Spam Uses Default Passwords to Hack Routers

Saturday, February 28th, 2015

In case you needed yet another reason to change the default username and password on your wired or wireless Internet router: Phishers are sending out links that, when clicked, quietly alter the settings on vulnerable routers to harvest online banking credentials and other sensitive data from victims. Sunnyvale, Calif. based security firm Proofpoint said it recently ...

Cleaning up after password dumps

Wednesday, September 10th, 2014

One of the unfortunate realities of the Internet today is a phenomenon known in security circles as “credential dumps”—the posting of lists of usernames and passwords on the web. We’re always monitoring for these dumps so we can respond quickly to protect our users. This week, we identified several lists ...

Researchers discover credential-stealing Unix-based server botnet

Wednesday, March 19th, 2014

Dubbed Operation Windigo, the attack has been ongoing for more than two and a half years and has compromised as many as 25,000 servers at one time, anti-virus vendor ESET said Tuesday. Systems infected with the backdoor Trojan are used in stealing credentials, redirecting Web traffic to malicious content and ...

Bogus Evernote alert leads to exploit kit

Monday, February 17th, 2014

Evernote users are being actively targeted with an email spam campaign that tries to trick them into following a malicious link. Sent from [email protected] and titled "Image has been sent", the email pretends to be a notification from Evernote that alerts the user to an image he or she needs to check out, ...

More than 180K Chrome users have installed ad-injecting extensions

Tuesday, February 4th, 2014

More than 180,000 Google Chrome users have installed at least one of a dozen ad-injecting extensions that are serving up spam on 44 different websites, according to findings by the threat and research analysis team with Barracuda Labs. As of Jan. 30, the “logo quiz game” extension has been installed by nearly 82,000 ...