13 matches found
HP Exposes Low-Effort, High-Impact Cat-Phishing Targeting Users
By Waqas New HP report reveals cybercriminals are increasingly leveraging "cat-phishing" techniques, exploiting open redirects in legitimate websites to deceive users and deliver malware. This is a post from HackRead.com Read the original post: HP Exposes Low-Effort, High-Impact Cat-Phishing...
Information stealer compromises legitimate sites to attack other sites
Security researchers at Akamai have published a blog about a new Magecart-alike web skimming campaign that uses compromised legitimate sites as command and control C2 servers. A web skimmer is a piece of malicious code embedded in web payment pages to steal personally identifiable information PII...
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others
...
Roundtable video: Disinformation and election security
By Jon Munshaw. In our continued coverage of election security, we decided to sit down with four Talos and Cisco researchers to discuss disinformation. As we outlined in our recent research paper, disinformation is one of the cornerstones of threat actors' efforts to disrupt the American election...
8 Ways to Avoid the Cybersecurity Grinch This Holiday Season
'Tis the season to be jolly…unless you work in cybersecurity. According to the Carbon Black Threat Analysis Unit TAU, organizations should expect to see a spike in potential cyberattacks starting with Black Friday/Cyber Monday and continuing through the holiday shopping season. TAU’s analysis...
GandCrab Ransomware Found Hiding on Legitimate Websites
The GandCrab ransomware continues to virulently spread and adapt to shifting cyber-conditions, most recently crawling back into relevance on the back of several large-scale spam campaigns. What’s interesting is that GandCrab payload was found hiding on legitimate but compromised websites. These,...
VeriSign demands Power to takedown non-legitimate website
VeriSign demands Power to takedown non-legitimate website VeriSign, which manages the database of all .com internet addresses, wants powers to shut down "non-legitimate" domain names when asked to by law enforcement. VeriSign should be able to shut down a .com or .net domain, and therefore its...
VeriSign demands Power to takedown non-legitimate website
VeriSign demands Power to takedown non-legitimate website VeriSign, which manages the database of all .com internet addresses, wants powers to shut down "non-legitimate" domain names when asked to by law enforcement. VeriSign should be able to shut down a .com or .net domain, and therefore its...
High Profile Education, Government Sites Hacked
The Web sites of some of the nation’s top universities were discovered to be serving up links to bogus online stores offering everything from popular software by Microsoft to student visas and Viagra, according to a report from security firm zScaler. Portions of Websites belonging to Harvard...
nginx Proxy DNS Cache Domain Spoofing Vulnerability
The 'nginx' program is prone to a vulnerability that may allow attackers to spoof domains because the software fails to properly compare domains when referencing an internal DNS cache. This issue can be exploited when nginx is configured to act as a forward proxy, but this is a nonstandard and...
55,000 Hacked Sites Serving Malware Cocktail
Security researchers are raising an alarm for a potent malware cocktail — backdoor Trojans and password stealers — being pushed to Windows users from about 55,000 hacked Web sites. According to Mary Landesman, a researcher in ScanSafe’s security threat alert team, the cybercriminals have embedded...
Most attacks come from legit but hijacked sites
From TechWorld John E. Dunn The number of legitimate Websites being hacked to host malware has hit startling highs in recent days, new figures from MessageLabs have revealed. Data taken from the days between May 4 and 8 showed that 84.6 percent of Websites blocked by the company for hosting...
Mozilla Browser 1.6/1.7 - URI Obfuscation
source: https://www.securityfocus.com/bid/10532/info A weakness is reported in Mozilla that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. It is reported that th...