Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Search the Community

Showing results for tags 'phishing'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Categories

  • Management
  • Design
  • Requirements
  • Development
  • Test
  • Atlassian

Categories

  • Personal
  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Testing
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-Commerce

Categories

  • Management
  • Design
  • Requirements
  • Development
  • Testing
  • Operations
  • Atlassian
  • Security
  • E-commerce

Categories

  • Management
  • Design
  • Requirements
  • Development
  • Testing
  • Operations
  • Atlassian
  • Security
  • E-Commerce
  • Others

Categories

  • Thoughts
  • Debate
  • Health
  • Hobbies

Categories

  • Personligt
    • Åsikter
    • Humor
    • Spel
    • Träning
  • Allmänt
    • Internet
    • Program & tjänster
  • Intressant
    • Prylar
  • Professionellt
    • Management
    • Krav
    • Designs
    • Webbutveckling
    • Test
    • Atlassian
    • säkerhet
    • Förvaltning
    • Ehandel
    • Wordpress
  • Personligt_

Categories

  • Prologue
    • About This Book
  • The Tools
    • Jira Software
    • Confluence
    • Jira Service Management
  • The Inception Phase
    • Portfolio Management
    • Project Management
  • The Design Phase
    • Design as part of the Inception phase
    • Design as part of the Requirement phase
    • Working with design libraries
  • The Requirement Phase
    • Definition of Requirements
    • The four levels of Requirements
  • The Development Phase
    • Atomic design
    • Estimations
  • The Test Phase
    • The Definition of Test
    • Types of Test
  • The Operations Phase
    • Release Management
  • The Post Go-Live Phase
    • Incidents
    • Changes
  • Notes
    • My Muses
    • Research

Categories

  • Theme Building
  • Javascript Framework
  • CSS Framework
  • IPS: Pages
    • Database Templates
    • Block Plugin Templates
    • Page Templates
  • Custom Applications
  • Tips & Tricks

Categories

  • Europe
    • Central Europe
    • Eastern Europe
    • Northern Europe
    • Southeastern Europe
    • Southern Europe
    • Western Europe
  • North America
    • United States of America
    • Canada
    • Mexico
    • Caribbean
    • Central America
  • South America
    • Argentina
    • Bolivia
    • Brazil
    • Chile
    • Colombia
    • Ecuador
    • Falkland Islands
    • Guyana
    • Paraguay
    • Peru
    • Suriname
    • Uruguay
    • Venezuela
  • Africa
    • Northern Africa
    • Central Africa
    • Western Africa
    • Eastern Africa
    • Southern Africa
  • Asia
    • Central Asia
    • East Asia
    • South-Eastern Asia
    • Southern Asia
    • Western Asia
  • Oceania
    • Australia
    • Fiji
    • Kiribati
    • Marshall Islands
    • Micronesia
    • Nauru
    • New Zealand
    • Palau
    • Papua New Guinea
    • Samoa
    • Solomon Islands
    • Tonga
    • Tuvalu
    • Vanuatu

Categories

  • Shared Hosting
  • Virtual Private Server
  • Cloud Hosting
  • Dedicated Hosting
  • Co-Location
  • Hosting Services

Categories

  • Professional
    • Management
    • Design
    • Requirements
    • Development
    • Testing
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-commerce

Categories

  • Defects
  • Ideas
  • Development
  • ☑ Archive

Categories

  • Professional
  • Management
    • Agile
  • Requirements
  • Design
  • Development
    • Frontend
    • Backend
  • Testing
  • Operations
    • Hosting
  • Atlassian
  • Security
  • E-commerce
    • CRO
    • SEO
  • Interesting

Categories

  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Testing
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-commerce

