

Beware bogus emails from LinkedIn asking for your CV!

LinkedIn users are being warned to be on their guard following a rise in reports of attacks being distributed via email designed to trick job seekers into sharing their personal details.

Read more in my article on the Hot for Security blog.


0 sec read

Tracking pixels can conduct surveillance for targeted attacks

Malicious hackers can use tracking pixels to help them gather intelligence for attack campaigns, both mass and targeted in scope say researchers.

David Bisson reports.


1 min read

Triple malware threat delivered by USPS-themed spam

A spam campaign whose emails purport to originate from the United States Postal Service (USPS) is delivering a triple malware threat to its intended victims.

David Bisson reports.


1 min read

Victims’ real details helping hackers trick victims into installing banking malware

Remember to always be wary of opening unsolicited email attachments and clicking on unknown links. Clicking before you think could lead to your downfall.

David Bisson reports.


1 min read

Scammers target tax preparers with last-minute phishing attacks

Scammers are sending last-minute phishing attacks to tax preparers in the hopes of making off with taxpayers’ refunds.

It seems nothing is certain, except scams, death, and taxes.

David Bisson reports.


1 min read

Sorry for the Nazi spam from my Twitter account

It happened to me (and many others). It could happen to you.


1 min read

Lame comment spam campaign attempts to promote iPhone app

Who could possibly be behind a campaign of spam comments being left on my blog promoting an iPhone app?


2 min read

Movie night? Nope. It’s a fake iTunes receipt from phishers targeting Apple users

Beware fake iTunes receipts for movies you haven’t purchased. When you try to dispute the purchase, you might find you’re handing online criminals your personal information.

David Bisson reports.


1 min read

Pony credential stealer trampling users via Microsoft Publisher documents

The credential-stealing Pony malware is masquerading as Microsoft Publisher documents in an effort to infect unsuspecting users.

David Bisson reports.


1 min read