CyberATTACK January, 16th 2009 by admin

Phishing without bait: The in-session password theft attack

Skilled identity thieves can pilfer user names, passwords and other sensitive data for banking sites without using e-mail lures and other other social engineering tactics.

According to a security advisory from Trusteer, hackers can launch what is described as “in-session phishing attacks” using pop-up messages during an active browser session. The attack technique is somewhat sophisticated — it requires that a base Web site is compromised and the attacker must know which Web site the victim user is currently logged into — in-session phishing can be highly effective because the average end user is likely to enter credentials without a second thought. [ZDNet]

0 Comments

Socialize

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 


CyberATTACK

Sony Online Entertainment and PlayStation Networks Hacked, 93,000 Accounts Compromised

"Sony chief security officer Philip Reitinger warned Sony Entertainment Online customers and PlayStation Network users on Tuesday night that their accounts may have been compromised after a hack led to 93,000 accounts being compromised." Source: Sony Online Entertainment and PlayStation Networks Hacked, 93,000 A ›
CyberATTACK

TRICARE Investigates Beneficiary Data Breach

"The TRICARE Management Activity is reviewing its data protection policies and procedures in the wake of a data breach involving personal health information of an estimated 4.9 million military clinic and hospital patients. The breach potentially affects patients who received care or filled pharmacy prescriptions in San Antonio-area military treatment faci ›
CyberATTACK

Harvard website hacked by Syria protesters

"Harvard University has had its website hacked in what appears to be a "sophisticated" Syrian-related attack. Along with a picture of Syrian president, Bashar al-Assad, the hacked home page showed a message saying the "Syrian Electronic Army Were Here"." (Source: BBC News - Harvard website hacked by Syria protesters.) ›
CyberATTACK

Security Expert: U.S. 'Leading Force' Behind Stuxnet

"The sophistication of the worm, plus the fact that the designer had inside intelligence on the Iranian facility, led Langner to conclude that the United States had developed Stuxnet, possibly with the help of Israeli intelligence. Langner isn't shy about naming the U.S. as the Stuxnet culprit, as he stated in a recent speech at the Brookings Institution. ›
CyberATTACK

Code red: the cyber spy threat

"On June 1, 2009, messages with the heading ''China and Climate Change'' dropped into the email inboxes of five US State Department officers. The five officers, working in the Office of the Special Envoy for Climate Change, were involved in preparing for delicate bilateral climate change talks in Beijing in several days. The email appeared to be from a respected economic ›