Forums

  • General
    • Open Forum
    • Support
  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Test / QA
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-commerce
    • Invision Community
  • Jobs
    • Looking for employee / consultant
    • Looking for Job / Assignment
  • Building The Site's Forums
  • Destiny 2's Discussions
  • The Journey's Discussions
  • Cinephilia's Topics
  • Diablo 4's Diablo 4 Topics
  • Shadownessence's Topics
  • sensory hyperreactivity's Topics
  • Wolcen's Wolcen Topics
  • Quality Assurance Heroes's QA Topics
  • Visual Studio Code's Forum
  • Adobe Illustrator's Adobe Illustrator Forum
  • Sketch Guru's's Sketch Topics
  • Requirements & test management in Jira's Topics
  • Microsoft Teams's Microsoft Teams Discussions
  • Figma's Figma Topics
  • Microsoft Planner's Microsoft Planner Topics
  • Psychology's Psychology Topics
  • Microsoft Word's Microsoft Word Topics
  • Microsoft Powerpoint's Microsoft Powerpoint Topics
  • WordPress Devs's Wordpress Topics
  • Ornamental Design's Ornamental Design Topics
  • Adobe Photoshop's Photoshop Discussions
  • Agile 2's Agile 2 Topics
  • Agile 2's Agile 2 Principles
  • Microsoft Outlook's Outlook Topics
  • My Book's Discussions
  • Outriders's Outriders Discussions

Categories

  • Jimi's Files
    • Curriculum vitae
    • Presentations
    • Certificates
  • Management
  • Requirements
  • Design
    • Fonts
  • Code
  • Test
  • Operations
  • Atlassian
    • Certificates of Excellence
  • Security
  • Ecommerce
  • Invision Power Services
    • JWSE Support Tickets
    • JWSE Task Management
  • Shadownessence's Files
  • WordPress Devs's Wordpress Files

Calendars

  • Project: JWSE Workboard
  • Project: JWSE Workboard
  • Community Calendar
  • Professional Events
  • Management Events
  • Requirement Events
  • Design Events
  • Development Events
  • Test Events
  • Atlassian Events
  • Operations Events
  • E-commerce Events
  • Destiny 2's Events
  • The Journey's Events
  • Cinephilia's premieres
  • Diablo 4's Diablo 4 Events
  • Agile 2's Agile 2 Events

Blogs

  • How to start your own blog
  • Sketch Blog
  • Building The Site's Blog
  • Destiny 2's Destiny 2 ramblings
  • The Journey's Stories
  • Diablo 4's Diablo 4 blog
  • Sketch Guru's's Sketch News
  • Requirements & test management in Jira's News
  • Agile 2's Agile 2 Blog

Categories

  • Personal
    • Humor
    • Music
  • Professional
    • Management
    • Requirements
    • Design
    • Development
    • Testing
    • Operations
  • Interesting
    • Atlassian
    • Security
    • E-commerce
  • Destiny 2's Videos
  • The Journey's Videos
  • Cinephilia's Trailers
  • Diablo 4's Diablo 4 Videos
  • Wolcen's Wolcen Videos
  • Visual Studio Code's Videos
  • Adobe Illustrator's Adobe Illustrator Videos
  • Sketch Guru's's Sketch Videos
  • Requirements & test management in Jira's Videos
  • Microsoft Teams's Microsoft Teams Videos
  • Figma's Figma Videos
  • Microsoft Planner's Microsoft Planner Videos
  • Psychology's Psychology Videos
  • Microsoft Word's Microsoft Word Videos
  • Microsoft Powerpoint's Microsoft Powerpoint Videos
  • WordPress Devs's Wordpress Videos
  • Ornamental Design's Ornamental Design Videos
  • Adobe Photoshop's Photoshop Videos
  • Agile 2's Agile 2 Videos
  • Microsoft Outlook's Outlook Videos
  • Outriders's Outriders Videos

Categories

  • Movies
    • Action Movies
    • Adventure Movies
    • Animated Movies
    • Comedy Movies
    • Crime Movies
    • Drama Movies
    • Fantasy Movies
    • Horror Movies
    • Romance Movies
    • Sci-Fi Movies
    • Thriller Movies
    • Western Movies
  • TV Shows
    • Action TV Shows
    • Adventure TV Shows
    • Animated TV Shows
    • Comedy TV Shows
    • Crime TV Shows
    • Drama TV Shows
    • Fantasy TV Shows
    • Horror TV Shows
    • Romance TV Shows
    • Sci-Fi TV Shows
    • Thriller TV Shows
    • Western TV Shows

