Chris Johnson, director of compliance and security services at Fort Lauderdale, Fla.-based Wheelhouse IT, said his MSP business manages around 4,000 Webroot endpoints. He said around a dozen clients were impacted in a “serious” way.   “Yesterday was crazy,” Johnson said. “It was definitely crazy.”   Johnson said he felt Webroot did a good job… Continue reading Webroot 13-minute incident: one perspective from a MSP manager

April 26, 2017 by Pieter Arntz                                                 In this series, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for… Continue reading Adware the series, part 1

April 26, 2017 by Jérôme Segura                                        One of the most common malware campaigns from compromised websites is known as EITest and has traditionally been redirecting victims towards exploit kits. But it also has an alternate payload for browsers other than Internet Explorer, specifically for Google Chrome, where it tricks users… Continue reading A story of fonts by the EITest HoeflerText campaign

I don’t think you could make this up   Senate employees just use passwords, and their badges sport a picture of an alternative.                                            What a real smartcard ID looks like: the DOD’s Common Access Card.    Sean Gallagher – 4/26/2017   When Congress held hearings following the breach of the systems of… Continue reading Picture this: Senate staffers’ ID cards have photo of smart chip, no security

By Eduard Kovacs on April 26, 2017   A researcher has discovered several vulnerabilities in SugarCRM’s popular customer relationship management (CRM) product. While most of the flaws appear to have been patched, the expert’s disclosure suggests that the vendor needs to make some improvements in how it communicates with individuals who report security holes. Sugar… Continue reading Expert Discloses Several Flaws Found in Sugar CRM

26th April 2017  by John E Dunn   Recently we’ve been writing about LastPass more than seems healthy.   March saw two rounds of serious flaws made public by Google’s Tavis Ormandy (quickly fixed), which seemed like a lot for a single week. Days ago, news emerged of a new issue (also fixed) in the… Continue reading More LastPass flaws: researcher pokes holes in 2FA

App dev ransacked after gang used test/test login, it is claimed                                            25 Apr 2017 at 21:04, Iain Thomson   A Brit biz selling surveillance tools that can be installed on phones to spy on spouses, kids, mates or employees has been comprehensively pwned by hackers –… Continue reading After blitzing FlexiSpy, hackers declare war on all stalkerware makers: ‘We’re coming for you’

By Eduard Kovacs on April 25, 2017   A potentially serious vulnerability has been found in third-party software shipped by several major vendors for their displays. The developer has rushed to release a patch for the flaw, which is believed to affect millions of devices worldwide. The security hole was identified by researchers at SEC… Continue reading Display Software Flaw Affects Millions of Devices

April 25, 2017 by Thomas Reed                                                 iCloud is an increasingly large target for scams of all kinds. It’s a common target for scams involving phishing e-mails. The goal of such scams is to get you to click a link that takes you to a fake… Continue reading iCloud support scams

By Tom Spring April 25, 2017                                      Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities, and most are based in the United States.   In a recent analysis of xDedic, Flashpoint found that besides the education sector, PC and servers tied to healthcare and… Continue reading xDedic Market Spilling Over With School Servers, PCs