Of Phishing Attacks and WordPress 0days

Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside from the many, varied denial of service attacks that break against our defenses we also see huge number of phishing campaigns. In this blog post I will dissect a recent phishing attack that we detected and neutralized with the help of our friends at Bluehost.

An attack that is particularly interesting as it appears to be using a brand new WordPress 0day.

A Day Out Phishing

The first sign we typically see that shows a new phishing campaign is underway are the phishing emails themselves. There's general a constant background noise of a few of these emails targeting individual customers every day. However when a larger campaign starts up, typically that trickle turns into a flood of very similar messages.

Messages like this one:
Example Phish Note — We will never send you an email like this. If you see one, its fake and should be reported to our abuse team by forwarding it to [email protected].

In terms of the phishing campaign timeline, these emails aren’t the first event. Much like a spider looking to Continue reading

Acer Aspire Switch 10 saved by the dock

Acer’s new Aspire Switch 10 seems like just another low-cost Windows tablet, but its detachable keyboard dock turns the device into a shape-shifter that can stand in multiple angles.The Switch 10 is first a tablet, and it can become a laptop when attached to a keyboard dock. Acer announced two Switch 10 models at a lavish press event in New York, with the entry-level Switch 10 E SW3-013 starting at US$279 and the higher-resolution Switch 10 SW5-015 starting at $399.A brief hands-on with the Switch 10 revealed what’s most interesting about the device. Its biggest attraction is the detachable keyboard dock, which comes alongside the tablet. The tablet can be securely snapped on the dock, which has a 360-degree hinge that allows the device to be placed in multiple positions.To read this article in full or to leave a comment, please click here

Microsoft results get a lift from Office 365 and Azure

Microsoft has reported better-than-expected financial results for the quarter just ended, helped by strong sales of cloud services like Office 365 and Azure.Commercial cloud revenue more than doubled from a year earlier, the company announced Thursday, and online services like Bing and Xbox Live performed well.The results were hurt by the weak PC market, however, with sales of Microsoft’s Windows and Office software both declining. That meant that while sales were strong, profits declined from last year.In a statement, CEO Satya Nadella talked of “incredible growth across our cloud services.”To read this article in full or to leave a comment, please click here

Google sales hit a speed bump in Q1

Google’s sales rose 12 percent during the first quarter, the slowest rate of revenue growth since 2013, while the amount it charges for ad clicks continued to drop.Total sales for the period ending March 31 came in at US$17.3 billion, missing consensus expectations of $17.5 billion from analysts polled by Thomson Financial Network.After subtracting traffic acquisition costs, the portion of revenue paid to partners that distribute its ads, Google’s sales were $13.9 billion, the company reported Thursday.To read this article in full or to leave a comment, please click here

Amazon says its cloud is ‘a $5 billion business’

Amazon has finally shared some numbers about its cloud business, and not surprisingly they show that it’s thriving and profitable.Amazon Web Services brought in US$1.566 billion in net sales for Amazon’s first quarter, it said Thursday, up 49 percent from $1.05 billion AWS generated the same time a year ago. For this quarter, AWS netted a profit of $265 million, up from $245 million a year ago.AWS is a $5 billion business “and still growing fast—in fact it’s accelerating,” Amazon CEO Jeff Bezos was quoted as saying in a press release. He also called the group an “example of how we approach ideas and risk-taking at Amazon.”AWS now generates nearly 7 percent of Amazon’s total revenue. Overall, Amazon’s net sales for the quarter, which ended March 31, totaled $22.7 billion, up 15 percent from the $19.7 billion collected in the same period a year earlier. The company posted a net loss of $57 million in this first quarter, down from the $108 million it lost in last year’s first quarter.To read this article in full or to leave a comment, please click here

Google Fi: From disruptive to meh

This week's unveiling of Google's Project Fi, the search-messaging-phone-collaboration-broadband company's effort to shake up the wireless market in order to encourage people to use more of its services, has generated widespread reaction even though relatively few people will be eligible to use the service out of the gate.The general consensus seems to be that Google's latest experiment isn't revolutionary (for example, "Meh: Google launches disappointing Project Fi MVNO"). No, it isn't the first mobile virtual network operator (MVNO) to let you pay only for the data you use or bop between WiFi and cellular.  But it still has the potential to mess with the biggest wireless service providers' status quo.To read this article in full or to leave a comment, please click here

Credit card terminals have used same password since 1990s, claim researchers

While retailers battle breaches that have resulted in tens of millions of credit card numbers stolen, word comes from the RSA Conference in San Francisco that a major vendor of payment terminals has been shipping devices for over two decades with the same default password.The vendor wasn’t named by the researchers, David Byrne and Charles Henderson, but they did disclose the password: 166816.A Google search reveals that’s the default password for several models of credit card terminal sold by Verifone, a Silicon Valley-based vendor that says it connects 27 million payment devices and has operations in 150 countries.Verifone didn’t immediately comment on the claim.To read this article in full or to leave a comment, please click here