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 5 results

  1. A new report from the security company RiskIQ inform of a new phishing kit that use JavaScript to manipulate the DOM, which allows for the script to dynamically alter the visible content and HTML form data within a page without user interaction. This Phishing kit, called LogoKit has seen a significant upswing in usage over the last month. Phishing has been on the rise lately, following the increased usage of data communication in the wake of COVID-19. This new phishing kit seem to have attracted attention lately due to its flexibility and very fast application compared to building websites manually as is the common practice. This is both interesting and scary as it allows for very fast and dynamic application for bad elements and since it looks quite real and have your email already filled in, chances are that a lot of people will fall for this. Fortunately you often can see in the URL that something is not right. In LogoKit you can often see your email in the url, which look something like this: phishingpage[.]site/login.html#victim@company.com Sadly this is not a sure way to detect phishing attack as there are other ways to forward data, but if you see this then at least you know to look at the page you entered a bit more carefully. LogoKit has seen a big increase in usage in the last month with over 700 unique domains running it. Targeted services range from generic login portals to false SharePoint portals, Adobe Document Cloud, OneDrive, Office 365, and interestingly enough Cryptocurrency exchanges. So be alert (as always) when accessing your external cloud services and portals. RiskIQ have concluded that this is a threat on the rise due to it's simplicity and ease of use.
  2. A new report from the security company RiskIQ inform of a new phishing kit that use JavaScript to manipulate the DOM, which allows for the script to dynamically alter the visible content and HTML form data within a page without user interaction. This Phishing kit, called LogoKit has seen a significant upswing in usage over the last month. Phishing has been on the rise lately, following the increased usage of data communication in the wake of COVID-19. This new phishing kit seem to have attracted attention lately due to its flexibility and very fast application compared to building websites manually as is the common practice. This is both interesting and scary as it allows for very fast and dynamic application for bad elements and since it looks quite real and have your email already filled in, chances are that a lot of people will fall for this. Fortunately you often can see in the URL that something is not right. In LogoKit you can often see your email in the url, which look something like this: phishingpage[.]site/login.html#victim@company.com Sadly this is not a sure way to detect phishing attack as there are other ways to forward data, but if you see this then at least you know to look at the page you entered a bit more carefully. LogoKit has seen a big increase in usage in the last month with over 700 unique domains running it. Targeted services range from generic login portals to false SharePoint portals, Adobe Document Cloud, OneDrive, Office 365, and interestingly enough Cryptocurrency exchanges. So be alert (as always) when accessing your external cloud services and portals. RiskIQ have concluded that this is a threat on the rise due to it's simplicity and ease of use. View full blog article
  3. In the wake of Covid-19 and the increased need for communication for people working from home it comes as no surprise that Microsoft Teams are targeted by malicious people. This week we see both CISA and Abnormal security reporting on targeted phishing campaigns that have affected more than 50.000 users so far. With so many starting to work from home due to the Covid-19 situation invites to different Microsoft Teams are very common. This is something that malicious people have started to take advantage of. Since many organizations are still a bit new to the situation of many employees working from home, this also mean that security is not always up to par with the situation. The tactic is rather simple, but sadly also effective. One example is that a mail that seems legit are sent out with a link to a document on a Microsoft Team. If the link is clicked the user is asked to login and if that button is clicked, they’re taken to a malicious page which convincingly impersonates the Microsoft Office login page in order to steal their credentials Another example include an email link that points to a YouTube page. From there the users are redirected twice to finally land on another Microsoft Office login phishing site which convincingly impersonates the Microsoft Office login page. This is even more effective on mobile according to the articles. This is because the images take up most of the space and because domain links are more difficult to see and therefore identify. These phishing attempts are however very convincing even on desktop, which makes it more likely that someone will get caught in the phishers net. As Microsoft Teams are integrated with Office 365 single sign on it means that if compromised the phisher will have access to other, possibly much more damaging, areas. This is not the only issues facing office 365 users however and Sway got a bit of heat earlier this week as well. Microsoft is not being idle however and this week they patched a nasty subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. As always, be careful with email links and make sure you vet the urls carefully before submitting any user information online.
  4. In the wake of Covid-19 and the increased need for communication for people working from home it comes as no surprise that Microsoft Teams are targeted by malicious people. This week we see both CISA and Abnormal security reporting on targeted phishing campaigns that have affected more than 50.000 users so far. With so many starting to work from home due to the Covid-19 situation invites to different Microsoft Teams are very common. This is something that malicious people have started to take advantage of. Since many organizations are still a bit new to the situation of many employees working from home, this also mean that security is not always up to par with the situation. The tactic is rather simple, but sadly also effective. One example is that a mail that seems legit are sent out with a link to a document on a Microsoft Team. If the link is clicked the user is asked to login and if that button is clicked, they’re taken to a malicious page which convincingly impersonates the Microsoft Office login page in order to steal their credentials Another example include an email link that points to a YouTube page. From there the users are redirected twice to finally land on another Microsoft Office login phishing site which convincingly impersonates the Microsoft Office login page. This is even more effective on mobile according to the articles. This is because the images take up most of the space and because domain links are more difficult to see and therefore identify. These phishing attempts are however very convincing even on desktop, which makes it more likely that someone will get caught in the phishers net. As Microsoft Teams are integrated with Office 365 single sign on it means that if compromised the phisher will have access to other, possibly much more damaging, areas. This is not the only issues facing office 365 users however and Sway got a bit of heat earlier this week as well. Microsoft is not being idle however and this week they patched a nasty subdomain takeover vulnerability in Teams that could have allowed an inside attacker to weaponize a single GIF image and use it to pilfer data from targeted systems and take over all of an organization’s Teams accounts. As always, be careful with email links and make sure you vet the urls carefully before submitting any user information online. View full blog article
  5. Jimi Wikman

