State Govts. Warned of Malware-Laden CD Sent Via Snail Mail from China

Here’s a timely reminder that email isn’t the only vector for phishing attacks: Several U.S. state and local government agencies have reported receiving strange letters via snail mail that include malware-laden compact discs (CDs) apparently sent from China, KrebsOnSecurity has learned. This particular ruse, while crude and simplistic, preys on the curiosity of recipients who … Читать далее

Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M

Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses. According to a lawsuit filed last month in the Western District of … Читать далее

Breach at DocuSign Led to Targeted Email Malware Campaign

DocuSign, a major provider of electronic signature technology, acknowledged today that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems. The company stresses that the data stolen was limited to customer and user email addresses, but the incident is especially dangerous because … Читать далее

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft today each released updates to fix critical security vulnerabilities in their software. Adobe issued patches for Flash Player and AIR, while Microsoft’s Patch Tuesday batch includes seven update bundles to address a whopping 66 distinct security holes in Windows and related products. The vast majority of the vulnerabilities addressed by Microsoft today … Читать далее

Email-Based Malware Attacks, July 2012

Last month’s post examining the top email-based malware attacks received so much attention and provocative feedback that I thought it was worth revisiting. I assembled it because victims of cyberheists rarely discover or disclose how they got infected with the Trojan that helped thieves siphon their money, and I wanted to test conventional wisdom about … Читать далее

Spotting Web-Based Email Attacks

Google warned on Wednesday that hackers were launching targeted phishing attacks against hundreds of Gmail account users, including senior U.S. government officials, Chinese political activists, military personnel and journalists. That story, as related in a post on the Official Google Blog, was retold in hundreds of media outlets today as the latest example of Chinese … Читать далее

Critical Flash Player Update Plugs 11 Holes

Adobe has released another batch of security updates for its ubiquitous Flash Player software. This “critical” patch fixes at least 11 vulnerabilities, including one that reports suggest is being exploited in targeted email attacks. In the advisory that accompanies this update, Adobe said “there are reports of malware attempting to exploit one of the vulnerabilities, … Читать далее