Gamers are accusing a company that makes mods for Microsoft’s Flight Simulator X game of putting a password stealer inside one of its add-ons. The company defended its decision by saying the malware works part of a Digital Rights Management (DRM) platform and only activates when users are using a […]
Haythem Elmir
Nearly 8,000 Security Flaws Did Not Receive a CVE ID in 2018
A record-breaking number of 20,832 vulnerabilities have been discovered in 2017 but only 12,932 of these received an official CVE identifier last year, a Risk Based Security (RBS) report reveals. This means that 7,900 security bugs remained without a CVE-2017-XXXXX number, and were left off the databases of many security […]
White House: Cyberattacks Cost US Economy Between $57B and $109B in 2016
Citing a report from the Council of Economic Advisers (CEA), the White House said on Friday that cyberattacks cost the US economy somewhere between $57 billion to $109 billion in 2016. The estimate includes losses from a wide variety of activities, such as DDoS attacks, data breaches, ransom demands, downed infrastructure, lost […]
Null Character Bug Lets Malware Bypass Windows 10 Anti-Malware Scan Interface
Malware that embeds a null character in its code can bypass security scans performed by the Anti-Malware Scan Interface (AMSI) on Windows 10 boxes. Microsoft fixed this vulnerability last week when it released the February 2018 Patch Tuesday security updates. Flaw affects AMSI Windows 10 security feature The vulnerability resides […]
Free Ransomware Available on Dark Web
The McAfee Advanced Threat Research team recently analyzed a ransomware-as-a-service threat that is available for free and without registration. This malware was first seen in July 2017 with the extension .shifr. It has now appeared in recent detections with the extension .cypher. Ransomware-as-a-Service Ransomware-as-a-service is a cybercrime economic model that allows […]
Inside the Capabilities and Detection of UDPoS Malware
Imagine a job that changes every day of your life, where you get to do something new each week – that’s what it’s like working in the cybersecurity industry. For me, this is ideal—smarter adversaries, new challenges, and the constant struggle to predict and prepare for the future of security in […]
JenkinsMiner made $3.4 million in a few months by compromising Jenkins servers
Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers A criminal organization has made $3.4 million by compromising Jenkins servers and installing a Monero cryptocurrency miner dubbed JenkinsMiner. “The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows,and has already secured him over $3 million […]
The Mirai Botnet Is Attacking Again…
The Mirai Botnet Is Attacking Again… And the spinoff bots – and all their command and control hostnames buried in the morass of digital data – are hilarious. The Mirai botnet is kind of like Madonna. They both were huge once. Then the adoring public shifted their attention to younger, newer […]
Russian hackers sentenced to prison in US for compromising 160 million credit cards
Two Muscovites have been sentenced to years in prison for their roles in the biggest data breach conspiracy ever prosecuted in the United States. Three co-conspirators are still at large. Vladimir Drinkman, 37 and Dmitriy Smilianets, 34, had previously pleaded guilty for their roles in the conspiracy to commit wire […]
Hackers sentenced for SQL injections that cost $300 million
Heartland Payment Systems: remember that decade-old breach? What was then the sixth-largest payments processor in the US announced back in 2009 that its processing systems had been breached the year before. Within days, it had been classified as the biggest ever criminal breach of card data. One estimate claimed 100 million cards and […]