Fake Font Update on Google Chrome Uses Social Engineering to Infect Users with Ransomware

Friday, February 24th, 2017

We’ve seen social engineering attacks manipulate users time and time again. From phishing emails, to baiting attempts – this breed of cyberthreat has continued to manipulate users for years. And now a new scam has emerged that utilizes a fake update on Google Chrome to trick users into downloading and ...

New ASLR-busting JavaScript is about to make drive-by exploits much nastier

Saturday, February 18th, 2017

For a decade, every major operating system has relied on a technique known as address space layout randomization to provide a first line of defense against malware attacks. By randomizing the computer memory locations where application code and data are loaded, ASLR makes it hard for attackers to execute malicious ...

Malicious online ads expose millions to possible hack

Wednesday, December 7th, 2016

Since October, millions of internet users have been exposed to malicious code served from the pixels in tainted banner ads meant to install Trojans and spyware, according to security firm ESET. The attack campaign, called Stegano, has been spreading from malicious ads in a “number of reputable news websites,” ESET said ...

Mozilla and Tor release urgent update for Firefox 0-day under active attack

Wednesday, November 30th, 2016

Developers with both Mozilla and Tor have published browser updates that patch a critical Firefox vulnerability being actively exploited to deanonymize people using the privacy service. "The security flaw responsible for this urgent release is already actively exploited on Windows systems," a Tor official wrote in an advisory published Wednesday afternoon. ...

Ransomware that’s 100% pure JavaScript, no download required

Monday, June 20th, 2016

SophosLabs just alerted us to an intriguing new ransomware sample dubbed RAA. This one is blocked by Sophos as JS/Ransom-DDL, and even though it’s not widespread, it’s an interesting development in the ransomware scene. Here’s why. Ransomware, like any sort of malware, can get into your organisation in many different ways: buried inside ...