A WordPress malware campaign that recently picked up steam last month is now using nulled (pirated) premium themes to infect new victims. According to Sucuri security researcher Denis Sinegubko, the wp-vcd malware is now preinstalled inside pirated WordPress premium themes offered for download for free on some sites known for providing nulled scripts, themes, and plugins for various CMS platforms. This particular malware — wp-vcd — works...
Read More
Microsoft issued an emergency Windows Security Update to address a critical flaw, tracked as CVE-2017-11937, that affects the Malware Protection Engine. Microsoft issued an emergency Windows Security Update to address a critical vulnerability, tracked as CVE-2017-11937, that affects the Malware Protection Engine (MPE). The emergency fix comes a few days before Microsoft is scheduled to roll out its December Patch Tuesday updates. The critical RCE flaw could be exploited by an...
Read More
More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report. The Conficker worm has become the malware that just won’t die. More than nine years after it was first spotted in 2008, the worm continues to be detected by anti-malware systems with enough regularity to suggest that it remains a potent...
Read More
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200. Most ransomware kits still focus on targeting Windows systems, but Android ransomware kits are selling for a premium and are expected to grow in volume and price, according to a new report. Android ransomware kits sell for a median price that is 20 times higher...
Read More
The security expert Michael Gillespie discovered a new variant of the Shadow BTCware Ransomware which is manually installed on unsecured systems. The security expert Michael Gillespie discovered a new variant of the BTCWare ransomware, the malicious code was spread by hacking into poorly protected remote desktop services and manually installed by crooks. The new Shadow BTCware Ransomware variant appends the .[email]-id-id.shadow extension to the encrypted files, compared to previous versions it uses new email addresses a...
Read More
The Firefox web browser is looking to alert visitors whenever they visit a website that is known to have suffered a data breach. While the ‘Breach Alerts’ feature will issue a warning about a website, it won’t actually prevent users from visiting it. “This is an extension that I’m going to be using as a vehicle for prototyping basic UI and interaction flow for an...
Read More
Google has expanded enforcement of Google’s Unwanted Software Policy waring Android developers to explicitly declare data collection behaviors. A few days ago, Google was caught collecting users’ location data even when location services were disabled, many privacy experts questioned the behavior of the tech giant. Google promptly admitted the practice and suspended it. Now Google made another move to protect the privacy of its users, it has warned Android developers...
Read More
With the end-of-the-year holidays quickly approaching and many users worrying whether the gifts they bought online will be delivered in time for the festivities, an email from PayPal saying their transactions were impossible to verify or their payments were not processed will throw most users for a loop. Phishers are counting on that, and are hoping that panicking users will be too distraught to notice...
Read More
Tenafly High School has informed parents earlier this month that a student has gained access to its internal IT systems, changed grades to improve his GPA, and sent out college applications immediately after. The New Jersey-based high school has not named the student but said it informed authorities, and law enforcement is currently handling the investigation. According to reports in local media [1, 2], the teen...
Read More
PayPal says that one of the companies it recently acquired suffered a security incident during which an attacker appears to have accessed servers that stored information for 1.6 million customers. The victim of the security breach is TIO Networks, a Canadian company that runs a network of over 60,000 utility and bills payment kiosks across North America. PayPal acquired TIO Networks this past July for...
Read More
