Security Alerts & News
by Tymoteusz A. Góral

History
#2246 Pawn storm abuses open authentication in advanced social engineering attacks
Pawn Storm is an active and aggressive espionage actor group that has been operating since 2004. The group uses different methods and strategies to gain information from their targets, which are covered in our latest research. However, they are particularly known for dangerous credential phishing campaigns. In 2016, the group set up aggressive credential phishing attacks against the Democratic National Convention (DNC), German political party Christian Democratic Union (CDU), the parliament and government of Turkey, the parliament of Montenegro, the World Anti-Doping Agency (WADA), Al Jazeera, and many other organizations.

This blog post discusses how Pawn Storm abused Open Authentication (OAuth) in advanced social engineering schemes. High profile users of free webmail were targeted by campaigns between 2015 and 2016.
Read more
#2256 iCloud support scams
#2255 Healthcare CERT warns about ‘Mole’ ransomware – what you need to know
#2254 Facebook tracks scary-specific details about your life. Here’s how to find what it knows
#2253 Linux Shishiga malware using LUA scripts
#2252 Cyberespionage, ransomware big gainers in new Verizon breach report
#2251 More LastPass flaws: researcher pokes holes in 2FA
#2250 FalseGuide malware victim count jumps to 2 million
#2249 UK man gets two years in jail for running ‘Titanium Stresser’ attack-for-hire service
#2248 How free hacking tools on the web could be leading kids into cybercrime
#2247 Hipchat resets user passwords after possible breach
#2246 Pawn storm abuses open authentication in advanced social engineering attacks
#2245 Webroot 'mistakenly' flags Windows as malware and Facebook as phishing site
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12