Tuesday, September 18, 2018

Software developers lured by Cyber Economy

Software developers who struggle to sell legitimate software are easily lured to the dark side, the burgeoning cyber economy. For example, simple Wordpress exploits cost $100. 

Cost of hacking tools and services on some underground cybercrime forums (Source: Armor)

The cyber economy continues to provide would-be criminals with easy access to an array of purpose-built and on-demand tools and services, including hosted infrastructure, which enables them to somewhat anonymously pay for tools and services, and in the case of ransomware, extortion and other shakedown rackets, receive payments from victims that may be tough for authorities to trace.

Cybercrime forums offer for sale hacked bank accounts, customizable bank Trojans, remote desktop protocol access credentials to businesses, exploit kits, money mule services and payment card data and "fullz" full credential access to an OS. 

Cybercrime continues to be cheap and easy, especially when compared to its real-world analogs.

Source: https://www.govinfosecurity.com/blogs/cybercrime-remains-impossible-to-eradicate-p-2662

Tuesday, September 11, 2018

Apple Phishing Email - [ New Transaction Statement ] - We've sent notification about unusual activity on your account , reported by email result on, check DOCX to view full report

For the record, this is an Apple phishing email attempt that is recently going around and made it through spam filters. What to do?  Report them, goto bottom of page.

From : Apple Support

[ New Transaction Statement ] - We've sent notification about unusual activity on your account , reported by email result on 09/09/2018, check DOCX to view full report .

Recent Purchase

Dear Customer,

Your Apple ID, was just used to purchaese from the App Store on a

computer or device that had not previously been associated with that

Apple ID.

If you initiated this purchase, you can disregard this email. It was only

sent to alert you in case you did not initiate the purchase yourself.

Please see the attached a file for details.



Apple ID Summary . Terms of Sale . Privacy Policy

Copyright @ 2018 Apple Inc..

All rights reserved

It contains infected DOCX file: AppleStorePaymentdetailsxxx.docx



How to tell this is a Phishing email ?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the apple.com site then forget it.

  3. The best way is to look at message source, see below.

How to examine Email Message Source ?

Now lets look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from apple.com.

Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (downarrow to top right)->Report Phishing 

Report Phishing URLs at Google now 

If you have recievied this email take further action now by click these links

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Report phishing emails to Apple 

Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.

Monday, September 10, 2018

Chrome 69 does screw users out of knowing what website your really on

Confirmed removal of www form URL address
As reported at Slashdot, Chrome 69 removes www from URLs now automatically, disguising the really URL address. This really does blow hard.From https://tech.slashdot.org/story/18/09/08/0437229/google-slammed-over-chrome-change-that-strips-www-from-domain-urlsGoogle's move to strip out the www in domains typed into the address bar, beginning with version 69 of its Chrome browser, has drawn an enormous amount of criticism from developers who see the move as a bid to cement the company's dominance of the Web. The criticism comes a few days after Chrome's engineering manager Adrienne Porter Felt told the American website Wired that URLs need to be got rid of altogether. The change in Chrome version 69 means that if one types in a domain such as www.itwire.com into the browser search bar, the www portion is stripped out in the address bar when the page is displayed. This is not the first time Google has been criticised for its moves to change the fundamental structure of URLs. Its Accelerated Mobile Pages, introduced in October 2015, have been criticisedfor obscuring the original URL of a page and reducing the chances of a reader going back to the original website. Probably for this reason, Apple last year decided that version 11 of iOS would update its Safari browser so that AMP links would be stripped out of an URL when the story was shared... "This is Google making subdomain usage decisions for other entities outside of Google," said yet another poster. "My domains and how subdomains are assigned and delegated are not Google's business to decide."