GMAIL phishing attack saga

imagensecforcepost.png

It all started a week ago. Some news hinted that some attackers were stealing domains taking advance of a Gmail vulnerability. Even when it was not confirmed, the story was Digged and generated quite a lot of buzz in the security community.

It all seemed that a new version of an old GMail hijack technique

On Tuesday Google confirmed that no known vulnerabilities were affecting Gmail and that the incidents were phishing attacks whereby attackers set up fake websites asking for Gmail username and password.

This is very interesting because it reinforces the theory that simple attacks targeting human security awareness are still very effective. At SECFORCE we work with our clients to increase security awareness and prevent this kind of attacks form happening.

You may also be interested in...

imagensecforcepost.png
Jan. 12, 2012

CVE-2011-4107 PoC - phpMyAdmin Local File Inclusion via XXE injection

Proof of concept for CVE-2011-4107. phpMyAdmin Local File Inclusion vulnerability.

See more
imagensecforcepost.png
Dec. 5, 2012

Bring your own device (BYOD) security challenges

BYOD is a business policy which encourages employees to bring their personal devices (laptops, tablets, mobile phones) to the corporate environment and perform business tasks with them.

See more