2,844 new data breaches with 80M records added to Have I Been Pwned Security researcher Troy Hunt has added more than 80 million records from nearly 3,000 new data breaches to Have I Been Pwned. That is so many records that it is currently ranked as the 15th biggest data […]
Oracle Server Vulnerability Exploited to Deliver Double Monero Miner Payloads
The sudden rise of cryptocurrency triggered a shift in the target landscape. Cybercriminals started adapting and using their resources to try acquiring cryptocurrencies, whether through pursuing repositories like Bitcoin wallets or by compromising networks and devices to mine the currency. This isn’t completely new — ransomware authors have been using bitcoin as their preferred currency […]
PhishMe Acquired at $400 Million Valuation, Rebranded as Cofense
Private Equity Deal Values Cofense at $400 Million PhishMe, a security awareness firm that focuses on training employees on how to recognize and report phishing attacks, has been acquired by a private equity consortium in a deal that valued the company at $400 Million. The company has also re-branded and […]
Flash Exploit, CVE-2018-4878, Spotted in The Wild as Part of Massive Malspam Campaign
On February 22, 2018, Morphisec Labs spotted several malicious word documents exploiting the latest Flash vulnerability CVE-2018-4878 in the wild in a massive malspam campaign. Adobe released a patch early February, but cyber criminals know that is will take some companies weeks, months or even years to rollout the patch. All the documents […]
Which phishing messages have a near 100% click rate?
Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that […]
Dozen vulnerabilities discovered in Trend Micro Linux-based Email Encryption Gateway
Security researchers at Core Security have discovered a dozen vulnerabilities in Trend Micro Linux-based Email Encryption Gateway. Security researchers at Core Security have discovered a dozen flaws in Trend Micro Linux-based Email Encryption Gateway, some of them have been rated as critical and high severity. The flaws received the CVE […]
Avzhan DDoS bot dropped by Chinese drive-by attack
The Avzhan DDoS bot has been known since 2010, but recently we saw it in wild again, being dropped by a Chinese drive-by attack. In this post, we’ll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Analyzed sample 05749f08ebd9762511c6da92481e87d8 – The […]
Data Keeper Ransomware Makes First Victims Two Days After Release on Dark Web RaaS
Two days after crooks started advertising the Data Keeper Ransomware-as-a-Service (RaaS) on the Dark Web, ransomware strains generated on this portal have already been spotted in the wild, infecting the computers of real-world users. Spotted earlier this week by Bleeping Computer, Data Keeper is the third ransomware strain offered as a […]
PSA: Improperly Secured Linux Servers Targeted with Chaos Backdoor
Hackers are using SSH brute-force attacks to take over Linux systems secured with weak passwords and are deploying a backdoor named Chaos. Attacks with this malware have been spotted since June, last year. They have been recently documented and broken down in a GoSecure report. Chaos rooted in 2013 sebd rootkit […]
Banking Nightmare: Chase Glitch Gives Online Access to Random People
Have you ever wondered what would happen if hackers got into your bank account? What if YOUR BANK ITSELF let someone into your account? While hackers may be scary, the scarier prospect is your bank’s online system allowing access to random people. As of this afternoon, that’s actually what happened […]