Attackers infiltrated a webserver belonging to the open source Piwik website analytics project and injected backdoor malware into a zip file update on Monday. Users who downloaded the Piwik update 1.9.2 between 15:43 UTC to 23:59 UTC are urged to check piwik/core/Loader.php file for the following code string:
Hackers are using malicious ads promising browser updates to drop malware on users’ machines. Using a mix of social engineering and a variation on scareware, attackers have been taking advantage of recent legitimate Firefox and Chrome updates to infect hundreds of machines in Europe and the United States.
Fake and malicious Android apps have become an industry unto themselves in the last couple of years, as attackers have sought to capitalize on the massive market share that the mobile OS enjoys worldwide. It’s a safe bet that any popular new app will attract a malicious copycat version, and researchers have found that the latest app on this list is Angry Birds Star Wars.
A spokesman at Go Daddy, the popular domain registrar and Web host company, believes that some of its users may have been phished – and that’s to blame for the barrage of ransomware some customers have been seeing in past week or so.
Attackers are sending spoofed “pending notification” emails to Facebook users, claiming that the recipients overlooked some alert on the world’s largest social network, and providing them with a link that supposedly leads to the allegedly neglected content but which, in reality, funnels users to a series of compromised websites hosting the Black Hole Exploit Kit, according to researcher Dancho Danchev.
By Dmitry TarakanovRecently, a new Remote Administration Tool has been discovered that started appearing here and there in targeted attacks. This tool is “PlugX”. Researchers have even tracked someone suspected of creating that malware – one of the members of the Chinese hacking group NCPH, which is allegedly in the service of PLA. Among others, this group has been accused of attacking high-profile US organizations.
The saga of the latest zero-day vulnerability and exploit for the Google Chrome browser took another mysterious turn over the weekend. The 19-year-old Georgian security researcher who found the vulnerability in the browser was called up for compulsory military duty in his country and was unable to deliver his presentation Saturday at the Malcon security conference in India.
Symantec is warning of a new bit of malware that appears to be modifying corporate databases, particularly in the Middle East, though its showing up elsewhere in the world too.
Variants of the PASSTEAL malware are propagating by masquerading as key generators for paid applications, popular e-books, and other software on file sharing services, according Alvin John Nieto, a threat response engineer at TrendMicro’s TrendLabs.PASSTEAL, as its name suggests, is a piece of malware that uses various password recovery tools to steal passwords stored in the browsers of its victims. Nieto claims PASSTEAL is novel in its deviation from keyloggers that simply log keystrokes.
Attackers had two months of unfettered access to South Carolina’s Department of Revenue systems in a classic targeted attack that began with a phishing email and ended with the loss of electronic tax return data, and payment card and personal information on 3.8 million filers, possibly dating back to 1998.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
