Managing Windows XP’s Risks in a Post-Support World
There are now less than two weeks left until Microsoft terminates support for the incredibly long-lived Windows XP. Rarely has a tech product lasted as long as XP has – from XP’s launch on October 25, 2001 to its last Patch Tuesday on April 8, 2014 a total of 12 years, 5 months, and two […] more…Mobile Malware and High Risk Apps Reach 2M Mark, Go for “Firsts”
Just six months after mobile malware and high risk apps reached the one million mark, we have learned that that number has now doubled. Figure 1. The number of malicious and high risk apps reaches the 2M mark This milestone comes at the heels of the “tenth anniversary” of mobile malware. 2004 saw the first […] more…JCE Joomla Extension Attacks in the Wild
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content Editor) vulnerability. JCE is a very popular component that can be found enabled on almost any Joomla site. It has had a few serious vulnerabilities in the past (around 2011 […] more…New BlackOS Software Package Sold In Underground Forums
We recently came across this particular post in an underground forum: Figure 1. Underground forum post This particular post in Russian was advertising a new product, known as “BlackOS”. Contrary to the name, it is not an operating system. However, it is definitely “black”, or malicious: it is used to manage and redirect Internet traffic […] more…Can software be protected from piracy?
Why does it seem so easy to pirate today? It just seems a little hard to believe that with all of our technological advances and the billions of dollars spent on engineering the most unbelievable and mind-blowing software, we still have no other means of protecting against piracy than a “serial number/activation key.” I’m sure […] more…Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just this week we put out a post titled More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack. What’s the Big Deal? Remember life before social media? How quiet and […] more…Quantum Encryption Is On The Verge Of Solving The ‘100-Year Problem’ In Data Security
Michele Mosca is co-founder and Deputy Director of the Institute for Quantum Computing, and a founding member of the Perimeter Institute for Theoretical Physics. He’s got a front row seat to all things quantum computing and encryption. The area is still in a nascent phase but it already has the potential to solve a number […] more…Flattening Bitcoin: What is Transaction Malleability?
The past few weeks have not been good for Bitcoin. Mt. Gox shut down withdrawals due to concerns over transaction malleability. The same flaw was reportedly used to loot more than 4,000 BTC (worth more than 2.7 million US dollars) from Silk Road 2.0 Deep Web marketplace. These stories, together with others that have shaken […] more…PHP Backdoors: Hidden With Clever Use of Extract Function
When a site gets compromised, one thing we know for sure is that attackers love to leave malware that allows them access back to the site; this type of malware is called a backdoor. This type of malware was named this because it allows for remote control of a compromised website in a way that […] more…Hitting the Data Jackpot
Breaches, breaches everywhere. There has to be a reason for it – criminals aren’t just following a trend like a spring shopper buying the latest styles of shoes. If you put yourself in the shoes of a cybercriminal (not the spring shopper’s), you’ll be able to appreciate how breach data equates money in a number […] more…Resolved: Identity Finder License – Expiration Message May Display
The University’s license for Identity Finder expires February 1. The license has been renewed and will update automatically across all users’ computers where Identity Finder is installed and connected to the Enterprise Console. For the majority of users, this means no action will be required. Because automatic updates to Identity Finder installations occur only periodically, […] more…Breaking Up with Valentine’s Day Online Threats
With less than a week to go, Valentine’s Day is definitely around the corner. It has been proven that the holidays are a goldmine for cybercriminals, and there are many activities and threats online that could spoil one of the most anticipated seasons of lovers. This, after all, isn’t just time for chocolates and roses. […] more…Malware and Winter Olympics
Whenever there’s a global sporting event, we get questions about the “cyber” angle. Could an event like The Olympics be targeted by malware outbreaks, or maybe DDoS attacks? And while there are some real security concerns, most coverage of cyber attacks during Olympics end up to be incorrectly reported or just hype. This is not […] more…Darkleech + Bitly.com = Insightful Statistics
This post is about how hackers abuse popular web services, and how this helps security researchers obtain interesting statistics about malware attacks. We, at Sucuri, work with infected websites every day. While we see some particular infections on one site or on multiple sites, we can’t accurately tell how many more sites out there are […] more…Big box LatAm hack (2nd part – Email brute-force and spam)
To complement the already mentioned findings, the same cybercriminal’s server contains additional interesting things but before mentioning them, I want to give a little bit more information about the email database used to spam victims to infect them with the Betabot malware. E-mail database How big is the list of email addresses to spam […] more…Identity Finder License – Expiration Message May Display
The University’s license for Identity Finder expires February 1. The license has been renewed and will update automatically across all users’ computers where Identity Finder is installed and connected to the Enterprise Console. For the majority of users, this means no action will be required. Because automatic updates to Identity Finder installations occur only periodically, […] more…More information
- Apple releases iOS 7.0.3 – fixes yet more lockscreen holes, including a call-anybody bug
- Iranian Cyber-Campaign Lays Groundwork for Sabotage, Researchers Say
- Millions of LinkedIn passwords up for sale on the dark web
- Hacking Team Flash Zero-Day Integrated Into Exploit Kits
- New York Governor Proposes New Cyber Security Measures
- Facebook reins in spammy auto-sharing apps with new rule
- Android antivirus products a big flop, researchers say
- Secret backdoors found in gear from Barracuda Networks
- Next-Gen Security’s Rip and Replace Problem
- After raid, Australian hacker fears possible arrest