Typeform, the popular online survey platform, has suffered a data breach that exposed partial data of some users, no payment card data was stolen. Typeform, the popular online survey platform, is the last victim of a data breach. Typeform software is widely adopted by businesses worldwide to easily arrange surveys, it allows easy creation of […]
The Ministry of Internal Affairs of the Russian Federation and Group-IB have detained cybercriminals who broke into the accounts of 700,000 customers of popular Internet stores The Administration “K” of the MIA of Russia, with the assistance of Group-IB, an international company specializing in the prevention of cyberattacks and the development of information security products, […]
Trend Micro experts reported the Necurs botnet has been using Internet Query (IQY) files in recent spam campaigns to bypass security protections. The Necurs botnet is currently the largest spam botnet, it has been active since at least 2012 and was involved in massive campaigns spreading malware such as the Locky ransomware, the Scarab ransomware, […]
Malware researchers from CSE Cybsec ZLab discovered a missed link between the Necurs Botnet and a variant of the Ursnif trojan that recently hit Italy. Starting from 6th June, a new version of the infamous banking trojan Ursnif hit Italian companies. This malware is well known to the cyber-security community, the Ursnif banking Trojan was […]
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · ClipboardWalletHijacker miner hijacks your Ether and Bitcoin […]
Crooks are attempting to exploit a recently patched Drupal vulnerability, tracked as CVE-2018-7602, to drop Monero mining malware onto vulnerable systems. The CVE-2018-7602 flaw is a highly critical remote code execution issue, also known as Drupalgeddon3, that was addressed by the Drupal team in April with the release of versions 7.59, 8.4.8 and 8.5.3. The security patch for the […]
According to researchers at Trustwave, the source code of the Red Alert 2.0 Android Trojan is now available for rent on cybercrime underground forums at $500 per month. The experts discovered the latest variant because received a malicious apk via mail and analyzed it. “It all started with a spam message, which curiously had an Android App attachment. […]
Cybercriminals used the ‘credit card stealer reinfector’ to reinfect the websites and continue to steal personal and financial data. Researchers at Sucuri reported crooks are using a very simple evasion technique to reinfect Magento websites after their malicious code has been removed. Cybercriminals have devised a method to hide the malicious code, the ‘credit card stealer reinfector’, used to […]
The popular flight tracking service Flightradar24 has discovered a data breach that affected one of its servers. The company notified the incident to its users via email and asked them to change their passwords, affected users’ passwords have been reset. FlightRadar24 promptly reported the incident to the Swedish Data Protection Authority in order to comply with the […]
ZeroFont phishing attack – Crooks are using a new technique that involves manipulating font sizes to bypass Office 365 protections. According to cloud security firm Avanan, one of the detection mechanisms in Office 365 involves natural language processing to identify the content of the messages typically used in malicious emails. For example, an email including […]