‘Operation Power Off’, law enforcement efforts in the U.S., U.K., the Netherlands and elsewhere, have taken down the DDoS-for-hire webstresser.org (previously webstresser.co) website. At its takedown, there were apparently 136,000 registered users who had launched between 4-6 million DDoS attacks worldwide over the past three years. According to Brian Krebs, it was “one of the […]
Main Content
More News
Authorities Close Down Webstressor.org
Drupal Release Patches for Drupalgeddon2 Vulnerability
Drupal has just issued its third flaw fix in a month, supplementing its previous patch for Drupalgeddon 2 with an unscheduled security update. After releasing a patch for a critical vulnerability in late March, Drupal is now having to do it all over again. The most recent Drupal core vulnerability has been titled SA-CORE-2018-004 and assigned […]
Android Trojan Is Targeting Asia Users
Kaspersky Labs has warned of an Android Trojan, dubbed Roaming Mantis, pretending to be a series of popular mobile applications in order to fool victims into installing the Android malware. Its targets are largely Asian users, particularly concentrated in South Korea, China, Bangladesh and Japan. It has been at work over at least the last […]
OceanLotus Uses Malware to Attack MacOS Systems
A new backdoor has been discovered by researchers at Trend Micro, which attacks MacOS systems, and is likely linked to the OceanLotus threat group. The cybersecurity firm, in a recent blog post, said the backdoor it dubbed OSX_OCEANLOTUS.D, targets Apple Mac operating systems that have the Perl programming language installed. The backdoor was uncovered within […]
Hackers Modify Code in AOL Advertising Platform
Trend Micro researchers recently found that hackers had gained entry to, and then modified code, in AOL’s advertising platform to mine Monero cryptocurrency. 500 other websites are also thought to be infected with the same CoinHive cryptocurrency mining script used on the AOL advertising platform. This includes MSN’s Japanese web portal, which was infected by […]
Fake Online Reviews Are Back Up Again
Back in June 2016, KrebsonSecurity wrote an exposé of various fake online reviews and sham websites, which pushed people seeking help for drug and alcohol addiction towards rehab centers that were secretly linked to the Church of Scientology. Krebs broke the story as part of a wider report on fake online reviews, warning people of […]
Drupal Vulnerable to Back Doors
On March 28th, a patch for a vulnerability on Drupal was released to protect the Drupal content management system (Drupal 6, 7 and 8) against the bug that facilitates remote code execution. The Drupal vulnerability was tracked as CVE-2018-7600 and discovered by Jasper Mattson of Druid. Prior to release of the patch, Drupal gave advanced […]
DNS Hijacking Used to Spread Malware
The new Roaming Mantis malware, discovered by Kaspersky Labs, which infiltrates Android smartphones to steal data and take control of devices, is operating via DNS hijacking. DNS hijacking is a kind of attack, which hackers use to redirect user queries to a domain name server (DNS), by overriding a device’s TCP/IP settings. “Basically, DNS is […]
Mirai Botnet Variant Attacking Financial Businesses
Recorded Future, a security company that specializes in machine-based threat intelligence, published information this week about a new IoT botnet, a variant of Mirai, which was the culprit behind a series of DDoS attacks on financial services companies earlier in 2018. After the Mirai source code was released online in October 2016, variants have continued […]
Stresspaint Malware Is Stealing Facebook User Data
Security researchers at Radware have identified a new information stealer called Stresspaint that appears to be looking for Facebook details it gathers from Chrome login dataon infected machines, along with session cookies. In a recently issued alert, Radware has dubbed the new Trojan “Stresspaint”, named after the free Windows application it hides inside, which is […]
Reaper Botnet Attacks Financial Firms
The Reaper botnet, also known as IoTroop, a variant of Mirai, has been linked to a recent spate of DDoS attacks on three financial institutions in the Netherlands. The three DDoS attacks that Reaper likely carried out took place on January 28th, 2018 on three different companies in the financial sector, all thought to be […]
Cisco Bug Leaves 8.5M Switches Vulnerable
A critical vulnerability in many Cisco networking devices has left 8.5M switches vulnerable to exploitation by attackers. The vulnerability could be leveraged by remote, unauthenticated attackers, allowing them to take over vulnerable devices and then execute arbitrary code, trigger a reload of the device, or cause an indefinite loop on the device that triggers a […]
Facebook – “Malicious Actors” Discover Identities on Two Billion Users
On Wednesday, Facebook said that “malicious actors” had taken advantage of search tools on its platform, allowing them to discover the identities of most of its 2 billion users, and collect information about them. The abuse of Facebook’s search tools, now disabled, happened over several years on a widespread basis, with very few of its users […]
Panera Bread Online System Exposes Millions of Clients
Panera Bread, the U.S. chain of bakery-café fast casual restaurants, sits on Forbes’ list of the most trustworthy large caps in America, but its recent handling of a months-long customer data leak is calling its trustworthiness into question. Krebs on Security published an article earlier this about week about a troubling security vulnerability that researcher […]
Keylogger Malware Fauxpersky Running Wild
A new kind of keylogger malware has been detected infecting computers, specifically Windows PCs, in the wild via USB drives. Cybereason, a Boston, Mass.-based security firm, discovered the malware and named it Fauxpersky as it impersonates the popular Russian antivirus software Kaspersky. On Fauxpersky-infected systems, the Cybereason researchers found four dropped files, each carefully named […]