Attackers are trying to trick web administrators into sharing their admin account login credentials by urging them to activate DNSSEC for their domain. The scam was spotted by Sophos researchers, when the admin of their own security marketing blog received an email impersonating WordPress and urging them to click on a link to perform the activation. READ MORE...
Two years ago, when researchers at antivirus company Trend Micro reported on a new mobile data-stealing kit known as FakeSpy, they warned there could be more to come from the hackers. Directing the Android-focused malware at users outside of South Korea and Japan, where it was discovered, would simply be a matter of reconfiguring the code, the researchers said. That's exactly what happened. READ MORE...
The COVID-19 pandemic has made it harder for banks to trace the source of payment card data stolen from smaller, hacked online merchants. On the plus side, months of quarantine have massively decreased demand for account information that thieves buy and use to create physical counterfeit credit cards. But fraud experts say recent developments suggest both trends are about to change - and likely for the worse. READ MORE...
Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library. Windows Codecs Library handles how the OS compresses large multimedia files such as photos and videos, and then decodes them for playback within applications. The out-of-band updates, addressing a critical-severity flaw and important-severity vulnerability, were sent out via Windows Update Tuesday night and affect several versions of Windows 10 and Windows Server 2019. READ MORE...
Netgear has started releasing patches for ten vulnerabilities affecting nearly 80 of its products, including flaws disclosed last year at the Pwn2Own hacking competition. All of the security holes were reported to Netgear through Trend Micro's Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five by Pedro Ribeiro and Radek Domanski of Team Flashback. READ MORE...
The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The malware served offers operators the ability to search for and exfiltrate any file or document from a victim's machine. The group (a.k.a. Promethium) is operating a series of bogus websites purporting to offer a range of popular software utilities. READ MORE...
A new piece of ransomware dubbed EvilQuest is being delivered bundled up with pirated versions of popular macOS software, researchers warned. But the ransomware is also a smokescreen, as its "noisiness" is meant to hide other things happening on the system in the background: the installation of a keylogger and a reverse shell, and the exfiltration of files that contain valuable information (keys to cryptocurrency wallets, code-signing certificates, and more). READ MORE...
Google, it seems, is joining Apple in limiting the maximum validity of web security certificates - those digitally signed blobs of data that put the S in TLS and the padlock in your address bar - to just one year. The code change is headlined Enforce 398-day validity for certificates issued on-or-after 2020-09-01. Apple announced back in February 2020 that it was going to start doing this in its Safari browser. READ MORE...