The patch for a recently disclosed cross-site scripting (XSS) vulnerability in Branch.io introduced another similar flaw, a security researcher revealed last week. California-based Branch.io provides customers with solutions that help create deep links for referral systems, invitations, and sharing links for attribution and analytics purposes. The service is used by many popular web platforms, including …
Facebook has shared another update on the hacker attack disclosed last week. The social media giant says there is no evidence that the attackers accessed any third-party apps. Facebook revealed on September 28 that it had reset the access tokens for 90 million accounts, including 50 million that were directly impacted and 40 million deemed …
Fileless malware attacks, or incidents where the malicious payload doesn’t touch the disk, but is executed directly in memory instead, are on the rise, Microsoft says. Attacks that leverage fileless techniques are not new, but were recently adopted by a broader range of malware. A couple of years ago, the Kovter Trojan was well known …
Twitter on Monday announced that it has made some changes in preparation for the upcoming midterm elections in the United States. The changes include updated rules that target fake accounts and hackers. Social media companies have been criticized for allowing their platforms to be abused for influence campaigns ahead of the 2016 presidential election in …
The takedowns of AlphaBay and Hansa in 2017 by law enforcement gave rise to much speculation about the future of dark web marketplaces. As I’ve discussed before, an environment of fear and mistrust are driving the cybercriminal community to incorporate alternative technologies to improve security and remain below the radar as they conduct illicit business …
A new rootkit that has been distributed via the RIG exploit kit over the past few weeks can manipulate web browsers and also contains sophisticated defense mechanisms, Check Point says. Dubbed CEIDPageLock, the malware was initially discovered a few months ago, when it was attempting to modify the homepage of a victim’s browser. The rootkit …
A newly detailed Android spyware that has an incredibly wide-ranging protocol has been active since May 2016, Kaspersky Lab warns. Dubbed BusyGasper, the malware includes device sensors listeners (such as motion detectors), can exfiltrate data from messaging applications (WhatsApp, Viber, Facebook), includes keylogging capabilities, and supports 100 commands. Featuring a multicomponent architecture, the malware can …
Email continues to be the starting point for the majority of all security breaches. The 2018 Verizon Data Breaches Investigation Report (DBIR) says that email is the attack vector in 96% of breaches. But a new study suggests that despite these figures, companies are not allocating sufficient resources to reduce email risk. The study was …
Online community site Reddit announced Wednesday that it was breached in June 2018. In a refreshingly candid advisory, it provides a basic explanation of how the incident occurred, details on the extent of the breach, details on its own response, and advice to potential victims. The extent of the breach was limited. It was discovered …
A new wave of spear-phishing emails masquerading as legitimate procurement and accounting letters have hit over 400 industrial organizations, according to Kaspersky Lab. Data collected by Kaspersky showed that the malware associated with the campaign attacked nearly 800 company PCs across various industries. The attacks, which are ongoing, attempt to steal money and confidential data …