Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn’t it always funny to see what the final message received would be? Oh and how it would have morphed […] more…The world at your fingertips… and theirs too
Technology has changed our lives, the way we live and work. With the emergence of wearables, the convergence between the virtual and the physical world makes people feel more natural using technology all the time.Google Glass is one of the most amazing wearable devices and although it is still at an early stage of development, […] more…"El Machete"
Introduction Some time ago, a Kaspersky Lab customer in Latin America contacted us to say he had visited China and suspected his machine was infected with an unknown, undetected malware. While assisting the customer, we found a very interesting file in the system that is completely unrelated to China and contained no Chinese coding traces. […] more…Think crypto hides you from spooks on Facebook? THINK AGAIN
Activists just got another reason to worry about what spooks might be able to learn about them, with boffins demonstrating that a decent traffic fingerprint can tell an attacker what’s going on, even if an app is defended by encryption. The researchers from the Universities of Padua and Rome have found that for activities like […] more…The Administrator of Things (AoT) – A Side Effect of Smartification
In an earlier article, we talked about the ongoing smartification of the home – the natural tendency of households to accumulate more intelligent devices over time. While this has its benefits, the residents of smart homes also need to invest their time and energy to maintain these devices. These requirements will only grow as more […] more…The Syrian Malware House of Cards
Our full Report Introduction The geopolitical conflicts in the Middle East have deepened in the last few years. Syria is no exception, with the crisis there taking many forms, and the cyberspace conflict is intensifying as sides try to tilt the struggle in their favor by exploiting cyber intelligence and using distortion. The Global Research […] more…Thoughts on WordPress Security and Vulnerabilities
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet and Custom Contact Forms drove the bulk of the engagement, but those using WPTouch, TimThumb and vBulletin were also made aware of vulnerabilities. If it […] more…The Dangers of the Android FakeID Vulnerability
Security researchers from Bluebox Labs recently uncovered a vulnerability that may allow malicious apps to impersonate legitimate ones. This vulnerability, dubbed as “FakeID,” is involved with the checking of certificate signatures to prove the legitimacy of applications. What makes this highly notable is that all Android devices running on platforms starting from Android 2.1 (“Éclair”) […] more…Checking In On Africa: The Latest Developments in Cybercrime
In the early 2000s, Africa gained notoriety due to the 419 “Nigerian” scam. This scam involved making payments in exchange for a reward for helping so-called high-ranking Nigerian officials and their families. While all the scams may not have necessarily originated from Africa, the use of Nigerian officials was imprinted upon the public consciousness, thereby […] more…Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we found a critical vulnerability that allows an attacker to download and modify your database remotely (no authentication required). The vulnerability was disclosed to the plugin developer a few weeks ago, […] more…Website Security Analysis: A “simple” piece of malware
For regular readers of this blog, there is one constant that pops up over and over: malware gets more complex. When malware researchers, like myself, unlock new obfuscated code, it’s a signal to the black hats that they need to up their game. For me, figuring out their new hack attempts and then putting the […] more…Backups – The Forgotten Website Security Pillar
I travel a lot (a lot might actually be an understatement these days), but the travel always revolves around a couple common threads – namely website security education and awareness. In these travels, regardless of the community I am engaging with, there are always common questions like, “How important is it to proactively protect my […] more…New Crypto-Ransomware Emerge in the Wild
One of the recent triumphs against cybercrime is the disruption of the activities of the Gameover ZeuS botnet. Perhaps what makes this more significant is that one major threat was also affected—the notorious CryptoLocker malware. However, this disruption hasn’t deterred cybercriminals from using file-encrypting ransomware. In fact, we saw new crypto-ransomware variants that use new […] more…22 Jump Street, Transformers Are Top Movie Lures for Summer
Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals. Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social engineering. Transformers: Age of […] more…Cybercrime Exposed Part 1: The Security Risks of Phishing
While new threats are emerging that hit new avenues or targets like PoS systems and cryptocurrencies, old threats like phishing remains to be an effective means of gathering user data. A simple spam email that leverages holidays, online shopping, release of anticipated gadgets, and hot/current news items can redirect unsuspecting users to survey scams and phishing pages that […] more…Finding Holes in Banking Security: Operation Emmental
Like Swiss Emmental cheese, the ways your online banking accounts are protected might be full of holes. Banks have been trying to prevent crooks from accessing your online accounts for ages. Passwords, PINs, coordinate cards, TANs, session tokens – all of these were created to help prevent banking fraud. We recently come across a criminal […] more…More information
- Microsoft Internet Explorer and Edge CVE-2015-2441 Remote Memory Corruption Vulnerability
- Imgur breached back in 2014, wasn’t storing your passwords properly
- Germany: Bitcoin is "private money" and Bitcoin mining is "private money creation"
- PetitPotam Vulnerability Exploited in Ransomware Attacks
- Microsoft Windows Hyper-V CVE-2019-0713 Remote Denial of Service Vulnerability
- Verodin carries out attacks safely to test network security
- Implementation of Inbound Default-Deny rule set on Enterprise Firewalls
- Hacked companies could see customer exodus if breached
- Malicious Pastebin Replacement for jQuery
- Apple CEO Backs Privacy Laws, Warns Data Being ‘Weaponized’