During the past year, Let's Encrypt has issued a total of 15,270 SSL certificates that contained the word "PayPal" in the domain name or the certificate identity. Of these, approximately 14,766 (96.7%) were issued for domains that hosted phishing sites.
Lots and lots of little crappy ransomware released this week with nothing new or innovative. We do have some interesting Spora stats, a story on the decline of Locky, and of course an updated decryptor by Fabian Wosar who continues to kick ransomware in the buttocks. Other than that, not really any of significance.
A botnet specialized in gift card fraud is using the infrastructure of nearly 1,000 websites to check the balance of several types of electronic gift cards in order to defraud legitimate card owners.
Security researcher Dylan Ayrey detailed last week a new web-based attack named XSSJacking that combines three other techniques — Clickjacking, Pastejacking, and Self-XSS — to steal data from careless users.
As everyone kind of expected, Google Chrome, the world's leading browser with a comfortable market share of above 50%, is also the most installed software package.
News of malicious Android apps hosted on the Google Play Store doesn't seem to stop coming these days, as ESET and Zscaler researchers recently disclosed they've reported nearly 100 malicious apps they recently come across.
Google Chrome engineers announced plans today to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec.
Willem de Groot, a Dutch security expert, is asking owners of defunct or soon-to-be-dead online stores to donate their domains so he can set up honeypots and track credit card stealing malware and other types of cyber-attacks on e-commerce targets.
Burglars can use a recently disclosed security flaw affecting several Google Nest cams to make vulnerable cameras go offline for approximately 60 to 90 seconds. The flaw can be exploited via the cameras' Bluetooth connection and can provide thieves with the time window they need to get close and break into a home unseen.
A remote code execution flaw in the SAP Windows client opens the door for ransomware attacks targeting enterprises that rely on various SAP products to manage and keep track of their business operations.
After last month security researchers discovered the first-ever Word document spreading macro malware on macOS, last week, researchers from Fortinet spotted a Word document that contained macro scripts that distributed both Windows and macOS malware at the same time, depending on the OS it managed to infect.
Android malware is evolving, and a clear trend has become visible in the past six months, with several malware strains implementing their malicious behavior via plugin frameworks.