Latest news

Microsoft Patched Shadow Brokers Flaws Before Latest Disclosure
Hacking

Microsoft Patched Shadow Brokers Flaws Before Latest Disclosure

The latest release of exploits and vulnerabilities from the Shadow Brokers came as a surprise to many observers, but not to the security team at Microsoft. It turns out that the company already has patched most of the flaws in its products that were exposed in last week’s exploit dump. […]

Unicode Domain Phishing Attack Resurfaces
Hacking, Social Engineering

Unicode Domain Phishing Attack Resurfaces

Researchers are warning about a phishing attack that abuses the way some browsers handle unicode characters to display attack domains that are identical to legitimate ones. The concept behind the attack is quite old, but it has resurfaced in the current versions of both Firefox and Chrome. The attack relies […]

CSRF Bug Haunts Magento E-Commerce Platform
Hacking

CSRF Bug Haunts Magento E-Commerce Platform

There is a serious vulnerability in a version of the Magento e-commerce platform that could allow a remote attacker to access a target site’s database. The bug can be used for remote code execution, and the researchers who discovered it say they notified Magento of the vulnerability in November, but the […]

Inside the Tech Support Scam Ecosystem
Phone Fraud, Social Engineering

Inside the Tech Support Scam Ecosystem

A pair of doctoral students and their advisor, looking for insights into the inner workings of tech support scams, spent eight months collecting data on and studying the tactics and infrastructure of the scammers, using a purpose-built tool. What they uncovered is a complex, technically sophisticated ecosystem supported by malvertising and […]

On the Wire Podcast: Mike Mimoso
Podcast

On the Wire Podcast: Mike Mimoso

It’s been a while since we’ve seen the kind of drama surrounding a Microsoft zero-day bug that we saw this week with the Word vulnerability. Details of the flaw began emerging last week and attackers have been targeting it for several months, but Microsoft didn’t saw a thing about it […]

Government, Cybercrime Attackers Target Word Flaw
Hacking

Government, Cybercrime Attackers Target Word Flaw

At least two separate groups of attackers, with disparate motives, have been exploiting the Microsoft Word vulnerability disclosed several days ago. Researchers say that both government-backed attackers and cybercrime groups are targeting the flaw, installing high-level professional malware as well as banking malware. Microsoft on Tuesday released a patch for […]

Microsoft Word Flaw Used in Dridex Malware Campaign
Hacking

Microsoft Word Flaw Used in Dridex Malware Campaign

UPDATE–The zero-day vulnerability in Microsoft Word disclosed in the last few days is now being used as a vector for attackers to install the nasty Dridex banking Trojan. Researchers from a number of security companies have warned about the vulnerability, which Microsoft has yet to acknowledge publicly. The flaw allows […]

Digital StillCamera
Hacking

FBI Disrupts Notorious Kelihos Botnet

The Justice Department has disrupted the Kelihos botnet, one of the more prolific and long-running spam and malware networks, by sinkholing the botnet’s command-and-control servers after the arrest of a Russian man officials allege is Kelihos’s operator. The botnet has been operating since at least 2010 and has infected hundreds […]

Senate Bill Seeks to Reinstate Broadband Privacy Rule
Privacy

Senate Bill Seeks to Reinstate Broadband Privacy Rule

Now that President Trump has signed into law legislation that eliminates an FCC rule that prevented broadband providers from selling users’ private information, some members of Congress have introduced a new bill that would restore the rule. Sen. Ed Markey (D-Mass.) has drafted the bill and introduced it in the […]