Vulnerability Research and Disclosure: Evolving To Meet Targeted Attacks
Recently, both HP’s Zero Day Initiative (ZDI) and Google’s Project Zero published vulnerabilities in Microsoft products (specifically, Internet Explorer and Windows 8.1) because Redmond did not fix them within 90 days of the vulnerabilities being reported. This has resulted in an argument between security researchers and software vendors on how vulnerabilities should be disclosed. A case where […] more…DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we thought it was a Distributed Denial of Service (DDoS) attack, mainly due to the high concentration of requests (thousands per second). Looking further however, it actually seemed like […] more…Windows 10 Preview and Security
Microsoft presented a preview of their newest “experience”, Windows 10, over a live stream this morning. The release is expected later this year. This isn’t envisioned as just an OS for desktops, but it brings support as a truly broad computing platform. They claim to have built Windows 10 with “more personal computing” in mind, and […] more…Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object Injection Work? Object Injection occurs when raw user input is passed to an unserialize() function call. When this happens, […] more…Tic Tac Toe with a twist
Attempts by cybercriminals to disguise malware as useful applications are common to the point of being commonplace. However, the developers of Gomal, a new mobile Trojan, not only achieved a new level of camouflage by adding Tic Tac Toe game to their malicious program, but also implemented interesting techniques which are new to this kind […] more…OPSec for security researchers
Being a security researcher nowadays is no easy task, especially as we are no longer dealing with purely technical matters. Today’s global security landscape includes several new actors including governments, big companies, criminal gangs and intelligence services. This puts researchers in a difficult situation. According to one of many definitions of OPSec: “Operational security identifies […] more…Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn’t it always funny to see what the final message received would be? Oh and how it would have morphed […] more…Review : Dealguru – Best Deals by AskMeBazaar
The world has experienced a great change and it’s currently relying more on the online platform. India has also started its online shopping world with great deal of accelerated outgrowth. But, none can it fit against AskMeBazaar’s marketing strategies. With their recent ongoing saga of AskMe program for Android, their started online shopping world […] more…Website Security Analysis: A “simple” piece of malware
For regular readers of this blog, there is one constant that pops up over and over: malware gets more complex. When malware researchers, like myself, unlock new obfuscated code, it’s a signal to the black hats that they need to up their game. For me, figuring out their new hack attempts and then putting the […] more…Cybercriminals Steal News Headlines for KULUOZ Spam Campaigns
Last April, we reported a KULUOZ spam campaign using the South Korean ferry sinking tragedy, one that came hot at the heels of the actual event itself. KULUOZ, as we tackled during that blog entry, is a malware that is distributed by the Asprox botnet. It can download certain strains of FAKEAV and ZACCESS malware […] more…Scammer of a Lonely Heart
It’s time for a risqué subject: looking for love on the internet. With a myriad services promising chemistry-driven matches, dating game contestants have flocked to web services and apps. Despite this proliferation of new avenues, those in a particular rush to find company (in the form of ‘No Strings Attached’ encounters) have turned to a […] more…Brazilian Users Being Scammed with 2014 FIFA World Cup Tickets
As the 2014 FIFA World Cup Brazil draws near, we are seeing more threats using the event as bait. We recently talked about cybercriminals in Brazil taking advantage of the event to spread malware, but we’ve found that the threats have gone beyond that: we’ve spotted fake FIFA websites selling game tickets. One of the sites […] more…Bots – The internet weapons, Their Types and How to Protect Youself
In today’s world I don’t believe that there would be anyone who is not aware about the internet may be some extreme out of the world tribes like of the Pygmy might be not aware of it. We surf internet almost daily, may be to carry out some important work or sometimes just to relax […] more…Valve DNS privacy flap exposes the murky world of cheat prevention
Like most online game makers, Valve uses a cheat detection system to protect popular multiplayer games like Counter-Strike: Global Offensive, Team Fortress 2, and Dota 2 from hacks that would give a player an unfair advantage. That Valve Anti-Cheat (VAC) system was at the center of a potential privacy bombshell earlier today, with accusations that […] more…How Exploit Kits Dodge Security Vendors and Researchers
Websites with exploit kits are one thing that security vendors and researchers frequently try to look into, so it shouldn’t be a surprise that attackers have gone to some length to specifically dodge the good guys. How do they do it? The most basic method used by attackers is an IP blacklist. Just like security […] more…‘League of Legends’ account information and transaction records compromised
A portion of the North American user base of "League of Legends" (LoL) had its account information compromised by hackers, according to Riot Games, the company developing the popular online multiplayer game. Passwords and credit card numbers stored in encrypted form were accessed, as well as other details. read more more…More information
- Has your Hewlett-Packard ScanJet printer just tried to infect your PC with malware?
- Apple preps for iPhone diversification
- New EU General Data Protection Regulation Affects Multinational Companies
- 10 Ways to Protect Against Dual Revenue Attacks
- Resolved: Intermittent Outage on ftp.personal.psu.edu
- Source code analysis reveals seven security holes in UK contact tracing app
- The Upload: Your tech news briefing for Wednesday, April 8
- Bell Labs invents lensless camera
- Get-rich-quick social media scams are turning teens into money mules
- Oracle Patches Java Zero-Day Used in Operation Pawn Storm