NoScript and other popular Firefox add-ons open millions to new attack

Tuesday, April 5th, 2016

NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported. The attack is made possible by a lack of isolation in Firefox among various add-ons installed ...

PETYA Crypto-ransomware Overwrites MBR to Lock Users Out of Their Computers

Friday, March 25th, 2016

As if encrypting files and holding them hostage is not enough, cybercriminals who create and spread crypto-ransomware are now resorting to causing blue screen of death (BSoD) and putting their ransom notes at system startup—as in, even before the operating system loads. Imagine turning on your computer and instead of ...

Angler Exploit Learns New Tricks, Finds Home On Popular Website

Friday, February 26th, 2016

Researchers report Angler Exploit Kit attacks have become more brazen and are now targeting top websites with new tricks that can evade browser-based antimalware protection. Karl Sigler, a SpiderLabs researcher at Trustwave, told Threatpost his lab found the Angler Exploit Kit on a popular website for the second time in ...

New type of auto-rooting Android adware is nearly impossible to remove

Wednesday, November 4th, 2015

Researchers have uncovered a new type of Android adware that's virtually impossible to uninstall, exposes phones to potentially dangerous root exploits, and masquerades as one of thousands of different apps from providers such as Twitter, Facebook, and even Okta, a two-factor authentication service. The researchers have found more than 20,000 samples ...

Zero-Day Attack Compromises a Half-Million Web Forum Accounts

Wednesday, November 4th, 2015

Forum software-makers vBulletin and Foxit Software may have been breached by a hacker claiming to have made off with personal data belonging to some 479,895 users between the two. “Coldzer0” said in a post co-authored with @Cyber_War_News that he exploited the same zero-day vulnerability for both domains, and was able to ...