Adwind: FAQ
Download full report PDF We have become aware of unusual malware that was found in some banks in Singapore. This malware has many names – it is known as Adwind RAT (Remote Access Tool), AlienSpy, Frutas, Unrecom, Sockrat, JSocket, and jRat. It is a backdoor available for purchase, and is written entirely in Java which […] more…Kaspersky Security Bulletin. Spam and phishing in 2015
Download PDF The year in figures According to Kaspersky Lab, in 2015 The proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014. 79% of spam emails were no more than 2 KB in size. 15.2% of spam was sent from the US. 146,692,256 instances that triggered the […] more…Massive Admedia/Adverting iFrame Infection
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are: 32 hex digit comments at the beginning and end of the malicious code. E.g. /*e8def60c62ec31519121bfdb43fa078f*/ This comment is unique on every infected site. Most likely an MD5Read […] more…This Facebook bug could have allowed hackers to take over your account
The researcher uploaded a booby-trapped image to Facebook’s content delivery network, then read it back as JavaScript via facebook.com. more…LG patches data theft bug affecting millions of Android phones
LG has patched a security flaw in an application preinstalled on millions of its Android G3 smartphones that researchers found could be used to steal a variety of data. The application, called Smart Notice, is a kind of multifunctional widget, managing contacts, notifications, and weather and traffic alerts. Researchers from BugSec and Cynet, two computer […] more…The real reason Microsoft open sourced .NET
With its engineers involved in more than 2,000 open source projects, you’d have to agree that open source has more than a foothold at Microsoft these days. Most recently, for example, the browser team made the Chakra JavaScript engine that powers both Edge and Internet Explorer open source, for a very practical reason. Tags: Microsoft more…Increasingly popular update technique for iOS apps puts users at risk
An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through Apple’s normal review process, potentially opening the door to abuse and security risks for users. The technique is a variation of hot patching, which is a way of dynamically updating a […] more…Critial XSS flaws in Magento leave millions of ecommerce sites at risk
Enter your email address to register. Or enter some javascript and own the store. more…Critical vulnerabilities patched in Magento e-commerce platform
If you’re running an online shop based on the Magento e-commerce platform, it’s a good idea to update it as soon as possible. The latest patches fix critical vulnerabilities that could allow attackers to hijack administrative accounts. One issue was discovered by researchers from Web security firm Sucuri and stems from improper validation of email […] more…Trend Micro Continues Protection for Older Versions of Internet Explorer
Last week, Microsoft ended support for older versions of Internet Explorer (versions 8, 9, and 10). This was done as part of the January 2016 Patch Tuesday cycle; at the same time support for Windows 8 also ended. This means that Microsoft will stop updating old versions of the browser and from now on (with some small […] more…Adobe patches flaws in ColdFusion, LiveCycle Data Services and Premiere Clip
Adobe has released security updates for its ColdFusion application server, LiveCycle Data Services framework and Premiere Clip iOS app. The company published hotfixes for ColdFusion versions 11 and 10, namely ColdFusion 11 Update 7 and ColdFusion 10 Update 18. Both updates address two input validation issues that could be exploited to execute cross-site scripting (XSS) […] more…jQuery.min.php Malware Affects Thousands of Websites
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Every now and then we write about such attacks. Almost every week we see new fake jQuery domains and scripts that mimic jQuery. For example, one of the most prevalent malware infectionsRead […] more…PageFair says small percentage of users were at risk from attack
PageFair, an Irish ad analytics company, said Monday a small percentage of users were at risk after attackers compromised its systems over the weekend. CEO Sean Blanchfield wrote that 501 publishers that use the company’s javascript tag were affected. Ninety percent of publishers have less than ten million page views per month, and 60 percent […] more…Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability
A vulnerability known as Wormhole that reportedly affected the software development kit (SDK), Moplus by Baidu is making waves due to the severity of the impact once successfully exploited. The said vulnerability was discovered by WooYun.og, a vulnerability reporting platform in China. However, as our investigation on this security bug unfolded, we found out that […] more…3,000 High-Profile Japanese Sites Hit By Massive Malvertising Campaign
Malvertising and exploit kits work hand-in-hand – and are an amazingly effective threat that keeps victimizing users over and over again. The latest victim? Users in Japan. Since the start of September, almost half a million users have been exposed to a malvertising campaign powered by the Angler exploit kit. This particular attack was highly targeted […] more…How To Redirect A Website On Your Own Website
When Your Have Low Traffic on website/blog You can Get Traffic from Your defaced website. Just redirect the Defaced website on your Main website. How To Redirect Defaced Website On your Website ???For Redirecting hacked website to your website open the deface Page with Notepad And paste this code Anywhere, But closed the <> ProperlyCode […] more…More information
- Syrian Electronic Army Hacks White House Media Team
- DropboxCache Cross-Platform Backdoor Targets OS X
- Germany to Consult US Over Huawei Security Fears: Merkel
- Don’t let Apple’s Vision Pro come in by the back door
- What is vulnerability management? Processes and software for prioritizing threats
- Keep bad guys off your network by finding out where they live
- Resolved: Library service interruption (The CAT), 1/23/14
- Resolved: CLC lxcluster.tlt.psu.edu down
- Over 60,000 Stolen Profiles Sold on Underground Marketplace
- iOS Trojan Collects Face and Other Data for Bank Account Hacking