Vulnerabilities / Threats
11/30/2011
01:31 PM
Dark Reading
Dark Reading
Slideshows
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Slide Show: Top 10 Holiday Phishing Scams

The following scams demonstrate the ways attackers are crafting their messages during the holidays
Previous
1 of 10
Next


Not everyone is full of cheer and goodwill this holiday season. In fact, many cybercriminals are planning on taking advantage of people's high spirits to trick them into divulging information, clicking bad links, and opening malicious attachments. All it takes is the perfect combination of persistence and smart social engineering:

Now's the time of year to participate in office pools on holiday bowl games--and the bad guys are hoping to jump in on the action. Watch out for phishing scams trying to play to your urge to watch games online.

"The spam messages claim to offer ways to watch live streaming video of American football games, which have been posted by bogus or compromised Facebook accounts," says Beth Jones, senior threat researcher for Sophos Labs U.S. "Clicking on the links will take you to a Web gage which asks you to hand over your email address, claiming that you will be sent a program that will allow you to watch live streaming video of football games."

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web