Fraud abusing Google Docs

Phishing is not exactly a ground-breaking technique. Quite the opposite, it seems like it has been around forever. This is an indicator of its effectiveness: we might think that it is unlikely that people would give away their banking credentials just because they are asked for them, but still there is a percentage who continue to become victims of one of the simplest fraud methods.

However both user awareness and anti-phishing tools are making harder for fraudsters to succeed in their attempts to get our money. We see this changing in the decrease in the percentage of spam. That is not the only reason: users are switching to new platforms such as social networks for direct communication.

Today I want to show you an example of the creativeness in avoiding spam and phishing filters.

Read Full Article

VB2012 day 2

One of the things I don’t like from conferences is when there are two talks you want to attend scheduled at the same time. And this is what happened to me in VB2012. Fortunatelly David was on the stage for a whole hour, so I attended his first half and then I switched to Fabio’s talk. Read Full Article

5 takeaways from Las Vegas

Probably the two most important security conferences in the world are held in Las Vegas during the same week, gathering more than 15,000 attendees and offering dozens of talks. Even if you are here, you will find a situation where you want to attend 2 or 3 talks at the same time, or the frustration of attending one talk only to find there is no room left for you in the next one you wanted to attend. So I thought it would be useful, whether you were in Las Vegas or not, to highlight the most relevant things that happened there during these 2 weeks, in my opinion. Read Full Article

Who is attacking me?

Browsing is a risky activity from a security point of view. The good old times when we could identify a bunch of suspicious sites and avoid them are gone forever. Massive infections of websites are common nowadays, blindly infecting as many sites as possible. Once these sites are compromised, the access is usually sold to cybercriminals. At this point the site hosts malware or redirects victims to some exploit kit. Read Full Article

Where is my privacy?

When we upload something embarrassing about ourselves to, let’s say Facebook, that’s completely our fault. But there are other subtle ways to get information about us. Let’s say a few words about tracking.

Every time you visit a website you request HTML that will be rendered in your local browser. This code may include external references, so you will request them as well. Nothing to be afraid of so far. Read Full Article

Dark Market

Dark Market was one of the most famous underground forums ever, for several reasons. The most important one was that one of the administrators was an infiltrated FBI agent running a covert operation that ultimately lead to the arrest of 60 people worldwide. The forum was shut down in 2008, when Dark Market was probably the most important carding forum in the world. Read Full Article

Malware in the cloud

The use of all kind of services in a cloud basis is becoming more and more popular, enhancing productivity and reducing the needs of setting up a complex infrastructure. This approach is progressively being taken by IT industry. However, malware reacted faster in abusing this virtual infrastructure for its profit. Read Full Article