Man-in-the-Browser (MITB) and web injection attacks are the most devastating threat on the Internet today, resulting in infinite number of compromised accounts. These attacks infect a webpage by taking advantage of security vulnerabilities in browsers and common web plugins, modifying web pages and transactions Read more
Details continue to emerge on the massive breach at health care company Anthem, in which hackers have gained access to information including names, birthdays, medical IDs, Social Security Numbers, street addresses, email addresses and employment information (including income), on up to 80 million people. Read more
A hacker calling himself “Mastermind” is claiming to be in possession of over 20 million credentials for an unnamed dating site. These credentials are claimed to be 100% valid in a posting to a paste site. Included in the list are over 7 million credentials from Hotmail, 2.5 million from Yahoo and 2.2 million from Gmail.com. Read more
Easy Solutions is committed to supporting the emerging DMARC email authentication standard to help our customers communicate confidently and securely with their customers. We listened to your feedback and included some key features in this DMARC Compass™ release that improve performance, usability and management. Read more
It is no secret that phishing attacks are growing in scope and the reason is quite simple: they are still effective. For the past several years, we have seen a marked increase in the number of email driven phishing scams that coincide with the holidays. Below you’ll find an email-driven phishing scam which shows a notification from FedEx—we’ve seen this with other brand-recognized delivery couriers like UPS and DHL. You can view the US-CERT advisory here. In this instance, the notification indicates that FedEx was unable to deliver a package because there was nobody available to sign for it. Once the recipient clicks on the invoice, the phishing attack is launched. With this kind of attack, the company purported to be sending the message is also a victim as the brands themselves become associated with fraudulent activities. Read more
This week we launched a new addition to the Total Fraud Protection platform—DMARC CompassTM. DMARC Compass is a cloud-based service that was built to fill a giant, gaping hole in most anti-fraud programs and to provide huge and wide-ranging benefits to infosec, marketing, advertising, legal and sales teams. The problem with B2B or B2C email is two-fold—email is critical and nobody trusts it, especially with 100 billion pieces of spam sent on a daily basis. Read more
Today, we announced a new product offering in our fraud intelligence family of products called DMARC CompassTM. If you are not yet familiar with the term, Domain-based Message Authentication, Reporting & Conformance or DMARC, is a technical specification and emerging standard designed to help reduce email fraud. You can read some earlier blog entries and announcements that we have made here, here and here.
Unsurprisingly, Bash has been dominating countless new sites over the past week. I recently spoke to Penny Crosman with American Banker and she wrote a story on what bankers need to know about Bash – it’s a must read.
Shellshock – BASH Exploitation Likely to Affect Large Hosting Providers and Sites, Be Used to Create Botnets
The new Shellshock vulnerability that affects the bash shell is one of the kind of vulnerabilities that makes old infosec guys chuckle. The bash vulnerability and its exploitation is not a marvel of complexity. We’ll get into the specifics of how it works shortly. But first, let’s address who’s at risk. Read more