There is more bad news for WordPress website owners and developers. WordFence has found more instances of popular plug-ins being modified to contain malicious software. The three most recent discoveries are:
WordFence had reported earlier about another 9 ...
Continue Reading →
Piriform’s CCleaner is a popular computer cleaning and optimizing product that many people use. I have my doubts about the real effectiveness of these utilities, but many of my clients swear by it. I have used CCleaner myself several times as one of the tools I used to clean up a malware infection.
Recently, the CCleaner software code was modified to include a malicious backdoor. This warning was published earlier in ...
Continue Reading →
Cybersecurity researchers at Armis Labs have released information about a new attack vector called BlueBorne. This exploit has the potential to put millions of devices running Windows, Linux, Android or iOS operating systems at risk.
This exploit allows attackers to connect over the Bluetooth radio system with having to first pair the two Bluetooth enabled devices. Once installed, the attacker has full control ...
Continue Reading →Is your email address one of the 711 million emails that are being used by the Onliner spam-bot? I checked my email address at Have I Been Pwned and found it on the list. You can click through the link and see if yours is on the Onliner list, or part of some other breach.
Onliner ...
Continue Reading →
A quick Saturday digest of cybersecurity news articles from other sources.Microsoft Windows operating systems
This Alert has been updated to reflect the National Cybersecurity and Communications Integration Center’s (NCCIC) analysis of the “NotPetya” malware variant.
The scope of this Alert’s analysis is limited to the newest Petya malware variant ...
According to a recent article on Naked Security, not at all hard. While at Black Hat in Las Vegas, researchers from Sophos gave a presentation that dissected the “Philadelphia” ransom software as a service (SaaS) model.
Anyone can buy the Philadelphia ransomware kit on the Dark Web for $400. And for this nominal investment, the would-be attacker gets a simple executable file that sets up the whole system ...
Continue Reading →
One of the persistent memes that interest me is the impending event sometimes known as “the singularity.” This is a probable future where our electronic devices become self-aware and fully autonomous. We see the beginnings of this happening all around us in devices like Amazon’s Alexa and Echo, The Nest and Google communities of smart devices, self-driving vehicles, and all the Internet of Things (IoT) devices that listen ...
On Monday and Wednesday we looked at email account hijacking, how it happens, and what can happen after the account is controlled by an attacker. Today we will see how an attacker could use the beachhead they established in your email account to extend their intrusion.
They have already proven that you are susceptible to phishing and other social engineering exploits. So sending the victim other phishing emails that allow more ...
Continue Reading →
Back in February 2010, the Minneapolis StarTribune website was the victim of a malvertising exploit. Visitors to the Strib website would download malware that caused the computer to become slow and malfunction. Then a pop-up window would appear that advised the visitor that their computer was infected with malware, and the purchase of a $49.95 anti-malware product would solve the problem. I remember working on the computers of several clients ...
Toward the end of last year I made a pair of bold predictions. The first, that ransomware exploits would start declining, because anti-malware software companies were bringing products online that would prevent the encryption from taking place. The second, there would be an increase in Business Email Compromise (BEC) exploits, as cyber-criminals turned to new income streams. I was only half right.
BEC exploits have increased, because the potential returns are ...
Continue Reading →