web analytics

eNerds build SaaS for CryptoLocker detection and prevention

  By Samira Sarraf  Mar 27 2017   Many Australian businesses forked out to save their data from CryptoLocker attacks last year. Small businesses reported $1.6 million in losses from scam activities in the first half 2016, according to the ACCC. The consumer watchdog said that most of 2015 scams were aimed at small businesses involved false… Continue reading eNerds build SaaS for CryptoLocker detection and prevention

Apple pushes security update to OS X Yosemite and El Capitan

Apple has a surprise for OS X Yosemite and El Capitan users: A security update.   By Adrian Kingsley-Hughes for Hardware 2.0 | March 27, 2017   Have you been thinking that you’d never see another update for your Mac that’s stuck running OS X Yosemite and El Capitan? Well, Apple has a surprise for… Continue reading Apple pushes security update to OS X Yosemite and El Capitan

Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly

Thousands of docs with sensitive data still reachable from search engines, including health data.                              Sean Gallagher – 3/27/2017   On March 25, security researcher Kevin Beaumont discovered something very unfortunate on Docs.com, Microsoft’s free document-sharing site tied to the company’s Office 365 service: its homepage had a search bar. That in itself would… Continue reading Doxed by Microsoft’s Docs.com: Users unwittingly shared sensitive docs publicly

Adware Replaces Phone Numbers for Security Firms Returned in Search Results

March 27th 2017 By Catalin Cimpanu   A new adware family named Crusader will rewrite tech support phone numbers returned in Google search results, display ads, and show popups pushing tech support scams.   Current versions of Crusaders are installed on victims’ computers via software bundles. Users usually download a free application, whose installer also… Continue reading Adware Replaces Phone Numbers for Security Firms Returned in Search Results

Mobile Menace Monday: Preinstalled adware and sometimes worse

March 27, 2017 by Nathan Collier   BLU manufactured mobile devices have been discovered with preinstalled adware known as Android/Adware.YeMobi.   Behavior of YeMobi   The incriminating behavior of adware YeMobi is its ability to launch the default browser on a mobile device and use it to display ads. There is an unusual element to this… Continue reading Mobile Menace Monday: Preinstalled adware and sometimes worse

Researcher Builds WMI-Based Hacking Tool in PowerShell

By Ionut Arghire on March 24, 2017                                              Researcher Builds WMI-Based RAT in PowerShell Security researcher Christopher Truncer released a WMI-based agentless post-exploitation RAT that he developed in PowerShell. Last year, Truncer released a PowerShell script capable of carrying out different actions via Windows Management Instrumentation (WMI), both on the local and on remote… Continue reading Researcher Builds WMI-Based Hacking Tool in PowerShell

Microsoft Security Bulletin Minor Revision Issued: March 24, 2017

Microsoft Security Bulletin Minor Revision Issued: March 24, 2017 ******************************************************************** Summary ======= The following bulletin has undergone a minor revision increment. * MS17-013 Bulletin Information: ===================== MS17-013 – Title: Security Update for Microsoft Graphics Component – https://technet.microsoft.com/library/security/ms17-013.aspx – Reason for Revision: Changed supersedence on package 3178688 affecting Microsoft Office 2010 Service Pack 2 (32 and… Continue reading Microsoft Security Bulletin Minor Revision Issued: March 24, 2017

New Attack “XSSJacking” Combines Clickjacking, Pastejacking, and Self-XSS

24th March 2017 By Catalin Cimpanu   Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques  — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.   Ayrey says XSSJacking can help attackers reach sensitive information for which they would normally need a more… Continue reading New Attack “XSSJacking” Combines Clickjacking, Pastejacking, and Self-XSS

Advanis tech support screenlocker

March 24, 2017 by Pieter Arntz   Recently we noticed a change on one of the domains that we monitor because they are known to host files related to tech support scams and involved in browlocks, fake alerts, and screenlockers.   The domain and the screenlocker   At the moment the installer is being pushed by… Continue reading Advanis tech support screenlocker

Almost 1,000 Online Stores Under Attack from GiftGhostBot Botnet

24th March 2017  By Catalin Cimpanu                                                         A botnet specialized in gift card fraud is using the infrastructure of nearly 1,000 websites to check the balance of several types of electronic gift cards in order to defraud legitimate card owners.   Distil… Continue reading Almost 1,000 Online Stores Under Attack from GiftGhostBot Botnet