Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. TL; DR ------ Analysis of...

Credential Stuffing and Account Takeovers -- The Business View

Account takeovers ATOs, in which criminals impersonate legitimate account owners in order to take control of an account, cause tremendous pain for businesses in all industries. This pain may be monetary, such as losses from stolen accounts, but may also include a number of related problems, like...

Confessions of an ID Theft Kingpin, Part I

At the height of his cybercriminal career, the hacker known as "Hieupc" was earning $125,000 a month running a bustling identity theft service that siphoned consumer dossiers from some of the worlds top data brokers. That is, until his greed and ambition played straight into an elaborate snare se...

PortSwigger Web Security: Browser Self XSS Protection not implemented

Hi Self XSS Protection not used ,An attacker can trick users to insert JavaScript in browser console. A Self-XSS scam usually works by promising to help you access somebody else's account. Instead, the scammer tricks you into gaining access to your account for fraud, spam and tricking more people...

Threat Outbreak Alert: Fake Account Fraud Alert Email Messages on November 21, 2013

Medium Alert ID: 31852 First Published: 2013 November 22 18:36 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an irregular account activity notification for the recipient. The text in the email message attempts to...

Yahoo Sued By User Following Breach of 450,000 Passwords

Internet search conglomerate Yahoo is being sued by one of its users for negligence after the usernames and passwords of approximately 450,000 of its users were leaked by a hacker online last month. According to a complaint .PDF filed earlier this week in a federal court in San Jose, Calif., the...

Identity Theft Down, Losses Up

The number of identity theft victims in 2010 dropped 28 percent, yet individuals lost more on average than ever before, suggesting that attackers’ techniques are getting more sophisticated. According to a survey on consumer fraud released by Javelin Strategy & Research on Tuesday, annual fraud wa...