Phishing with help from Compromised WordPress Sites
We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox: As I went to mark the email as Spam, I decided to hover over the […] more…Same Origin Policy Bypass Vulnerability Has Wider Reach Than Thought
Independent security researcher Rafay Baloch recently disclosed a serious vulnerability in Android’s built-in browser. The vulnerability allows the same origin policy of the browser to be violated. This could allow a dangerous universal cross-site scripting (UXSS) attack to take place. An attacker could potentially use an IFRAME to load a legitimate site for which the […] more…Trend Micro Uncovers 14 Critical Vulnerabilities in 2014 So Far
Exploits are frequently used in targeted attacks to stealthily infect systems. These exploits do not have to target newly discovered or zero-day vulnerabilities; for example, CVE-2013-2551 (a vulnerability in Internet Explorer) is still being targeted in 2014. However, zero-day exploits are still a serious threat as these can catch all parties off-guard, including security vendors. Zero-days take advantage […] more…Nuclear Exploit Kit Evolves, Includes Silverlight Exploit
Exploit kits have long been part of a cybercriminal’s arsenal. One of the most notorious exploit kits in recent years is the Blackhole Exploit Kit. Coverage over this particular exploit kit reached a fevered pitch with the arrest of its author in 2013. The Blackhole Exploit Kit may have met its demise, but this hasn’t […] more…Conditional Malicious iFrame Targeting WordPress Web Sites
We have an email, labs@sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner, SiteCheck, detects a spam injection or a hidden iframe and the user is unable to locate the infection in the source code. It’s not until we […] more…A Twitch of Fate: Gamers Shamelessly Wiped Clean
Twitch.tv is a video gaming focused live streaming platform. It has more than 50 million viewers and was acquired by Amazon.com in August for nearly a billion dollars. We recently received a report from a concerned user about malware that is being advertised via Twitch’s chat feature. A Twitch-bot account bombards channels and invites viewers […] more…Website Security – Compromised Website Used To Hack Home Routers
What if we told you that a compromised website has the ability to hack your home router? Yesterday we were notified that a popular newspaper in Brazil (politica.estadao.com.br) was hacked and loading several iFrames. These iFrames were trying to change the DNS configuration on the victim’s DSL router by Brute Forcing the admin credentials. Sucuri – […] more…Uncovering Malicious Browser Extensions in Chrome Web Store
Months ago, Google published a blog post informing users of Google Chrome that they cannot install browser extensions from third parties. The reason: security. By only permitting extensions from official Chrome Web Store, Google claims they would be able to police these extensions in order to prevent malicious ones. Unfortunately, such tactics aren’t enough to […] more…Sinkholing the Backoff POS Trojan
There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached. Trustwave SpiderLab, which originally discovered this malware, posted a very thorough analysis in July. The U.S. Secret Service, in partnership with DHS, followed up with an advisory. Although […] more…Website Add-on Targets Japanese Users, Leads To Exploit Kit
In the past few weeks, an exploit kit known as FlashPack has been hitting users in Japan. In order to affect users, this particular exploit kit does not rely on spammed messages or compromised websites: instead, it uses a compromised website add-on. This particular add-on is used by site owners who want to add social media […] more…Vulnerability in In-App Payment SDKs May Lead to Phishing
Vulnerabilities in apps are always a cause for concern, especially when said apps handle sensitive information, particularly financial. We examined two popular in-app payment (IAP) SDKs—Google Wallet and the Chinese payment platform Alipay—and discovered that these contain a vulnerability that can be exploited for phishing attacks. The versions we analyzed were Google IAP versions 2 […] more…"El Machete"
Introduction Some time ago, a Kaspersky Lab customer in Latin America contacted us to say he had visited China and suspected his machine was infected with an unknown, undetected malware. While assisting the customer, we found a very interesting file in the system that is completely unrelated to China and contained no Chinese coding traces. […] more…Behind the ‘Android.OS.Koler’ distribution network
Our full Koler report (PDF) At the beginning of May 2014 a security researcher named Kaffeine made the first public mention of Android.OS.Koler.a, a ransomware program that blocks the screen of an infected device and requests a ransom of between $100 and $300 in order to unlock the device. It doesn’t encrypt any files or […] more…Behind the ‘AndroidOS.Koler’ distribution network
Our full Koler report (PDF) At the beginning of May 2014 a security researcher named Kaffeine made the first public mention of Trojan.AndroidOS.Koler.a, a ransomware program that blocks the screen of an infected device and requests a ransom of between $100 and $300 in order to unlock the device. It doesn’t encrypt any files or […] more…Mitigating UAF Exploits with Delay Free for Internet Explorer
After introducing the “isolated heap” in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call “delay free.” This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet […] more…Cloud Services: Holes in Corporate Network Security
The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc. When cloud-based data storage service Dropbox announced a patched vulnerability in its link generator, it once again sparked online discussions about how […] more…More information
- Preventing the Next Ransomware Attack
- US IT job growth slows because of too few candidates
- Now is the Time to Invest in Cyber Security Skills
- Microsoft patents biometric ‘wellness insights’ tool for workers
- Hacker Who Sold UPMC Employee Information Pleads Guilty
- Chrome 46 Patches Vulnerabilities, Simplifies Page Security Icon
- INFOGRAPHIC: Users weighed down by multiple gadgets – survey reveals the most carried devices
- What Does It Take To Be Digitally Secure?
- VirusTotal += BitDefender Falx
- News in brief: more IoT devices than humans; FBI makes requests harder; rail users could pay by iris scans