December 16th, 2018 by John
Posted in Criminal, Scams & Ransomware
September 20th, 2018 by John
Posted in Criminal, Cybersecurity & Infosec
September 4th, 2018 by John
Posted in Criminal, Cybersecurity & Infosec
I get a lot of spam. A lot of phishing attacks. Gmail does a pretty good job of filtering them out. Last week the prevalent phishing attack was an
attempt to get you to ‘complete the process of unsubscribing’. This attempt at social engineering was obviously timed to coincide with the European deadline for GDPR compliance, which led many individuals to unsubscribe rather than opt-into marketing.
This week brings us a phishing attack that might scare your pants off, at first glance. Most Americans have probably had their username and password leaked at some point. So, when you receive an email that starts off by listing your password, you might sit up and take notice. I received this email because one of my accounts was associated with a password breach, so I know this has to be circulating big time! (It was for a password I also changed over a year ago.)
Many Americans have visited an adult website at some point in the past. When you marry up the two, you have a very convincing phishing email that then requests you send a cryptocurrency ransom to prevent a video of what you supposedly were watching along with footage from your computer’s camera. Here is an example phishing email:
Don’t fall for this scam. But, what you can do is to visit a site like Have I Been Pwned to see if your email is associated with any breaches, so you can be sure to change any passwords that might have been leaked in the past. Stay safe and secure!
Posted in Blog, Criminal, Scams & Ransomware
Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet. The person offering the files claims the data is from Experian, and is looking to get $600 for everything.
http://www.csoonline.com/article/3149713/security/data-enrichment-records-for-200-million-people-up-for-sale-on-the-darknet.html
Details of this incident came to Salted Hash via the secure drop at Peerlyst, where someone uploaded details surrounding the sale and the data. The data were first vetted by the technical review board at Peerlyst, who confirmed its legitimacy. Once it was cleared by the technical team, a sample of the data was passed over to Salted Hash for additional verification and disclosure…
Posted in Criminal, Cybersecurity & Infosec, Privacy
In an interesting turn, Hajime is a vigilante-style project intended to disrupt Mirai and similar IoT botnets.
//cdn.iframe.ly/embed.js
Posted in Criminal, Exploits & Attacks, IoT, IIoT, ICS-SCADA
//cdn.iframe.ly/embed.js
The Shadow Brokers released nation-state NSA exploits and Rapid7 researchers explain what this means in a concise article, worth a read.
Posted in Criminal, Exploits & Attacks
