We all know that the last year has been just the bees-knees for ransomware operators; it’s just the tops, really, between the world-dominating success of WannaCry and NotPetya, the pioneering of ransomware-as-a-service offerings and the development of truly horrific strains of the stuff, like BrickerBot (tagline: The permanent ransomware!). So bad actors already have much to celebrate as they count the ...
Read More »Blog
Cybercriminals exploiting traditional trust measures for compromises, study
Cyber-criminals are exploiting traditional measures of trust to gain a foothold on users systems by compromising trusted sites via background initiated requests, using phishing sites, and typo-squatting. While many companies have used categories such as Business and Economy, Shopping, News and Media, and Malware, to help set security policy researchers are warning it’s no longer advisable to consider any category ...
Read More »Bad Rabbit: New Ransomware Attack Rapidly Spreading Across Europe
A new widespread ransomware attack is spreading like wildfire around Europe and has already affected over 200 major organisations, primarily in Russia, Ukraine, Turkey and Germany, in the past few hours. Dubbed “Bad Rabbit,” is reportedly a new Petya-like targeted ransomware attack against corporate networks, demanding 0.05 bitcoin (~ $285) as ransom from victims to unlock their systems. According to ...
Read More »New Rapidly-Growing IoT Botnet Threatens to Take Down the Internet
Just a year after Mirai—biggest IoT-based malware that caused vast Internet outages by launching massive DDoS attacks—completed its first anniversary, security researchers are now warning of a brand new rapidly growing IoT botnet. Dubbed ‘IoT_reaper,’ first spotted in September by researchers at firm Qihoo 360, the new malware no longer depends on cracking weak passwords; instead, it exploits vulnerabilities in various IoT devices and enslaves ...
Read More »WebRTC Vulnerability leaks Real IP Addresses of VPN Users
An extremely critical vulnerability has recently been discovered in WebRTC (Web Real-Time Communication), an open-source standard that enables the browsers to make voice or video calls without needing any plug-ins. AFFECTED PRODUCTS Late last month, security researchers revealed a massive security flaw that enables website owner to easily see the real IP addresses of users through WebRTC, even if they are using ...
Read More »Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents. Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors, known as BlackOasis. The critical type confusion vulnerability, ...
Read More »Fbi Arrests A Cyberstalker After Shady “No-Logs” VPN Provider Shared User Logs
FBI recently arrested a psycho cyber stalker with the help of a popular VPN service and this case apparently exposed the company’s lies about the “no logs” policy. Taking down cyber stalkers and criminals is definitely a good thing, and the FBI has truly done a great job, but the VPN company whose first line of the privacy policy is—“We ...
Read More »fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections
Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer (SSL) protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or credit card numbers and also verify the identity of websites. Today hackers ...
Read More »Chinese Man Jailed For Selling VPNs that Bypass Great Firewall
In an effort to continue its crackdown on VPNs, Chinese authorities have arrested a 26-year-old man for selling VPN software on the Internet. China’s Supreme Court has sentenced Deng Jiewei from Dongguan in Guangdong province, close to Hong Kong, to nine months in prison for selling virtual private network (VPN) software through his own small independent website.VPN encrypts users’ Internet traffic and ...
Read More »Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers
Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for developing web applications in the Java programming language, which supports REST, AJAX, and JSON. The vulnerability (CVE-2017-9805) is a programming blunder that ...
Read More »