Web Cache Deception Attack
2017-02-28
A few words about caching and reactions Websites often tend to use web cache functionality (for example over a CDN, a load balancer, or simply a reverse proxy). The purposeRead More →
The Necurs botnet is evolving, now includes a DDoS module
2017-02-28
The Necurs botnet is evolving and recently the experts at BitSight’s Anubis Labs discovered that it was improved to launch DDoS attacks. The Necurs botnet continues to evolve and recentlyRead More →
DNS attacks: How they try to direct you to fake pages
2017-02-27
DNS servers are essential to the normal functioning of the internet as we know and love it, but they tend to go unnoticed by most users. At least, that is, until someRead More →
Stolen EHR data is flooding criminal underground communities in the Deep Web
2017-02-27
EHR data are precious commodities in the cyber criminal underground because of the lack of cyber security of healthcare industry. Electronic health record databases are becoming the most precious commoditiesRead More →
Google Sends E2EMail Encrypted Email Code into Open Source
2017-02-27
Google wants everyone to be able to easily encrypt data. Google has always been good about sharing the wealth of information it has, including when it comes to donating itRead More →
New RaaS Portal Preparing to Spread Unlock26 Ransomware
2017-02-27
A new b -as-a-Service (RaaS) portal named Dot-Ransomware is behind the Unlock26 ransomware discovered this past week. First spotted two days ago, this ransomware operation is quite unique as itRead More →
Roberts Hawaii tour company hacked, credit card and personal info exposed
2017-02-27
The tour company Roberts Hawaii is warning its customers about a security breach that may affect people who purchased tours and other services on its website. Did you visit theRead More →
Vulnerability Deep Dive – Ichitaro Office Excel File Code Execution Vulnerability
2017-02-25
Vulnerabilities in word processing and office productivity suites are useful targets for exploitation by threat actors. Users frequently encounter file types used by these software suites in their day toRead More →
Database Ransom Attacks Have Now Hit MySQL Servers
2017-02-25
After the ransacking of MongoDB, ElasticSearch, Hadoop, and CouchDB servers, attackers are now hijacking hundreds of MySQL databases, deleting their content, and leaving a ransom note behind asking for aRead More →
iPhone Robbers Try to iPhish Victims
2017-02-25
In another strange tale from the kinetic-attack-meets-cyberattack department, earlier this week I heard from a loyal reader in Brazil whose wife was recently mugged by three robbers who nabbed her iPhone.Read More →
Google Goes Public with Unpatched Microsoft Edge and IE Vulnerability
2017-02-25
Google has gone public with details of a second unpatched vulnerability in Microsoft products, this time in Edge and Internet Explorer, after last week they’ve published details about a bugRead More →
Gmail accounts lockout the users. Glitch or hack, it’s a mystery
2017-02-25
A huge number of Gmail accounts lockout their users and forced them to log in again. What has happened? Is it the result of a massive cyber attack? A hugeRead More →
Android ransomware requires victim to speak unlock code
2017-02-24
Latest Android.Lockdroid.E variant uses speech recognition instead of typing for unlock code input. Being a good listener is normally considered an admirable quality in a person; however, it isn’t aRead More →
British man arrested after 900,000 broadband routers knocked offline in Germany
2017-02-24
A 29-year-old man has been arrested at Luton airport by the UK’s National Crime Agency (NCA) in connection with a massive internet attack that disrupted telephone, television and internet servicesRead More →
This system admin used VPN to hack into and cause $1.1 million loss to his ex-employer before being caught
2017-02-24
After being fired, this sys-admin used VPN to hack and plant his own software and cause a $1.1 million loss to his employer Getting a pink slip is a bad newsRead More →
Serious Cloudflare bug exposed a potpourri of secret customer data
2017-02-24
Service used by 5.5 million websites may have leaked passwords and authentication tokens. Cloudflare, a service that helps optimize the security and performance of more than 5.5 million websites, warnedRead More →
Google Announces First-Ever SHA1 Collision Attack
2017-02-24
The SHA1 (Secure Hash Algorithm 1) cryptographic hash function is now officially dead and useless, after Google announced today the first ever successful collision attack. SHA1 is a cryptographic hashRead More →
Threat Spotlight: Disttrack Malware
2017-02-23
Disttrack’s payload has spread in waves, mainly targeting Saudi Arabia’s critical infrastructure, including, but not limited to: Saudi Aramco, Saudi Arabia’s General Authority of Civil Aviation (GACA), and the SaudiRead More →
Malware Uses Blinking Hard Drive LEDs to Transmit Data to Nearby Cameras
2017-02-23
Custom-made malware installed on an offline computer can use a hard drive’s LED to send out sensitive data from infected computers to nearby cameras. This Hollywood hacking scenario is nowRead More →
Released Android malware source code used to run a banking botnet
2017-02-23
The new Android banking malware ESET recently discovered on Google Play was spotted in the wild again, targeting more banks. Further investigation of this resurfacing threat has uncovered its codeRead More →
