There is a new attack vector in town – the customization of phishing kits. In a recent case uncovered by PhishMe Intelligence, a phishing kit was crafted to target residents of specific regions using either TrickBot or Locky. Instead of determining what malware to deploy, this kit determined what personal […]
Ethereum Scammers Make $5,000 in a Night by Impersonating Celebs on Twitter
Online scammers have made over $5,000 worth of Ethereum in one night alone, showing how gullible some cryptocurrency users can be. Miscreants achieved this by creating fake Twitter profiles for real-world celebrities and spamming the social network with messages tricking users to participate in « giveaways. » Crooks deceived users into sending […]
Attackers can Steal Sensitive Data by Abusing CSS – CSS Exfil Vulnerability
CSS is a stylesheet language which provides a presentation for documents, all our modern websites heavily depend on the CSS. A new CSS vulnerability dubbed CSS Exfil can be used by attackers to steal data from the webpages using CSS. With the vulnerability, attackers can steal sensitive data’s including usernames, […]
Linkedin Phishing scam that only works in Firefox using data text urls
We see lots of phishing attempts for email credentials. This one is slightly different than many others and much more involved and complicated. The email has a link to a site which contains a data:text base64 encoded content. data:text urls are dangerous and recently Internet Explorer and Google Chrome have stopped […]
Bangladesh to File U.S. Suit Over Central Bank Heist
Bangladesh’s central bank will file a lawsuit in New York against a Philippine bank over the world’s largest cyber heist, the finance minister said Wednesday. Unidentified hackers stole $81 million in February 2016 from the Bangladesh central bank’s account with the US Federal Reserve in New York. The money was […]
Intel Releases New Spectre Patches for Skylake CPUs
Intel has started releasing new microcode updates that should address one of the Spectre vulnerabilities after the first round of patches caused significant problems for many users. The company has so far released new firmware updates only for its Skylake processors, but expects updates to become available for other platforms […]
GandCrab Ransomware: Now Coming From Malspam
Introduction GandCrab ransomware was first reported on Friday 2018-01-26. Since then, we’ve seen it distributed by campaigns using exploit kits and HoeflerText popup windows. But today on Wednesday 2018-02-07, we’ve also seen GandCrab ransomware distributed through malicious spam (malspam). Today’s GandCrab is a file-less infection using a DLL file called […]
Cryptocurrency Mining Malware Hits Monitoring Systems at European Water Utility
Malware Chewed Up CPU of HMI at Wastewater Facility Cryptocurrency mining malware worked its way onto four servers connected to an operational technology (OT) network at a wastewater facility in Europe, industrial cybersecurity firm Radiflow told SecurityWeek Wednesday. Radiflow says the incident is the first documented cryptocurrency malware attack to […]
How to track smartphone users when they’ve turned off GPS
As it turns out, turning off location services (e.g., GPS) on your smartphone doesn’t mean an attacker can’t use the device to pinpoint your location. A group of Princeton University researchers has devised of a novel user-location mechanism that exploits non-sensory and sensory data stored on the smartphone (the environment’s […]
Tweak to Chrome Performance Will Indirectly Stifle Cryptojacking Scripts
A change meant to improve Google Chrome performance will also indirectly impact cryptojacking scripts (in-browser cryptocurrency miners) and will severely reduce their efficiency. According to a design document seen by Bleeping Computer, Google engineers plan to limit the CPU power some types of JS scripts running in the browser’s background […]