Items tagged with security

Around 8,000 Android and iOS apps rely on code provided by Pushwoosh to monitor user activity and send custom push notifications. According to a report by Reuters, Pushwoosh has made efforts to portray itself as a US-based company, obscuring the fact that the company operates out of Russia. Among the clients that... Read more...
Google’s Project Zero team, which finds and analyzes zero-day security vulnerabilities, has revealed that an unnamed commercial surveillance company developed spyware that exploited three vulnerabilities specific to Samsung phones equipped with Exynos SoCs. Project Zero managed to obtain a sample of the exploit chain... Read more...
It seems like every other day there's a news story telling you to be afraid of this or that commonplace thing, right? Well relax, because this isn't one of those stories, exactly. No one's infecting your computer when you view a PNG image. However, executable code hidden in PNG images is a key part of this story. ESET are the ones who located Read more...
Researchers at the cybersecurity firm Zimperium have discovered a botnet made up of web browsers infected by malware. The malware in question is known as Cloud9 and takes the form of browser extensions. When installed, these browser extensions take control of infected browsers to steal valuable information and perform... Read more...
Lenovo has been in the computer game for some time. In 2005 it purchased IBM's personal computer line that held the prefix moniker "Think," such as ThinkPad and ThinkCentre. It has since expanded the product offering to include much more, such as ThinkBooks, the Yoga series, and the Legion lineup, in addition to... Read more...
Two iOS developers used a jailbroken iPhone to decrypt and analyze network traffic between the device and Apple. What the developers found is that many of Apple’s own apps frequently send detailed user behavior data along with unique device identifiers back to Apple even when analytics sharing, personalized ads, and... Read more...
On Monday, the US Department of Justice (DOJ) revealed that Internal Revenue Service – Criminal Investigation (IRS-CI) Special Agents raided James Zhong’s house in Gainesville, Georgia back in November 2021. The raid, which was authorized by a search warrant, resulted in the seizure of 50,676 Bitcoin. After... Read more...
Earlier this year, threat researchers at the cybersecurity company IronNet discovered a phishing-as-a-service (PhaaS) platform known as Robin Banks. While the name may be humorous, the platform itself is no laughing matter, as it serves to aid cybercriminals in stealing innocent users’ banking credentials. After... Read more...
As Elon Musk pushes to begin charging users to keep their coveted check marks, it appears scammers are beginning to target users who already have one by their username. The new CEO of Twitter has also mentioned that the verification process is currently being "revamped." In what Musk says is an attempt to make... Read more...
Threat researchers at the cybersecurity firm Proofpoint have discovered an extensive malware campaign targeting readers of online news outlets. A threat actor tracked as TA569, also known as SocGholish, has managed to compromise the infrastructure of a media company that serves content to a large number of news... Read more...
Security researchers at Malwarebytes Labs have discovered a small handful of malicious Android apps loitering in Google Play, which collectively have racked up over 1 million installations. According to the researchers, each of the four malicious apps is contaminated with a Trojan that serves up adware and directs... Read more...
Yesterday, the cloud storage provider Dropbox disclosed a recent phishing attack targeting the company’s employees that resulted in unauthorized access to 130 of its GitHub repositories. Fortunately, the incident didn’t escalate to a breach affecting any users’ Dropbox content, passwords, or payment information... Read more...
A Reddit user looking download and install the free image editor GIMP has discovered a devious malware campaign using contextual Google search ads to trick unsuspecting users into installing the RedLine stealer malware. The user who uncovered and reported this campaign almost fell prey to it himself, until Windows... Read more...
Today and tomorrow, the White House is convening the second International Counter Ransomware Summit with representatives from over thirty countries and fifteen cybersecurity companies in attendance. This event comes after last year’s first ever summit of the same name, which was held virtually. Leading up to this... Read more...
Researchers at the threat analysis company ThreatFabric have published a report detailing some recent evolutions in Android malware droppers on the Google Play Store. Recent changes to Google Play policies restricting access to certain permissions have pushed malware developers to find workarounds. Google is... Read more...
If you're among the more than 2 billion who use Google's Chrome browser on your desktop PC, take a moment to apply the latest patch. Google has issued an emergency update that contains a single security fix and nothing more, but it's an important one—its plugs up a gaping security hole that hackers are known to be... Read more...
Yesterday, a thirty-four year old resident of London. England, Daniel Kaye, was called before a grand jury to answer for nine federal charges. Kaye is accused of operating an online marketplace where cybercriminals bought and sold stolen information and illicit items. According to court documents, this online... Read more...
See Tickets, an online event ticket vendor that services both Europe and North America, has disclosed a major data breach affecting its payment processing portals. While the data breach notice is light on details, See Tickets customers should know that their payment information, including credit card credential, may... Read more...
Researchers at the cybersecurity company Guardio have uncovered a campaign that has stealthily injected malware into the chromium-based browsers of over one million victims. The campaign makes use of browser extensions distributed through the Google Chrome Web Store and the Microsoft Edge Add-ons store. However, the... Read more...
Over the weekend, a group of Iranian hackers stole a trove of files from a nuclear technology agency. However, rather than comprising a state-backed hacking group, the hackers in question identify as anti-regime hacktivists who operate under the name “Black Reward.” The group claims to have stolen at least 50 GB of... Read more...
Advocate Aurora Health (AAH), a healthcare provider with locations in Illinois and Wisconsin, has published a data breach notice to its website. However, rather than being the victim of a ransomware attack or some other form of unauthorized access, AAH has instead attributed the incident to a bit of JavaScript... Read more...
Security researchers at SafeBreach Labs have discovered a novel PowerShell backdoor which has been able to evade the dozens of malware scanners employed by VirusTotal. The tool’s stealthy qualities have earned it the “fully undetectable,” or FUD, descriptor. The researchers believe it has been used to target around... Read more...
First ... Prev 2 3 4 5 6 Next