The US Department of Homeland Security (DHS) has upgraded the US voting and election infrastructure as a subsector of the nation's critical infrastructure.
Recent variants of the "Merry Christmas" ransomware, also known as Merry X-Mas, are also downloading the DiamondFox malware on infected computers, which is used by the ransomware's operators to collect data from infected hosts, such as passwords, sensitive files, and others.
The number of hijacked MongoDB servers held for ransom has skyrocketed in the past two days from 10,500 to over 28,200, thanks in large part to the involvement of a professional ransomware group known as Kraken.
Based on statistical data gathered by Sucuri from 7,937 compromised websites, WordPress, Joomla, and Magento, in this order, continued to be the most hacked CMS platforms in the third quarter of 2016 (months of July, August, and September).
One trick, first seen in June 2016, was observed again this past month. This clever phishing attack relies on telling users they received an important or secure file, and they need to visit a web page to view it. The real trick takes place on the crook's page, which shows a blurred out document on the background.
The world of web technology changes at a rapid pace. New projects appear daily, and old tools retire to make room for new arrivals. During 2016, the web technology landscape has changed dramatically, with the arrival of AngularJS 2.0, the proliferation of React.js and maturation of several open-source CMS projects.
The "ActionFraud" UK National Fraud & Cyber Crime Reporting Center has issued an alert this week to UK educational institutes, warning against cyber-criminals cold-calling British schools and tricking staffers into installing ransomware on the school's computers.
What started as isolated incidents on Monday has transformed into an all out destruction of thousands of MongoDB servers by the end of the week.
Google's automated over-the-air (OTA) update system has plugged a "high-risk" vulnerability that affected the Android bootloader on Nexus smartphones.
Browser autofill profiles are a reliable phishing vector that allow attackers to collect information from users via hidden fields, which the browser automatically fills with preset personal information and which the user unknowingly sends to the attacker when he submits a form.
The US Federal Trade Commission (FTC) has filed a lawsuit against D-Link, a Taiwanese hardware manufacturer, for misrepresentations about the security of various devices it sold in the US, and for failing to take action and secure devices when security flaws were reported.
Google has banned the AdNauseam Chrome extension from the Chrome Web Store, an add-on that became very popular with users because it automatically clicked on all ads on a page.
A new type of tech support scam tactic observed against Mac users relies on opening a large number of email drafts, an action which eventually causes the user's machine to become unresponsive.
The Plone security team has debunked claims made by a hacker, who said he used a zero-day in the Plone CMS to hack into the FBI's website, which uses the aforementioned CMS.
MongoDB administrators are about to be tought a hard lesson in database management practices, as the number of hackers that are now involved with DB hijacking attempts has gone from one to three, and more are expected to join in the upcoming days.