Last week, I needed to ask my mortgage company a question. They responded with a Cisco Secure Mail message. This meant I had to create a Cisco account. Set up password reset questions. And eventually I was able to see the message ” Thank you for your request. We are reviewing your information and will …
This morning I was looking at my work email in Good, and saw I had a ‘package undeliverable’ email. Since I dont use my work email address with any deliveries I figured this was phishing. Because the address is less than a year old, I sighed that my address was already known to spammers and …
Today I received an email from Websense that asked “how good are you at caching a “phish”. It was promoting their email security products and had a link to “take the Operation Spear Phish Challenge”. As I clicked on the link I realized that I had just failed. Fortunately, the link actually was for a “spot the …
Symantec published a report earlier this week about an attack on the Chemical Industry. They call this attack Nitro. In one example of the attack, an encrypted 7zip file is used. Encryption prevents scanners from examining the contents of the file. Some SMTP gateways, block encrypted files by default. Most places find that hurts productivity more than …
Continue reading ‘Symantec Report on Chemical Industry Phishing’ »
Over the weekend, email marketing firm Epsilon revealed that it had been hacked and that some of their client customer lists had been stolen. Names and email addresses were stolen. With the link between your email address and the particular client of Epsilon, it is now much easier to create a targeted phishing email. Phishing emails …
Continue reading ‘Epsilon Breach will Lead to Phishing Season Security Companies Predict’ »
Magazine publisher Conde Nast received a email from a company with a name similar to their regular printers asking them to update their payment information. Conde Nast dutifully began sending their monthly payments electronically to a bank account in Houston Texas. $8 million was collected before the printers contacted the publisher to ask why they hadn’t been paid. Surprisingly the …
Continue reading ‘Magazine Publisher Phished for Millions’ »
Firefox recently announced that a soon to be released version will check for Flash updates in addition to updating Firefox. That should be helpful for end users. As with any news people of course have their own axe to grind and put their own spin on things. Wolfgang Kandek writes about this development in a …
I’ve been interested in extending HTTP security out to our remote users. When users are in the office their HTTP traffic is antivirus scanned and URL filtered. When remote, they only have desktop antivirus to protect them. As more and more users are mobile, I think it is important to address this. BlueCoat offers a …
I really shouldn’t have to wake up at 7:30 am on a Saturday and take the Metro into DC. Fortunately I thought the 10am talk was worth it. Phishing Statistics and Intuitive Enumeration of Hosts and Roles by Sean Palka This talk is about a tool he created/uses in corporate engagements. But as with most …
The next three posts will contain my notes from Shmoocon. This post contains notes from each session I attended on day 1. I’m not trying to necessarily reconstruct the notes into a coherent thought. Hopefully it will be somewhat readable. Opening Remarks by Bruce Potter People are getting owned a lot. Trends Increased success in …