The Big Reason Why You Should Update Your Browser (and How to Do It)
The humble internet browser. Dutifully taking you the places you want to go online, whether that’s the bank, the store, the movies, or even to work. All the more reason to make sure your browser gets every last bit of protection it can. It’s easy to fire up your browser without a second thought. Arguably, […] more…Online shopping scams – 7 ways to fight them
Be wary of online shopping scams – 7 ways to fight them While some of us may be quite skilled at finding miscellaneous gadgets and great deals on apparel online, relying on e–commerce platforms for all of our basic household needs is a new challenge. Many of us preferred to shop at brick and mortar retail for certain purchases such as groceries or pharmaceuticals. Now that we’ve turned online for all our shopping needs, online […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…Dnsmasq: A Reality Check and Remediation Practices
Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options. Based on Censys and Shodan data, […] more…Malware: 5 Tips for Fighting the Malicious Software
Malware—the term seems to be at the center of the news every day, with each headline telling of a new way the cyber threat has inserted itself into our lives. From an entire attack campaign on banks worldwide, to a strain residing within medical devices, to a variant that has learned to self-heal, the list […] more…Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files […] more…ATMZombie: banking trojan in Israeli waters
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. It uses insidious injection and other sophisticated and stealthy methods. The first method, dubbed “proxy-changing”, is commonly used for HTTP packets inspections. It involves modifying browser proxy configurations and […] more…Crypto-Ransomware Sightings and Trends for 1Q 2015
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon discovered that TorrentLocker infections were not limited to that region; Turkey, Italy, […] more…Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research and analysis was already published by RSA, we’ve recently discovered that this highly profitable fraud is still out in the wild and remains […] more…Facebook Spam Leverages, Abuses Instagram App
The downside of popularity is that cybercriminals tend to abuse it for their own nefarious ends. Case in point, social networking sites have been often used to proliferate malware. Just recently, we spotted a Facebook clickjacking attack that leverages and abuses Instagram to point users to malicious websites. Users encounter this threat by being tagged […] more…When Certificate Authority Business Models and Vendor Certificate Policies Clash
A very important “internet trust” discussion is underway that has been hidden behind closed doors for years and in part, still is. While the Comodo , Diginotar, and Verisign Certificate Authority breaches forced discussion and action into the open, this time, this “dissolution of trust” discussion trigger seems to have been volunteered by Trustwave’s policy […] more…More information
- US Gov Issues Warning for Androxgh0st Malware Attacks
- Alexa May Be Recording More Than You Realize
- Illumio Brings Visibility, Zero Trust Principles to Hybrid Cloud
- Hackers Earn $1 Million for Zero-Day Exploits at Chinese Competition
- FBI Warns of Cuba Ransomware Attacks on Critical Infrastructure
- Apple’s new MacBook Pros leapfrog the competition
- Endpoint Security Provider ThreatLocker Raises $20 Million
- White House Claims Huawei Equipment Has Backdoor for Spying
- Microsoft Internet Explorer CVE-2014-2822 Remote Memory Corruption Vulnerability
- “Followup phish” targets possible victims of last month’s JP Morgan Chase card breach