CyberheistNews Vol 1, #19
Editor's Corner
[caption id="attachment_1367" align="alignleft" width="150" caption="Stu"][/caption]
We all know the expression 'sex sells'. It's not true though. Sex
draws the attention, but certainly does not 'sell' in the sense
that once attention has been drawn, there is follow-through and
an actual purchase. However, promising potential sex is a powerful
lure on the Net, and many people continue to fall for it. This
scam of the week is on the blogging site tumblr. Thousands of
logins for emo-blogging platform tumblr have been stolen in the
past week via a phishing attack that lured users to enter their
credentials in exchange for the promise of erotic content.
When someone promises adult content on the Internet, don't walk, RUN.
Imagine a cop that sternly states: "Step Away From The Keyboard!"
Here is how this scam worked:
http://consumerist.com/2011/06/erotic-phishing-attack-steals-thousands-of-tumblr-logins.html
Apologies For Last Issue.
Last newsletter had severe problems with the links at the end of each
article. The company that sends CyberheistNews had technical issues,
and the redirects did not work, causing any link that was clicked to
time out. Our apologies!
5 Tips To Get Budget Approval For Security Awareness Training
As a System- or Network Admin or IT Security Manager you know that
Security Awareness Training is a crucial part of Defense-in-depth
to keep your organization secure. Microsoft just reported that a
whopping 45% of malware infections are caused by social engineering.
But that same awareness has often not yet filtered up into top management,
who simply do not know the dangers of (spear-) phishing yet. So it can
be a challenge to get the approval and receive the budget to run a
security awareness program. Here are five helpful hints and tips to
get that approval:
http://www.knowbe4.com/getting-approval/
Quotes of the Week
"We do not take humor seriously enough." - Konrad Lorenz
Please tell your friends about CyberheistNews! They can subscribe here:
http://www.knowbe4.com/about-us/cyberheist-news/
Loose Lips Still Sink Corporate Ships, Social Engineering As Lethal As Ever
Darlene Storm at ComputerWorld wrote: "Last year at DefCon, contestants
proved their social engineering schmooze was lethal to corporate America.
Even after all the lessons learned from this summer's high profile hacks,
many of which like HBGary were made possible by social engineering
attacks, the results from the 2nd annual social engineer Schmooze Strikes
Back contest were the same. Loose lips still sink corporate ships;
social engineering is no less lethal to companies. As the Social
Engineering Capture the Flag report states "in the end, all of the
companies would have received a failing mark in a real social engineering
penetration test." In the article there is a link to the Capture The
Flag report at the Social-Engineer website. Very interesting to say
the least:
http://cwonline.computerworld.com/t/7679225/987374514/538477/0/
Are On-Screen Keyboards Really More Secure?
The built-in on-screen keyboard that comes with many operating systems
is designed to help people who are unable to use a physical keyboard
because of disabilities. Due to this, an on-screen keyboard behaves as
much like a real keyboard as possible and it's activity will most likely
be logged by a keylogger:
http://superuser.com/questions/29983/are-on-screen-keyboards-really-more-secure
On-screen keyboards specifically designed for security (on a bank's
website, for example) are a different story and are likely more secure
against keyloggers.
http://www.viruslist.com/en/analysis?pubid=204791931
Fraud Intelligence Report Third Quarter 2011
MarkMonitor reports that the phish attack volume grew 7% from the
previous quarter to 103,702 attacks. Retail/Service phishing continued
to increase, growing 43% to 14,572 attacks. The Financial sector continued
to be the most phished industry, accounting for 44% of phish attacks,
while the Payment Services sector accounted for 20%. Social Networking
sector phish increased 33% from the second quarter to 4,767 attacks
and was 145% above its level from a year ago.
American brands remained in the top spot with 56% of phishing attacks,
China second, while British brands dropped to the number three position
with 12% of phishing attacks. Source:
https://www.markmonitor.com/download/report/Fraud_Report-Q3_2011.pdf
Should I Change My Password?
2011, aka the 'year of the data breach', with hackers publishing tons
of stolen information online weekly. Now a new site called pwnedlist.com
lets you check to see if your email address or username may have been
compromised.
The site is the creation of Alen Puzic and Jasiel Spelman, two security
experts from DVLabs, a division of Hewlett Packard. Enter your email
address into the site, and it will look if it was found in any of the
recent published stolen data:
http://www.pwnedlist.com
Cyberheist 'FAVE' LINKS:
* This Week's Links We Like. Tips, Hints And Fun Stuff.
Stopover, a 3 minute animated short film about spaceman, who makes
an unplanned pit stop leading to a close encounter of the third kind:
http://www.flixxy.com/alien-pit-stop-sci-fi-short-film.htm
And how close do Blue Angels get to each other? This close!!!
http://www.flixxy.com/blue-angels-formation-flying.htm
Railroad tank car implosion experiment. Read the explanation:
http://www.flixxy.com/railroad-tank-car-vacuum-implosion.htm
Dog lays a stick by the statue of computer scientist Alan Turing and is
trying hard to get him to throw it for him:
http://www.flixxy.com/dog-wants-statue-to-throw-stick.htm
The World's first manned flight of an electric multicopter. I cant wait
to get my own personal helicopter!:
http://www.flixxy.com/worlds-first-manned-flight-of-an-electric-multicopter.htm
Every magician likes to involve a pretty girl in his magic tricks but it's
not often that the pretty girl is also a magician herself:
http://www.flixxy.com/world-magic-awards-double-fantasy-duo.htm
The Chief Security Officer Website has a Daily Dashboard with a host
of very useful alerts and tips. Check it out here:
http://dashboard.csoonline.com/