Spamzy

Unsurprisingly, we’re seeing increased hacks and social engineering attacks at retail sites during the months leading up to the holiday season –

Hacker attacks against retail sites increased by 161% in the July to November period compared with the first six months of this year, according to security firm SecureWorks. After a big increase in network-scanning reconnaissance attacks in October, hackers dramatically increase efforts to fraudulently authenticate themselves to e-retailers, the firm says.

The authentication exploits include attempts to determine consumers’ user name and password combinations, which would allow criminals to make fraudulent purchases. “It is not surprising that the attempts to steal customer credentials greatly increased just before the holiday shopping season,” says Wayne Haber, director of architecture at SecureWorks.

Read the full article here.

View original here:
Holiday Fever Leads to Hacking

Greg Garcia stepped down from his post at the Department of Homeland Security on December 5th.

Says Government Computer News:

President-elect Barack Obama intends to move cybersecurity up a rung in his administration by creating a federal CTO and putting a high-level adviser back into the White House, and this is a good idea. Cybersecurity is not just a governmentwide issue. It is a global issue that cuts across national and public/private sectors. The White House is the proper place for establishing agendas and priorities on international issues.

This is not to say that DHS will not have an important role in implementing these initiatives, and the challenges facing the next secretary and assistant secretary will be significant in this area. Gov. Janet Napolitano, Obama’s choice for DHS secretary, will take over a department that is not long out of its infancy as far as Cabinet-level departments go. It is toddling, and toddlers tend to fall a lot and need quite a bit of direction. But toddlers also can mature and develop their skills surprisingly quickly if the proper direction is provided. The next secretary and assistant secretary will have to ensure that the progress now under way continues.

Read the full article here

Read the original post:
Assistant Secretary for Cybersecurity Steps Down

It’s ALIVE

One of the three botnets cut off by the shutdown of rogue ISP McColo is back in business. The Mega-D botnet is back on its feet and throwing off huge volumes of spam, net security firm Marshal8e6 reports.…

Originally posted here:
Penis pill botnet awakens after McColo shutdown

Here’s one security device you can get for cheap — a paper shredder.

Avoid the big mistake this medical office made and don’t throw your personal info away:

Boxes with documents detailing confidential patient information, such as Social Security numbers and personal medical history, were found discarded next to a medical office building, which officials said could be a violation of patient confidentiality laws

read the full article here.

Read more:

Trojan assault wave takes many guises

Malicious email attachments disguised as airline ticket receipts are being spammed across the internet as part of a new attack. The assault is the latest in a series of booby-trapped email attachments, which have seemingly become fashionable among VXers again, after many months of playing second-fiddle to website attacks.…

More:
Booby-trapped emails fly back into fashion

Check your account balances carefully to make sure this isn’t happening to you–

According to Ars Technica, there are a wave of fraudsters right now who are taking small amounts out of consumer bank accounts. They do this to test whether the account is good and verify it. First, they take somewhere between 19-29 cents. Then, when they’ve verified the account, they make as many charges as possible before they get noticed:

Beginning on or about November 20, various card holders began complaining online about unauthorized microtransactions that were suddenly showing up on their accounts. The charges fit the model described above, and were labeled as coming from Adele Services. Adele Services appears to be a dummy corporation; the 1-800 number listed as the customer contact point is disconnected and there’s no official website.

The company may not officially exist, but that hasn’t stopped it from continuing to test accounts. It’s impossible to state how many card holders have been pinged in this manner, but the number of online reports is growing steadily. Theories on which company’s security was breached abound, although the mob of sages has collectively ruled out PayPal, given the number of non-PayPal users affected.

Be careful shopping online this holiday season, and don’t ignore little changes in your account, and hopefully you’ll have a safe secure shopping season.

Read more:

Bruce Schnier linked to an interesting article a while back, discussing how brain chemistry causes you to trust people when demonstrate that they trust you, especially when they’re relying on you and may be vulnerable…interesting stuff:

THOMAS is a powerful brain circuit that releases the neurochemical oxytocin when we are trusted and induces a desire to reciprocate the trust we have been shown–even with strangers. The key to a con is not that you trust the conman, but that he shows he trusts you. Conmen ply their trade by appearing fragile or needing help, by seeming vulnerable. Because of THOMAS, the human brain makes us feel good when we help others–this is the basis for attachment to family and friends and cooperation with strangers

So my question: if real-life cons can easily scam people by appearing to depend on them, how does this affect the scams we see on the Net? Clearly some online cons rely on this method — the Nigerian bank scam being a prime example. It seems like social engineering scams particularly rely on this method — but not all scams. And of course many other vulnerabilities just seem to rely on people’s habits to just click links willy-nilly online, which is an impersonal event. If the net were a more personal place, we might see many more of those kinds of scams.

View original here:
The Good Get Conned-When Trust is Biological

Fillet O’Phish

Phishing fraudsters are attempting to scam the credulous into handing over their credit card details on the basis of a supposed offer from McDonalds.…

Go here to see the original:
McDonalds survey scam is super-size fraud

Junkmail crisis averted for now

After being stranded for weeks, a monster botnet responsible for an estimated 40 percent of the world’s spam was able to briefly reconnect to its mothership in a tense international duel playing out online that could have a dramatic effect on the amount of junkmail flowing into inboxes everywhere.…

See the rest here:
Monster spam botnet briefly resurrected from the dead

Rebirth before redeath

After being stranded for weeks, a monster botnet responsible for an estimated 40 percent of the world’s spam was able to briefly reconnect to its mothership in a tense international duel playing out online that could have a dramatic effect on the amount of junkmail flowing into inboxes everywhere.…

Read more:
Srizbi spam botnet in failed resurrection