Taking a “dirty deeds done dirt cheap” approach, the kit generates an initial malware payload for social-engineering spam campaigns for just $40 per month.
Not just a miner, the malware also sets up a hidden default account with system administrator privileges, to be used for re-infection and further attacks.
Default configuration of WD’s My Cloud storage device keeps port open for unprivileged data exfiltration within a network.
In an unusual move, Metamorfo abuses legitimate, signed Windows binaries to load the malicious code.
Webstresser[.]org, a DDoS-for-hire market believed to be behind at least 4 million cyberattacks around the world, has served up its last internet-paralyzing traffic tsunami.
Researchers discovered a flaw in Amazon’s Alexa virtual assistant that enabled them to eavesdrop on consumers with smart devices – and automatically transcribe every word said.
A leaky Mongo database exposed personal information of 25,000 investors and potential investors tied to the Bezop cryptocurrency.
Too often, many IoT device manufacturers are opting to leave out costly security features for their small, low power connected devices.
Researchers have found an exploit in Nvidia Tegra X1-based systems that they say cannot be patched.
The group uses a custom, worm-like backdoor called Kwampirs that exploits legacy systems for laser-focused, comprehensive corporate espionage.