New Malvertising Campaign Exploits Home Routers, Changes DNS Servers
There’s a new malvertising campaign that is attacking Chrome users on both desktops and mobile devices and is exploiting victims’ home routers through the use of the DNSChanger exploit kit. The attacks have been going on for several weeks and researchers say they’re targeting several brands of routers, including D-Link, Netgear, and others. The attackers behind […]
How Social Engineering Enables Fraud
Fraudsters who are looking to separate businesses from their money often will specialize in one kind of scam. Whether it’s credit card fraud, 419 scams, or phone fraud, the people behind these schemes tend to focus their energy on one and learn it inside and out. But despite that specialization, there are common skills that […]
iOS 10.2 Security Update Fixes 12 Flaws
Apple has released iOS 10.2, fixing 12 security vulnerabilities in the mobile operating system, including two bugs that could lead to arbitrary code execution. The more serious of the code-execution flaws is related to the way that iOS handles certificates. The bug could allow an attacker to use a malicious certificate to gain code execution on a […]
Some Netgear Routers Open to Remote Code Execution
Two models of Netgear home routers contain a vulnerability that can allow a remote attacker to execute arbitrary code. The bug can be exploited with a simple URL and there’s a publicly available exploit for the flaw. The issue affects the Netgear R7000 and R6400 routers and right now there’s no fix available for the […]
Yahoo Patches Critical XSS Flaw in Mail
There was a serious security flaw in the Yahoo Mail that enabled an attacker to attach malicious code to a victim’s outgoing messages or read any email in the victim’s inbox just by having the victim open a carefully crafted email. Yahoo patched the vulnerability last week, closing a hole that the researcher who discovered it […]
How Account Takeovers Threaten Bank Security
There are many different kinds of attackers in the cybercrime ecosystem, and they each carry their own motivations and tactics. Some groups are politically motivated, while others are in it strictly for fun and games. But for fraudsters who target banks, insurance companies, and other financial institutions, the goal is one thing: money, and lots […]
Prosecutor: Some Encryption a ‘Threat to Our Ability to Protect’ Americans
The deployment of default strong encryption on mobile devices and U.S. companies storing user data in foreign countries is hampering the ability of law enforcement to protect Americans from cyber crime and other threats, a top U.S. prosecutor said. In a speech Wednesday, Assistant Attorney General Leslie Caldwell said prosecutors and law enforcement agencies across the country are […]
Zeus Offspring Floki Bot Infecting PoS Systems
Malware gangs, like sad wedding bands, love to play the hits. And one of the hits they keep running back over and over is the Zeus banking Trojan, which has been in use for many years in a number of different forms. Researchers have unearthed a new piece of malware called Floki Bot that is […]
New Mirai Variant Infecting Home Routers
A new variant of the Mirai malware that has been wreaking havoc on IoT devices is now being used to infect home routers installed by TalkTalk in the U.K. The malware is exploiting a vulnerability to install itself on the router and then attackers are using the infected devices in DDoS attacks. Researchers at Imperva […]