So called 'newsletter bombs' are increasingly being sent to the publicly known email addresses of journalists, companies, and also dot-gov email addresses. These attacks send thousands of fake newsletter sign-up emails to targeted email addresses rendering the attacked mailbox useless.
According to German secure email service Tutanota, which had its own main contact address targeted, these attacks are easy to execute because most newsletter sign-up forms have no protection against malicious bot sign-ups.
A new report from Panda Security's PandaLabs research arm reveals that real time attacks that involve direct interaction with the victim are on the rise.
It also shows the increasing professionalism of cyber criminals. Highly specialized groups are forming in fields like the creation and distribution of malware and exploits. An example covered by PandaLabs is the RDPatcher attack, the purpose of which is to put the victim’s computer up for sale on the black market for use in a bot network.
Word vulnerability, Windows bug, and 'Trump's_Attack_on_Syria' document used in Sednit phishing attack
The Sednit group believed to have been involved in interference with the French election was also responsible for a phishing attack that used President Trump to lure in victims. Security firm ESET analyzed a phishing email with an attachment named Trump's_Attack_on_Syria_English.docx and found that it had the hallmarks of the well-known group.
The document was engineered to infect victims' computers with the Seduploader tool, and it did this by exploiting two vulnerabilities, one in Microsoft Word, and one in Windows. Sednit -- previously known as APT28, Fancy Bear, and Sofacy -- took advantage of a recently discovered Remote Code Execution vulnerability in Word (CVE-2017-0262) as well as a security hole in Windows (CVE-2017-0263) in executing the attack.
Researchers at cyber security firm Bitdefender recently unveiled a new targeted attack and named it Netrepser. What makes this threat different from other APTs (advanced persistent threat) is that it was built with readily available software tools.
The goal of Netrepser, according to Bitdefender, is to steal data from government agencies. No information on which agencies were targeted. Netrepser uses multiple methods to get its tiny digital hands on the victim’s information, from keylogging, to password theft, to cookie theft. At the very heart of this tool is a "legitimate, yet controversial" recovery toolkit provided by Nirsoft.
The security of Android has been questioned many times, but the general thinking is that installing apps from Google Play offers a decent level of protection. But research by Check Point shows that this is not the case due to a flaw in permissions.
The permission model used by Google grants apps installed from the Play Store extensive access, and opens up the risk of malware, ransomware and other threats. Google is aware of the problem, but does not plan to address it until the release of Android O, meaning that an unknown number of apps pose a risk to millions of users.
We live in strange times when security software is needed for TVs -- although given recent WikiLeaks revelations, it's perhaps not entirely surprising -- but this is precisely what McAfee is providing. The security firm today announces an expansion of its partnership with Samsung, and this sees the company providing protective software that will be pre-installed on a range of devices.
As well as smart TVs, McAfee will also be offering security software for Samsung PCs and smartphones. A recent survey by McAfee found that consumer concerns "underscore the need for robust cross-device security," but is the company using this as a money-making venture?
Ransomware is one of the most successful and profitable weapons in the cyber criminal's armory, partly because it leverages an old-fashioned crime in a new digital format.
A new study by Barracuda Networks reveals that 92 percent of people surveyed are concerned about ransomware hitting their organization, and 47 percent of respondents have been a victim of ransomware themselves.
Whether it's due to a specific cyber attack, theft of data, or a wider criminal investigation, it's increasingly necessary to be able to capture evidence from mobile devices.
Forensic investigation software specialist Guidance Software is launching a new version of its EnCase product aimed at safely gathering data from mobiles.
Data breaches not only cost businesses money in the short term, they can cause long term reputational damage as stolen details turn up for sale in dark corners of the internet.
Cyber security company Comodo is offering enterprises with more than 1,000 employees a free 'Company Threat Analysis' to determine if their sensitive information is for sale on the Dark Web and, if so, how to prevent compromises from happening again.
It's no secret that most people are rubbish at choosing passwords -- it's something that's proved time and time again when the annual list of common passwords is released. To help overcome the problem, and hopefully increase the security of people's accounts, a team of researchers from the Carnegie Mellon University and the University of Chicago have created an open source password meter that provides advice about how to strengthen a password.
While it's quite common to encounter online forms that require you to create passwords that meet certain criteria, it still does not necessarily mean they are secure. CyLab Usable Privacy and Security Laboratory (CUPS), in conjunction with the Institute for Software Research, has created a tool that provides real-time feedback that helps to explain why a password is insecure, and offers tips about how to strengthen it.
A number of people who were members of the dating website Guardian Soulmates had their email addresses exposed following a data breach. The exposure of usernames and email addresses led to some users receiving explicit emails.
Human error has been blamed for the breach, with site owner Guardian News and Media (GNM) saying that the problem stemmed from a third-party technology provider. The issues meant that private details were made available via users' public profiles.
Google’s Project Zero identifies bugs and security flaws in commonly used software, and gives firms 90 days to patch them before going public. This is an approach which doesn’t always go down well -- a case in point being when Google recently released details of a Windows bug after Microsoft failed to patch it in time.
Now two Project Zero security researchers claim to have found a new critical remote code execution (RCE) vulnerability in Windows which they describe as the "worst in recent memory" and "crazy bad".
Anyone using Microsoft Edge to "print to PDF" is advised to double-check their files after a strange bug was detected. The problem is reminiscent of a bug that afflicted Xerox photocopiers a couple of years ago, and sees the browser displaying one set of numbers and printing another.
Microsoft has confirmed the existence of the bug which has the potential to cause serious issues with mission-critical data. The person who originally reported the problem cites an example in which Windows 10's default web browser "displays 123456 in PDF but prints 114447."
Endpoints are often the weakest links in any IT system, but protecting them effectively now means much more than simply guarding against malware.
As businesses rely more on the cloud and on web-based applications, the endpoint provides a gateway that can be vulnerable to attack.
HandBrake for Mac server compromise means downloaders have 50-50 chance of Proton RAT malware infection
Anyone who downloaded the Mac video transcoder HandBrake in the last few days stands a 50 percent change of being infected with a Trojan. The download for version 1.0.7 of HandBrake was infected after the mirror download server was compromised.
The Trojan allows for an attacker to remotely access an infected computer, and a malware-laced version of the app was made available for download between May 2 and May 6. If you downloaded the app in this window, you're advised to check the SHA1/256 sum, and if you have gone as far as installing the software, there are steps to take to determine if you're infected and remove the malware if you are.