Security news that informs and inspires

All Articles

2376 articles:

Chamois: The Big Botnet You Didn’t Hear About

The Android security team was busy battling the Chamois malware family on Google Play starting in 2016. Android security engineer Maddie Stone outlined the steps Google has taken to reduce the number of devices infected with this technically complex malware.

Android, Botnet, Google, Fraud

Marketplace Sells Digital Fingerprints for Credit Card Fraud

Criminals can buy digital fingerprints such as user behavior, cookies, and device information on the Genesis marketplace to fool banks' anti-fraud systems and conduct credit card fraud.

Fraud, Identity Theft, Cybercrime

Decipher Podcast: Patrick Wardle

Mac security researcher Patrick Wardle joins Dennis Fisher to discuss his research and Mac malware.

Podcast

Apache Patches Serious Privilege Escalation Flaw

Apache has fixed a root privilege escalation vulnerability in its popular web server software, which runs on millions of servers.

Apache

Criminals Sell Stolen Data on Social Media

There's no need to go to underground forums and criminal marketplaces to trade crimeware tools and buy/sell stolen information when it's all on social media, such as Facebook.

Phishing, Crimeware, Facebook

Facebook Stops Asking for Email Passwords

In a bizarre series of events, Facebook decided to ask some users to provide the passwords to their email accounts when signing up for new Facebook accounts. When asked, the company agreed to stop.

Facebook, Passwords

U.S.-Based Malware Hosting Setup Possibly Tied to Necurs Botnet

Bromium researchers have been tracking a phishing and malware campaign, possibly linked to the Necurs botnet, that uses infrastructure in the U.S.

Malware

Cloudflare Warp VPN Aims to Bring Security to Mobile Connections

Cloudflare is rolling out a new mobile VPN service called Warp that's built on top of its 1.1.1.1 DNS resolver.

Vpn

Some Data Breach Victims Don’t Hear From the FBI Right Away

Many organizations are unaware of the intrusion in their networks until the FBI comes calling. An Inspector General audit found that poor record keeping means some organizations don't hear from the FBI, or hear too late to do anything about it.

Data Breaches, Government, Fbi, Incident Response

Critical Magento Flaw Puts Commerce Sites at Risk

A SQL injection flaw in the Magento platform could open up many commerce sites to attack.

Magecart

Microsoft Got 99 Domains Used to Phish Someone

Microsoft has taken over 99 domains used by the Phosphorus attack group, which has ties to the Iranian government.

Microsoft

Researchers Still Unraveling LockerGoga Ransomware

Researchers are still trying to figure out how LockerGoga infects its targets, and what the group behind this damaging ransomware variant really wants. Can't be just money.

Ransomware, Malware

FTC Questions Broadband Providers on Data Collection and Privacy Policies

The FTC sent letters to the major U.S. broadband providers asking for information on exactly what customer data they collect and how they handle it.

Government Security

Utah Privacy Law Protects Data From Government

Absent any move on the federal level for a consumer data privacy law, states have passed their own laws. Utah is about to have a law that would require government to have a warrant to get any consumer data stored by third-party providers.

Government, Privacy

iOS 12.2 Fixes Serious SMS, Kernel Flaws

In iOS 12.2 Apple has patched many serious flaws, including an SMS bug that allows code execution with one click.

Apple, Ios Security