Adobe released a security update yesterday that resolves a critical vulnerability in Flash Player that could allow malicious sites to execute code on your computer.
Cybercriminals in the web-skimming business sabotage their competition by poisoning the payment data they exfiltrate from online stores. The losing party causing them to end up with a big fat nothing and a ruined reputation on underground forums.
After a short break, Emotet malware has been observed concealed in documents delivered through emails that pretended to be from financial institutions or disguised as Thanksgiving-themed greetings for employees.
Vulnerabilities were recently discovered in the popular AMP for WP plugin that allows any registered user to perform administrative actions on a WordPress site. It has now been discovered that an active XSS attack is underway that targets these same vulnerabilities to install backdoors and create rogue admin accounts.
In April, Microsoft announced their support for the WebAuthn standard that would bring password-less online authentication to Microsoft Edge. Today Microsoft has enabled this feature & Windows 10 users can now use Edge to perform password-less logins to their Microsoft account with a FIDO2 compatible security key.
Just in time for the holidays, if your looking to fill your time watching movies such as Hackers, the Rocky series, and Terminator, you can do so for free on YouTube.
Advanced threat group Sofacy delivers a new malware sample dubbed Cannon in a spear-phishing attack that targets government organizations in North America, Europe and in a former Soviet state.
At least a dozen mobile apps with no legitimate functionality made it into Google Play and have been installed over half a million times. They would silently install another app and trick the user into approving its installation.
According to new data by TrendMicro, attackers utilizing the Emotet banking Trojan predominantly used internet provides in the U.S.A. to host their Command & Control infrastructure.
VisionDirect, a popular contact lens online merchant in Europe, has posted an advisory stating that their web site had a data breach that led to the theft of credit card and account information.
A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations was discovered that allows any registered users to escalate their privileges to gain administrative access to the site.
Crooks have no scruples when it comes to making money. Any high-traffic website is a good target for setting up a cryptocurrency mining operation, and the Make-A-Wish charitable organization makes no exception.
A version of TrickBot spotted recently shows interest in data that is peculiar for the normal scope of banking trojans: the Windows system reliability and performance information.
Web developers can use the SpeechSynthesis API to convert text on a web page into synthesized audio speech. While this feature is great for accessibility and audio queues, it is being abused by advertisements and low quality/scammy web sites.
This week we had some new variants of common ransomware infections such as Dharma and Matrix. Otherwise, it has predominantly been small variants that were either created as a test or have minimal distribution.
A new tech support scam trick is underway that utilizes Facebook's Sharer dialog to scare a user into thinking that their Facebook account has an issue. The scammers then hope that the user will be scared into calling the listed phone number.
A person or group claiming to have hacked ProtonMail and stolen "significant" amounts of data has posted a lengthy ransom demand with some wild claims to an anonymous Pastebin. ProtonMail states it's complete BS.
A bug in the way Gmail handles the structure of the 'from:' header allows placing of an arbitrary email address in the sender field.