DOD wants to rebuild trust with the technology industry

The U.S. Department of Defense must rebuild trust with Silicon Valley because it needs new technology partners to fight against cyberattacks, Secretary of Defense Ashton Carter said Thursday.The DOD is looking to build its defensive cybersecurity capabilities with help from technology vendors, but the military also will deploy offensive measures when its warranted, Carter said in a speech at Stanford University.The department sees its cybersecurity role as largely focused on defense, but “adversaries should know that our preference for deterrence and our defensive posture don’t diminish our willingness to use cyber options if necessary,” he said.To read this article in full or to leave a comment, please click here

Enterprise software vendors ready Apple Watch apps

Enterprise software vendors are betting the Apple Watch will find a use in the business world and this week announced apps for the smartwatch, which will become available to consumers on Friday.While many of the initial Apple Watch business apps carry out the same functions of their iPhone counterparts, companies emphasized that glancing at your wrist to obtain information is easier than reaching for a smartphone.Blue Jean Networks created an app that reminds people about upcoming meetings and shows them their meeting schedule. The app, which works in conjunction with the company’s cloud-based video conferencing service, also has features that are designed specifically for the watch, like a function that counts down the time until a person’s next meeting and the ability to access a meeting by pressing the watch’s face. Like all Apple Watch apps, Blue Jeans’ app, which was announced today, must be paired with an iPhone to work.To read this article in full or to leave a comment, please click here

Cisco VIRL NXOSv NXAPI Update

Cisco officially announced the April release of VIRL the announcement and upgrade instructions can be found here. Some of the highlights from the upgrade are: ISOv is now up to version 15.2(2)T ...

[[ Summary content only, you can read everything now, just visit the site for full story ]]

Comcast said to abandon Time Warner merger plan

Comcast has abandoned plans to merge with Time Warner Cable, according to a Bloomberg News report on Thursday.The report quoted “people with knowledge of the matter” and said a formal announcement could be made as soon as Friday.The decision, which was not immediately confirmed by the companies, came a day after the Federal Communications Commission referred the proposed deal to a hearing in front of a judge—a move that had been viewed as a “death sentence” for the plan because of the time and effort it would have taken.The U.S. Department of Justice was also reported to be leaning towards blocking the merger on antitrust grounds should it have received FCC clearance.To read this article in full or to leave a comment, please click here

Comcast abandons $45B Time Warner merger plan

Comcast has abandoned plans to merge with Time Warner Cable.Comcast Chairman and CEO Brian Roberts said in a statement: "Today, we move on. Of course, we would have liked to bring our great products to new cities, but we structured this deal so that if the government didn’t agree, we could walk away.Comcast NBCUniversal is a unique company with strong momentum. Throughout this entire process, our employees have kept their eye on the ball and we have had fantastic operating results. I want to thank them and the employees of Time Warner Cable for their tireless efforts.I couldn’t be more proud of this company and I am truly excited for what’s next."To read this article in full or to leave a comment, please click here

Open Networking: Worth the Learning Curve

When’s the last time you had the opportunity to learn about a new area of technology? Not just the latest API but something big. With the emergence of open networking, now may be the time to do just that.

Open networking is becoming more wide spread in data centers, partly because of CapEx savings and customer choice from disaggregation of hardware and software. From an operational standpoint, the efficiencies of automating and managing switches like servers may be even more compelling. Those efficiencies – and resulting OpEx savings – are from using a real Linux OS for the network.

As a Linux operating system running network switches, Cumulus Linux presents a learning opportunity for two specific groups of users: network administrators who are new to Linux, and Linux administrators who are new to networking. Open networking represents a radical improvement in network management, but as with most major changes, there’s a learning curve.

Learning a new language (but still saying the same things).

Leaving IOS, NX-OS, or JunOS for Cumulus Linux means rediscovering how to perform tasks that network administrators have been doing the same way for years. This often means tweaking existing knowledge to understand where familiar commands Continue reading

FTC complains retail tracking firm didn’t notify customers

A company that tracked retail store customers through their smartphones without notifying them and without giving them a chance to turn off the tracking has settled a U.S. Federal Trade Commission complaint that it didn’t live up to its privacy promises.Retail tracking firm Nomi Technologies stated in its privacy policy from late 2012 that it would provide a customer opt-out mechanism at stores using its tracking services, thus implying that it would notify customers of the tracking efforts, the FTC said. But the company did not give customers an opt-out option and did not notify customers they were being tracked, the agency said Thursday.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Winds of change blowing in the WAN

In the past few years, enterprise computing has experienced major upheavals brought about by cloud apps, Wi-Fi, mobility, and BYOD. The enterprise WAN, meanwhile, has not evolved much since it was transformed into an MPLS Layer 3 VPN infrastructure more than a decade ago. Things are about change. Based on my experience with customer deployments, more than 50% of enterprise traffic from branches is currently Internet-bound. This is due to outsourcing of utility applications, including email, search, voice, video and collaboration, not to mention cloud application use. Despite this trend, enterprises have resisted using the public Internet to provide remote offices with direct access to cloud applications. This is primarily due to compliance issues, especially in the financial and healthcare industries. Doing so would require extensive security policies at each location and would introduce a management nightmare. The alternative, backhauling traffic to the corporate DMZ, is not feasible. To read this article in full or to leave a comment, please click here

1 3,470 3,471 3,472 3,473 3,474 3,787