Hajime Malware Joins Mirai in Targeting IoT Devices
Mirai is no longer the only game in town when it comes to IoT malware. A new piece of malware known as Hajime is infecting some of the same kinds of embedded devices that Mirai has been targeting for several months. The malware has infected thousands of IoT devices in recent weeks and researchers say […]
Facebook Launches Beta of New Account Recovery System
Facebook has opened a beta program for its new Delegated Account Recovery system, which is designed to replace traditional email or SMS-based recovery processes. The Facebook system allows users to connect their Facebook accounts with other services and use that trusted link to recover access to one of the accounts. The company has published an SDK and […]
Microsoft Patched Shadow Brokers Flaws Before Latest Disclosure
The latest release of exploits and vulnerabilities from the Shadow Brokers came as a surprise to many observers, but not to the security team at Microsoft. It turns out that the company already has patched most of the flaws in its products that were exposed in last week’s exploit dump. The Shadow Brokers have published […]
Unicode Domain Phishing Attack Resurfaces
Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies on the fact that the […]
CSRF Bug Haunts Magento E-Commerce Platform
There is a serious vulnerability in a version of the Magento e-commerce platform that could allow a remote attacker to access a target site’s database. The bug can be used for remote code execution, and the researchers who discovered it say they notified Magento of the vulnerability in November, but the company hasn’t released a fix […]
Inside the Tech Support Scam Ecosystem
By Jonah Berg-Ganzarain A pair of doctoral students and their advisor, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and victimizing people around […]
Tackling Phone Fraud with Pindrop
Martin Dodd, Managing Director, Connect, Lloyds Banking Group With the spotlight remaining on the evolving threat of online fraud, phone fraud is an area that is often overlooked. It is, however, an area where fraudsters, aided by new technology, still look for opportunities. Smarter thinking, collaboration and using innovation are helping organisations to stay a […]
On the Wire Podcast: Mike Mimoso
It’s been a while since we’ve seen the kind of drama surrounding a Microsoft zero-day bug that we saw this week with the Word vulnerability. Details of the flaw began emerging last week and attackers have been targeting it for several months, but Microsoft didn’t saw a thing about it publicly until it patched the […]
Government, Cybercrime Attackers Target Word Flaw
At least two separate groups of attackers, with disparate motives, have been exploiting the Microsoft Word vulnerability disclosed several days ago. Researchers say that both government-backed attackers and cybercrime groups are targeting the flaw, installing high-level professional malware as well as banking malware. Microsoft on Tuesday released a patch for the vulnerability, but attackers have […]