• Joomla and WordPress based sites targeted by new .htaccess code injection
    Joomla and WordPress based sites targeted by a new .htaccess code injection. The injection affects all .htaccess files associated with the Joomla or WordPress-powered sites. It eventually redirects users browsing these sites to a malicious advertisement website.Read More
  • Latest Mirai variant targets routers and other IoT devices using 13 exploits
    Latest Mirai variant targets routers and other IoT devices using 13 exploits. The malware is dubbed as Backdoor.Linux.MIRAI.VWIPT and includes both backdoor and DDoS capabilities. The malware variant uses four different URLs to complete its infection process.Read More
  • JasperLoader malware upgraded to include anti-analysis mechanisms
    JasperLoader malware upgraded to include anti-analysis mechanisms. The latest version includes sandbox and virtual machine detection in order to stay ahead of anti-malware solutions. The infection process begins with a malicious VBS script.Read More
  • Mobile browsers of Chrome, Firefox, and Safari failed to warn phishing attacks for over a year
    Mobile browsers of Chrome, Firefox, and Safari failed to warn phishing attacks for over a year. An academic research project revealed that the mobile browsers, from mid-2017 to the end of 2018, did not alert users about phishing pages. Browsers that used the Google Safe Browsing blacklist service were the ones impacted.Read More
  • Fake missed call alerts target Android users
    Fake missed call alerts target Android users. Researchers observed a phishing campaign that pushes spam alerts in the form of missed calls to Android users with a custom Google Chrome icon. However, not all spam alerts use the trick of changing the browser’s icon, but they have messages that are attractive enough to target unsuspicious victims.Read More
  • Chinese-linked APT10 has been active in the Philippines, researchers say
    Written by Sean Lyngaas May 24, 2019 | CYBERSCOOP An elite Chinese government-linked hacking group known for allegedly stealing reams of data from U.S. organizations has been actively targeting entities in the Philippines, according to new research first shared with CyberScoop. During the month of April, the APT10 hacking group, which U.S. officials have tied to China’s civilian intelligence agency, has been using two new malicious software variants to deliver its payloads against targets in the Philippines, according to analysts from endpoint security firm enSilo. It is unclear what the goal of the targeting is, or who the victims are, enSilo researchers said. Some of the data points in the enSilo research have been tied to Chinese hackers, but not exclusively to APT10, independent researchers said. Attributing hacking activity can be a delicate and difficult act for analysts, and other researchers have apparently erred in blaming APT10 for past hacking activity. But Yavo said enSlio researchers thoroughly compared the coding and variants with previous APT10 activity and concluded the group was behind the recent targeting in the Philippines.Read More
  • Research: Mobile Chrome, Safari, and Firefox failed to show phishing warnings for more than a year
    For more than a year, mobile browsers like Google Chrome, Firefox, and Safari failed to show any phishing warnings to users, according to a research paper published this week. Instead, they focused on deploying phishing pages with "cloaking techniques" aimed at tricking URL blacklist technologies and then recording the time it took for these "cloaked" phishing pages to land on lists of "dangerous sites" -- or if they landed at all. Further, the research team's phishing pages also used six (actually five) cloaking techniques researchers said they've seen used by phishing kits in the real-world: Results varied per URL blacklists and cloaking technique [check graphs at the end of the research paper], but the thing that stood out during their research was that cloaks A, E, and F had zero detections on mobile browsers that were using Google's Safe Browsing URL blacklist. [Cloak A was effectively a "no cloak," meaning that Safe Browsing was not alerting users about any phishing pages, even if they used cloaking technologies or not -- effectively not working at all].Read More
  • Redtail Technology exposes sensitive client data
    Redtail Technology exposes sensitive client data. Redtail’s logging systems inadvertently captured a small subset of the sensitive client data and stored in a file that was publicly available on the internet. The unprotected file contained personal information 0f clients’ such as names, physical addresses, dates of birth, and Social Security numbers.Read More
  • License Plate Recognition Tech Provider Gets Breached, Attackers Release Sensitive Files
    License plate recognition tech provider gets breached, attackers release sensitive files. The stolen files included Microsoft Exchange and Access databases, ERP databases, HR records, Microsoft SQL Server data stores, and more. The information included in these databases include sensitive information related to border security data acquisition, commercial vehicle inspection, electronic toll collection, and roadway monitoring.Read More
  • America's Oldest Professional Theatre Company "The Shubert Organization" Suffers Data Breach
    “We take security of personal information in our care very seriously,” stressed a representative of the Shubert Organization, which owns 17 Broadway theaters and the popular ticketing service Telecharge. “We have security measures in place to protect the data on our systems, and we continue to assess and update our security measures and training to our employees to safeguard the privacy and security of information in our care,” the representative continued. As more and more information is stored on the Internet, cyber-security breaches are quite common for large businesses. In 2016, about 34 percent of American companies suffered a breach, and 86 percent of chief information security officers now believe that breaches are inevitable. “Data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” commented Larry Ponemon, the founder of a data security research firm. “It’s important to ensure that security measures are up to date across the entire network of companies,” stressed Guy Bunker, the senior vice president of products at Clearswift, an information security company.Read More