Search Results for: worm

Results 1 - 10 of 490 Page 1 of 49
Results per-page: 10 | 20 | 50 | 100

OAuth Worm II – The revenge

Posted on: 2017-05-05

submitted by /u/asanso [link] [comments] Source: /r/netsec - Information Security Ne... @ May 5, 2017 at 03:56AM

Don’t Trust OAuth: Why The Google Docs Worm Was So Convincing

Posted on: 2017-05-04

reader comments 88 Here's an example of the e-mail that went out. It uses the same button and wording as a real Google Docs e-mail. When you click on it, you get a real Google login page from Google's servers. Then you get a real OAuth permissions page, also from Google's servers. The fake thing here is the app. It's a third-party app named "Google Docs" with the Google Docs icon as its profile picture. It wants full control over your e-mail. Real, verifiable info is only shown when you click on the drop down. Who is "eugene.pupov@gmail.com"? He's not…

Attackers Unleash OAuth Worm via ‘Google Docs’ App (InfoRiskToday)

Posted on: 2017-05-04

Fraud , Phishing , Risk Management Attackers Unleash OAuth Worm via 'Google Docs' App 1 Million Google Users May Have Fallen for Fake App Spread via Phishing Emails Mathew J. Schwartz (euroinfosec) • May 4, 2017     The malicious Google phishing email. (Source: Cisco Talos) Score another one for social engineering.See Also: Three and a Half Crimeware Trends to Watch in 2017 A malicious app named "Google Docs" by attackers has been making the rounds, attempting to trick Google users into logging in and giving the app access permissions to their account. The phishing campaign began with…

Attackers Unleash OAuth Worm via ‘Google Docs’ App

Posted on: 2017-05-04

1 Million Google Users May Have Fallen for Fake App Spread via Phishing EmailsScore another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim. Source: BankInfoSecurity.eu RSS Syndication @ May 4, 2017 at 08:43AM

Google Docs Phishing Scam Doused After Catching Fire (SecurityWeek)

Posted on: 2017-05-04

A phishing scam that tricked people with what appeared to be Google Docs links was doused by the internet giant after spreading wildly on Wednesday. The purpose of the scam, and the culprits behind it, remained unknown late in the day. "We have taken action to protect users against an email impersonating Google Docs, and have disabled offending accounts," a Google spokesperson said in an email response to an AFP inquiry. "We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again." The scam combined "a…

Cyber Security Roundup for April 2017

Posted on: 2017-05-04

In April the National Cyber Security Centre (NCSC) briefed major UK businesses about a significant Chinese Cyber-Espionage Threat called APT10, also known as Stone Panda, which I have featured in a separate blog post - Detecting & Preventing APT10 Operation Cloud Hopper.The InterContinential Hotel Group, a hotel giant best known for the Crowne Park Plaza and Holiday Inn in the UK, reported data breaches within 12 of its hotels, however, Brian Krebs, the investigative journalist who first broke the story, reckons that there could be more than 1000 locations affected. A statement released on the hotel's website says that the…

Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

Posted on: 2017-05-04

This post authored by Sean Baird and Nick BiasiniAttackers are always looking for creative ways to send large amount of spam to victims. A short-lived, but widespread Google Drive themed phishing campaign has affected a large number of users acros... Source: Security Bloggers Network @ May 3, 2017 at 06:55PM

Gmail Worm Requiring You To Give It A Push And Apparently You All Are Really Helpful

Posted on: 2017-05-04

This post authored by Sean Baird and Nick BiasiniAttackers are always looking for creative ways to send large amount of spam to victims. A short-lived, but widespread Google Drive themed phishing campaign has affected a large number of users acros... Source: Security Bloggers Network @ May 3, 2017 at 06:55PM

Dont trust OAuth: Why the Google Docs worm was so convincing (ArsTechnica)

Posted on: 2017-05-04

reader comments 0 When you click on it, you get a real Google login page from Google's servers. Then you get a real OAuth permissions page, also from Google's servers. The fake thing here is the app. It's a third-party app named "Google Docs" with the Google Docs icon as its profile picture. It wants full control over your e-mail. Real, verifiable info is only shown when you click on the drop down. Who is "eugene.pupov@gmail.com"? He's not Google! Google has since shut down the OAuth link. An evil phishing worm masquerading as "Google Docs" took the internet by storm…

Don’t trust OAuth: Why the “Google Docs” worm was so convincing

Posted on: 2017-05-04

An evil phishing worm masquerading as "Google Docs" took the internet by storm today. An e-mail from a friend or relative claims they shared a document with you. Clicking on the "Open in Docs" button asked you to log in to Google, then it popped up a familiar OAuth request asking for some permissions. If you click "Allow," the permissions granted it full control over your e-mail and access to all your contacts. The worm then e-mailed everyone in your contacts list, and did god-only-knows what else to the victim's e-mail. The interesting thing about this worm was just how convincing it…