Phony T-Mobile, Vodaphone Notifications Duping U.K. Users

Cybercriminals in the United Kingdom this week have launched two separate but similar scams intent on gaining access to users’ computers. Both scams impersonate e-mail notifications from popular British cell phone companies and both ultimately open a backdoor on the targeted computers. E-mail...

Go Daddy Attributes DNS Hack to Phishing

A spokesman at Go Daddy, the popular domain registrar and Web host company, believes that some of its users may have been phished – and that’s to blame for the barrage of ransomware some customers have been seeing in past week or so. Last week it was reported that attackers had placed malicious D...

Fake Facebook Alert Emails Link to Black Hole Sites

Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to ...

Go Daddy Sites Serve Up Ransomware Malware

Domain name registrar and website hosting provider Go Daddy is responding to a DNS attack targeting a "small number" of its hosted websites that one security firm said is enabling cyber criminals to spread ransomware. The DNS Domain Name System is what transfers host-names into IP addresses,...

New Java Attack Introduced into Cool Exploit Kit

A new exploit has been found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw that’s been patched by Oracle in Java 7 Update 9. Cool Exploit Kit was discovered last month and is largely responsible for dropping the Reveton ransomware. A new Metasplo...

Adobe Reader zero-day vulnerability with modified Blackhole Exploit-Kit

Group-IB, a Russian cybercrime investigation company has discovered a zero-day vulnerability, affects Adobe Reader X and Adobe Reader XI. The vulnerability is also included in new modified version of Blackhole Exploit-Kit, which is used for the distributing the banking Trojans Zeus, Spyeye,...

ZeroAccess Botnet Cashing in on Click Fraud and Bitcoin Mining

A mid-year switch in communication protocol and distribution strategy is behind a spike in activity from the ZeroAccess botnet, a prolific and malicious ad click fraud network. Researchers at Kindsight Security Lab reported today that ZeroAccess accounts for 29 percent of home network infections ...

Fake Payroll Confirmation Email Leads to Black Hole Exploit Kit

Criminal hackers launched an attack campaign earlier this week in which they sent a slew of emails purporting to come from the financial software developer Intuit. The emails contained links that led to sites hosting the Blackhole exploit kit in an apparent attempt to infect the machines of...

Apple update removes Java plugin from OS X browsers

Apple has discontinued its own Java plugin, issuing an 'update' that removes it from MacOS and encourages users to instead download Oracle's version of the software. Its another step by Apple towards making OS X safer on the web. Mac users may have noticed that Java-based websites are displaying ...

Deluge of Election-Related Spam, Threats Begins

It was only a matter of time before the inevitable wave of malicious, election-tinged spam began to rain down upon internet users. In the wake of last week’s presidential debate between President Barack Obama and Republican nominee Mitt Romney, it appears the floodgates have opened. According to ...

Fake ADP and FDIC Notifications Leading Users to Blackhole Exploit Kit

With the latest iteration of the Blackhole Exploit Kit hitting the web this week, attackers are going to great lengths to spread around links to get unsuspecting victims to click through to the first version of the kit. E-mail notifications claiming to come from Microsoft Exchange, ADP, the Feder...

BlackHole Exploit Kit 2.0 released with more latest Exploits

According to release announcement on Pastebin by unknown developers in a Russian-language BlackHole Exploit Kit 2.0 released with more latest Exploits. BlackHole is one of the most dominant exploit toolkits currently available in the underground market. It enables attackers to exploit security...

Black Hole Exploit Kit 2.0 Released

The developer behind the notorious Black Hole exploit kit has released a new version of the software, adding in several new features designed to prevent security researchers from getting access to new exploits or reverse-engineering the kit’s inner workings. Conveniently, the pricing for Black Ho...

Researchers Identify Second New Java Bug

Researchers who have dug into the exploit for the new Java CVE-1012-4681 vulnerability found that there are actually two previously unknown security bugs in Java 7 and that the exploit, which has been tied to attackers in China, is using both of them to get full control of vulnerable machines. Th...

Java 7 Applet Remote Code Execution

Multiple vulnerabilities in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by 1 using com.sun.beans.finder.ClassFinder.findClass and leveraging an...

New Report Beckons 'Cyber Arms Race,' Explains Black Hole Kit

Espionage has gone digital and we’re just now seeing the beginnings of what will prove to be a “cyber arms race,” according to Mikko Hypponen, Chief Research Officer for the F-Secure, the Finnish security firm. Hypponen laid out his thoughts and recapped the last seven months in threats in the...

Blackhole Exploit Kit Adobe Flash Player

A buffer overflow vulnerability has been reported in Adobe Flash Player. The vulnerability is due to insufficient boundary checking in Adobe Flash Player while handling specially crafted .swf files. A remote attacker can use the Blackhole Exploit Kit to detect this vulnerability and send speciall...

Fake AT&T Emails Using Blackhole Exploit Kit to Install Malware

For the last few weeks there have been a series of quite authentic-looking phishing emails making the rounds, purporting to come from AT&T and informing the recipient that their bill is ready to view. The emails look nearly identical to a real bill and researchers say that users who fall for the...

Black Hole Exploit Kit Targeting Java CVE-2012-1723 Flaw

A new fork of the Black Hole exploit kit is making quick work of a recently patched Java vulnerability and security researchers say that the attackers are registering new sites quickly to exploit users with vulnerable browsers. The CVE-2012-1723 Java vulnerability that the Black Hole exploit kit ...

MSXML Exploit Surfaces in Black Hole Kit

Attackers really like exploit kits because they offer users the ease of point-and-click exploitation, lots of potential targets and don’t require a huge amount of technical knowledge to use. Attackers also enjoy Microsoft vulnerabilities, especially unpatched ones, because of the massive installe...