PINDROP BLOG

Month: April 2016

April 29, 2016
Researchers Find Private Slack Tokens Posted on GitHub
Developers building bots for Slack are including their personal access tokens in code posted on GitHub, researchers have found, a problem that could give anyone who finds the tokens access to internal Slack conversations and files. Slack is a team communications app used in many organizations to share information, files, and other data. Developers can…
Read More →
April 29, 2016
April 29 – This Week in Phone Fraud
This week in phone fraud, Pindrop CEO is the featured cover story of HUB Magazine, and Atlanta is #1 in robocalls. This month HUB Magazine featured Pindrop CEO, Vijay Balasubramaniyan, as the cover story. In the article, Balasubramaniyan explains Pindrop’s beginnings as well as how he sees the future of voice authentication and security. Market…
Read More →
April 29, 2016
Android Overlay Malware Targeting Banking Apps
There is a growing crop of mobile malware that is designed to overlay a user’s phone screen and harvest banking and other credentials, and the attackers behind these tools have thoughtfully created a range of options, from low-end to premium priced. Researchers at IBM’s X-Force team have been tracking a variety of mobile malware samples…
Read More →
April 28, 2016
On the Wire Podcast: Patrick Wardle
Patrick Wardle is well-known in the security community for his research on Mac OS X security features and malware. He’s demonstrated practical methods for bypassing Gatekeeper and the other security mechanisms in OS X, and he recently released a free tool called RansomWhere? that’s designed to generically detect OS X ransomware, such as KeRanger. Dennis…
Read More →
April 28, 2016
Office 365 Bug Could’ve Allowed Attackers to Login to Virtually Any Account
Security researchers in January discovered a critical vulnerability in the SAML implementation in Microsoft’s Office 365 service that could allow an attacker to log in to a victim’s account and gain full access to email, contacts, and other sensitive data. The vulnerability was present in Office 365 for an unknown amount of time, and there…
Read More →
April 27, 2016
Hear a Real Bank Phone Fraud Call From a Fake Cop
The ongoing problem of fraudsters targeting senior citizens with sophisticated phone scams has taken a new turn, as the criminals have begun using a technique that involves them showing up at victims’ homes to collect their debit cards. The scam is an extension of a common phone fraud technique in which criminals call victims–typically senior…
Read More →
April 26, 2016
Verizon DBIR Shows Focus on Credential Theft in Breaches
Attackers are continuing to refine their tactics and develop new tools, but in a lot of cases they still rely on tried-and-true methods such as phishing, social engineering, malware, keyloggers, and credential theft to achieve their goals. The 2016 Verizon Data Breach Incident Report shows that these tactics and tools are still among the most-used by…
Read More →
April 25, 2016
Cyber.Police Android Malware Infects Without User Interaction
There is a new piece of ransomware that is using an exploit for an Android vulnerability to infect devices without any user interaction whatsoever. The Cyber.Police ransomware uses JavaScript to exploit the bug and one of the exploits it employs is a known one that’s been public for more than a year. Researchers at Zimperium…
Read More →
April 25, 2016
Massive Bank of Bangladesh Attack Hit SWIFT Payment System
Attackers who pulled off the massive bank fraud at the Bangladesh Bank in February did so by using custom malware and attack tools that were able to monitor the internal messages that conduct financial transactions, delete certain messages, and then insert others to send money to accounts they control, researchers say. The tools targeted the SWIFT…
Read More →
April 22, 2016
April 22 – This Week in Phone Fraud
This week in phone fraud, ’90’s phone scams are making a comeback and Chauffeurs jailed for car-hailing phone scam. This week Consumerist shared that the phone scam tactic of slamming (switching someone’s long-distance carrier without their knowledge or permission) is back in the fraudster’s arsenal. Shanghai Daily reported this week that 4 drivers who defrauded…
Read More →
Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS