Estimated Reading Time: 2 minutes Prior to this blog post, zveloLABS published a phishing URL alert about fake Apple account verification websites. Now, zvelo’s team of engineers and researchers has unearthed a new phishing attack campaign using fraudulent Facebook log-in sites.
The threat landscape continues to evolve—individual and state-backed hackers and agencies become increasingly emboldened to compromise websites and servers, steal CPU cycles for cryptocurrency mining, embark on social engineering efforts to find backdoors, and sway public opinion through fake news and other measures. zvelo provides the most advanced URL/IP categorization database for web filtering, whitelists and blacklists, and residential and business protections against bad actors and malicious online behavior. Explore our network security solutions, cyber threat map, and malicious exploit detection offerings for the most advanced threat intelligence available to OEMs and device manufacturers.
Estimated Reading Time: 3 minutes
Instances of large-scale compromises of both private industry and public institutions in 2013 prompted a flurry of activity among security researchers to identify emerging and established threats. Commonly identified as Advance Persistent Threats (APTs), this phenomenon is expected to continue well into the foreseeable future. Fundamental to the spread of these threats is one of their foremost methods of propagation – a water hole attack.
Estimated Reading Time: < 1 minute
zvelo has received many requests from its technology partners who are in the web filtering and parental control sectors to institute and support a new category that can be used to identify websites that promote self-harm behaviors. As a result of such demand, a new “Self Harm” category has been added to the zveloDB® URL database.
Estimated Reading Time: 4 minutes zveloLABS discovered a phishing website masquerading as an account verification page for Apple IDs, as depicted in the following screenshot and explained in this blog post.
Estimated Reading Time: < 1 minute Anatomy of a Dynamic Website Of the hundreds of billions of URL queries zvelo has received for website categorization in 2013, an estimated 27% have been classified as being dynamic (see image 1). Dynamic categories in this data sample included Social Networking, News, Search Engines, Personal Pages & Blogs, Community Forums, Technology (General), and Chat.…
Estimated Reading Time: 3 minutes
zveloLABS once again attended the 2013 Hack In The Box (HITB) conference in Kuala Lumpur, Malaysia, held in mid-October. Of all the wide variety of talks conducted during the conference, I found two correlated with the vulnerabilities of RFID systems to be the most intriguing. I’ve summarized them below.
Estimated Reading Time: 3 minutes Once again, zveloLABS participated in the 2013 ROOTCON annual hacker conference and security gathering in Cebu City, Philippines. It aims to share best practices and technologies through talks by qualified speakers and demos of exciting hacks, tools, tips, and more.
Estimated Reading Time: 2 minutes I attended one of the Black Hat training sessions titled “Advanced C++ Source Code Analysis.” It was quite fascinating! Looking through source code for bugs seems to be a different mindset from writing software.
Estimated Reading Time: 5 minutes
The annual DEF CON® hacker conference came and went as swiftly as a light rain against the hot Las Vegas strip. Consumer tech was a big focus and speakers demonstrated how various network-connected gadgets, once hacked, could be controlled to affect the real, physical world. Here are some highlights from two particular lectures about the hacking of network-connected and radio-frequency identification (RFID) enabled devices that got much attention.
Estimated Reading Time: 2 minutes The Anti-Phishing Working Group (APWG) released their quarterly Phishing Attack Trends Report for the first quarter of 2013. Payment Services were reported as the most phished industry sector, followed by Financial Services.