    Phishing!

    Är det någonting som kan förstöra en dag så är det att får brev från bankofamerica.com där dom påtalar att en kund har phishing sidor upplagda på sitt konto. Istället för att sätta mig ner och jobba på en del projekt fick jag nu istället slänga upp SSH och gå igenom servern efter dessa filer och en snabbgenomgång av alla konton på servern efter osäkra skript och felaktiga CHMOD permissions. Lyckligtvis finns det en del SSH kommandon som underlättar, som till exempel find och RM. I det här fallet hade skojarna lagt upp en serie kataloger som alla hette /www.bankofamerica.com/ så genom använda find kommandot kunda jag söka igenom servern efter dessa filer genom följande kommando: find . -name *bank* -print När jag väl hittade en katalog som passade in har dom lagt in ett skydd som förhindrar att man ändrar CHMOD eller raderar filerna genom FTP eller Cpanels kontrollpanel. Då fungerar följande kommando i SSH ypperligt: rm -rf www.bankofamerica.com/ Det tar bort hela katalogen och alla underkataloger som en varm kniv genom smör. Totalt har jag hittat över 2000 filer med felaktig CHMOD, så jag har skickat ut ett brev till alla kunder att hålla lite koll på skripten dom installerar och se över dom filer dom har på sina konton utifall jag missat något. Det tog ett tag, men förhoppningsvis ska det mesta vara tilltäppt nu iallafall. Hade gärna spenderat tiden på annat, men kundernas säkerhet går alltid först. Andra SSH kommandon som är användbara är dom som föreslås av Cpanel: netstat -anp : Look for programs attached to ports that you did not install / authorize find / ( -perm -a+w ) ! -type l >> world_writable.txt : Look at world_writable.txt to see all world writable files and directories. This will reveal locations where an attacker can store files on your system. NOTE: Fixing permissions on some PHP/CGI scripts that are not properly coded will break them. find / -nouser -o -nogroup >> no_owner.txt : Look at no_owner for all files that do not have a user or group associated with them. All files should be owned by a specific user or group to restrict access to them. ls /var/log/: There are many different logs on your system which can be valuable resources. Check your system logs, apache logs, mail logs, and other logs frequently to make sure your system is functioning as expected.
×
×
  • Create New...