PINDROP BLOG

Category: Hacking

December 27, 2016
Critical Vulnerability Haunts Popular PHP Library
There’s a critical security vulnerability in the PHPMailer library, a flaw that could allow an attacker to execute arbitrary code. The bug can be exploited remotely and a researcher already has released proof-of-concept exploit code for it. The PHPMailer library is used in a large number of web applications and open source projects, including WordPress and…
Read More →
December 21, 2016
On the Wire Podcast: Michael Tiffany
Cybercriminals depend upon the income they generate from their schemes to fund further operations, and one of the main ways that they extract money from victims is through ad fraud. This week, researchers at White Ops disclosed the existence of the Methbot ad fraud network, which is using a sophisticated worldwide infrastructure and custom browsers…
Read More →
December 20, 2016
Massive Methbot Ad Fraud Network Steals Millions Per Day
Cybercriminals are using a sophisticated botnet operation to impersonate both websites and visitors in order to steal as much as $5 million in ad revenue per day from publishers, according to new research into the network, known as Methbot. The botnet is enmeshed in the online ad infrastructure and has its own elaborate support system,…
Read More →
December 19, 2016
Hailstorm Spam Campaigns Being Used to Evade Defenses
In an effort to get past anti-spam and anti-malware systems and put their garbage in front of potential victims, some spammers are avoiding the traditional strategy of sending huge volumes of mail for long periods of time in favor of sending large bursts of spam in a very short timeframe. This technique, known as hailstorm…
Read More →
December 16, 2016
70 Percent of Enterprise Ransomware Victims Paid Up, Data Shows
Ransomware gangs have been targeting businesses in the last few months, seeking bigger paydays than what they can extract from consumers. The plan has been highly successful, according to new data, which shows that 70 percent of businesses infected with ransomware have paid the ransom to get their data back. Researchers at IBM Security’s X-Force…
Read More →
December 15, 2016
Yahoo Data Breach Highlights Defender’s Disadvantage
For the second time in less than three months, Yahoo has disclosed a massive data breach, and this is one for the record books. The company said more than one billion accounts are affected by the breach, and Yahoo officials still aren’t exactly sure how the attackers got in. On Wednesday evening, Yahoo CISO Bob…
Read More →
December 14, 2016
Beta Firmware Update Available for Vulnerable Netgear Routers
With exploit code publicly available and details of the vulnerability widely known, Netgear has released a beta version of new firmware to fix a bug in several of its routers that attackers can use to execute arbitrary code on the devices. The Netgear router vulnerability affects several of the company’s home router models, including the R6250, R6400,…
Read More →
December 14, 2016
New Malvertising Campaign Exploits Home Routers, Changes DNS Servers
There’s a new malvertising campaign that is attacking Chrome users on both desktops and mobile devices and is exploiting victims’ home routers through the use of the DNSChanger exploit kit. The attacks have been going on for several weeks and researchers say they’re targeting several brands of routers, including D-Link, Netgear, and others. The attackers behind…
Read More →
December 12, 2016
iOS 10.2 Security Update Fixes 12 Flaws
Apple has released iOS 10.2, fixing 12 security vulnerabilities in the mobile operating system, including two bugs that could lead to arbitrary code execution. The more serious of the code-execution flaws is related to the way that iOS handles certificates. The bug could allow an attacker to use a malicious certificate to gain code execution on a…
Read More →
December 12, 2016
Some Netgear Routers Open to Remote Code Execution
Two models of Netgear home routers contain a vulnerability that can allow a remote attacker to execute arbitrary code. The bug can be exploited with a simple URL and there’s a publicly available exploit for the flaw. The issue affects the Netgear R7000 and R6400 routers and right now there’s no fix available for the…
Read More →