Malware Breach Credential Theft A spambot has been discovered collecting stolen email credentials and server login info stemming from previous data breaches, such as the LinkedIn hacks as as well also other unknown sources…read more
The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, and therefore can be made to launch executables…read more
A Business Email Compromise (BEC) campaign targeted a range of verticals, including universities, software and technology companies, retailers, engineering organisations, real estate firms, with the goal of harvesting user credentials has been ongoing, according to Flashpoint researchers…read more
An application in the Google Play store called “Earn Real Money Gift Cards” has been identified to contain the “Bankbot” trojan, according to SfyLabs researchers. Another application, from the same developer, was identified to be a potential dropper for the Bankbot trojan called…read more
Want access to the latest advisories, opinion pieces and free security tools?
Join MAGNIFY, a LinkedIn Group for cyber security professionals.
A few weeks ago, we reported that Trickbot had been expanded to incorporate a worm infection capability which makes it difficult to discern, on the basis of infected hosts alone, which system or application is actually targeted…read more
This significant sum is the settlement Nationwide Mutual Insurance Co. must pay to 32 states and the District of Columbia in the wake of a 2012 data breach that exposed personal information of over 1 million people…read more
A new ransomware variant discovered this week is being distributed by attachments containing .wsf (Windows Script Files). The use of WSF files to distribute malware is not uncommon, however, the method being used to download and install the ransomware is…read more
A new spear phishing campaign has been observed. The emails claim to be from a cable manufacturing provider that is seeking a response on whether the recipient can provide supplies listed in the attachment…read more