FTC Halts Tech-Support Scam That Pretended to Represent the FTC
The FTC has shut down a phone and email scam that involved scammers contacting consumers, falsely claiming to be working on behalf of the FTC and offering fake tech support services. The scheme is a twist on the old Windows tech support scam in which fraudsters call consumers and try to sell remote tech support […]
Microsoft Word Flaw Used in Dridex Malware Campaign
UPDATE–The zero-day vulnerability in Microsoft Word disclosed in the last few days is now being used as a vector for attackers to install the nasty Dridex banking Trojan. Researchers from a number of security companies have warned about the vulnerability, which Microsoft has yet to acknowledge publicly. The flaw allows attackers to bypass the exploit […]
FBI Disrupts Notorious Kelihos Botnet
The Justice Department has disrupted the Kelihos botnet, one of the more prolific and long-running spam and malware networks, by sinkholing the botnet’s command-and-control servers after the arrest of a Russian man officials allege is Kelihos’s operator. The botnet has been operating since at least 2010 and has infected hundreds of thousands of computers around […]
Senate Bill Seeks to Reinstate Broadband Privacy Rule
Now that President Trump has signed into law legislation that eliminates an FCC rule that prevented broadband providers from selling users’ private information, some members of Congress have introduced a new bill that would restore the rule. Sen. Ed Markey (D-Mass.) has drafted the bill and introduced it in the Senate in the hopes of […]
Attackers Targeting Microsoft Word Zero Day
Attackers are targeting a newly disclosed, unpatched vulnerability in Microsoft Word that can be used to install malware silently on victims’ computers. The attacks are using rigged Word documents attached to phishing emails, and when a victim opens one of the malicious documents, the embedded exploit code will immediately connect to a server controlled by […]
Adapting for Age: The Limitations of Modern Voice Biometric Technology
You’d think that the signs of ageing are obvious. Grey hairs, wrinkles and fading eyesight. But, as a study by Pindrop points out, it’s also your voice that can change. With the growing use of voice recognition as a way to identify and authenticate callers, there has been a real need to make sure that […]
On the Wire Podcast: Katie Moussouris
Katie Moussouris has pretty much seen it all in her nearly two decades in the security industry as a pen tester, consultant, Microsoft employee, and many other roles. Now she’s putting that experience and knowledge to work helping governments and enterprises work out the problem of vulnerability disclosure and response with her company Luta Security. […]
Top 5 Looming Fraud Threats Facing Retailers in Phone Channel Security
While the retail experience is becoming increasingly omnichannel, retailers are still neglecting the phone channel, the weakest link in security, as a common point of access for customers. Despite the intent to administer positive customer experiences, call center agents often fall victim to the methods that enable fraud attacks. Top 5 Threats 61% of fraud […]
On the Wire Podcast: David Jacoby and Frans Rosen
Bug bounty programs are nature enough and lucrative enough that there are some researchers making a very comfortable living from them. But not every technology company has one, and not every researcher is looking to make money for themselves on these projects. David Jacoby of Kaspersky Lab and Frans Rosen of Detectify recently decided to […]