Newsweek is reporting an increased incidence of scams and fraud surrounding Valentine’s Day celebrations:
LOOKING FOR LOVE ON VALENTINE’S DAY? EMAIL SCAMS TARGET SINGLES LOOKING FOR ROMANCE
Author: Adam Arrowood
Stopping visitor-uploaded spam submissions on your website
The article has been moved to https://security.gatech.edu/website-spam-upload
Security Update for the LastPass Extension
LastPass comments on recent security vulnerabilities discovered in the LastPass client code:
Millions of records leaked from huge US corporate database
ZDNet reports on the release of records from a database containing more than 33 million records from government departments and large corporate clients:
http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/
Highly Effective Phishing Technique Being Exploited
Wordfence points out a new phishing technique involving an unusually formatted URL. This technique has been used to target Gmail users, as well as users of some other popular services. It has been partially mitigated in Chrome.
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
Beware This Clever “Fake Attachment” Gmail Phishing Scam
Lifehacker points out a new, tricky phishing scheme affecting Gmail users that uses an embedded image made to look like an attachment:
http://lifehacker.com/beware-this-clever-fake-attachment-gmail-phishing-sca-1793264478
XMLRPC or WP-Login: Which do Brute Force Attackers Prefer
Wordfence blog has an article discussing common attack methods in brute-forcing WordPress login attempts:
https://www.wordfence.com/blog/2017/01/xmlrpc-wp-login-brute-force/
How Stolen iOS Devices Are Unlocked
For a number of years now, Apple has been implementing “Activation Lock” and “Find my iPhone” to deter the theft of iOS devices. According to some statistics, this effort has had some success. But with millions of users carrying devices costing $500 and more loosely secured in their pockets, mobile devices far exceed the value of an average wallet.
Activation Lock links a device to a user’s iCloud account. If a user configures a new device, the user is asked for iCloud credentials or offered to set up a new iCloud account. A device can not be activated without providing this information. If you sell or pass on a device, deleting the data from the device is not sufficient, but you will also have to remove the link to your iCloud account, for example by turning off “Find My iPhone.” Changing the setting always requires at least a password (and if configured two-factor authentication). Biometrics can be used to unlock the phone, but it can not be used to remove the iCloud link.
But iOS devices are still being stolen, and thieves have come up with some rather ingenious methods to unlock them…
https://isc.sans.edu/forums/diary/How+Stolen+iOS+Devices+Are+Unlocked/21621/
Battling the Botnet Armies
Botnet armies have become bigger, more active and more heavily armed than ever before. In the first quarter of 2016, attacks launched by bots reached a record high of 311 million—a 300 percent increase compared with the same period in 2015 and a 35 percent increase compared with the final quarter of 2015.