Source: Google And Facebook Duped Out Of $100 Million In Phishing Scam
Use of DNS Tunneling for C&C Communications
– Say my name. – 127.0.0.1! – You are goddamn right. Network communication is a key function for any malicious program. Yes, there are exceptions, such as cryptors and ransomware Trojans that can do their job just fine without using the Internet.
New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic
Many people believe that they are much less likely to be bothered by malware if they use a Mac computer, but is it really true? Unfortunately, No. According to the McAfee Labs, malware attacks on Apple’s Mac computers were up 744% in 2016, and its researchers have discovered nearly 460,000 Mac malware samples, which is still just a small part of overall Mac malware out in the wild.
Source: New MacOS Malware, Signed With Legit Apple ID, Found Spying On HTTPS Traffic
Deep-dive into XEE
XML External Entity is a problem faced by many web applications. This site offers an interesting deep dive into the technique and methods of protection:
Mimipenguin
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
It’s time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks.
Source: New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Discovery of 8,800 C2 servers sends warning to Asian cybercriminals
Move shows the importance of international co-operation to take down cybercrime at its roots
Source: Discovery of 8,800 C2 servers sends warning to Asian cybercriminals
Unplug the Bitcoin miner and do us all a favour: Antminer has remote shutdown flaw
‘Antbleed’ attack could crock 70 per cent of all mining. Time to try another flavour? A new branded bug ( sigh ) has landed, specific to an ASIC-based Bitcoin miner: dubbed “Antbleed”, it allows remote shutdown of hardware sold by a company called “Bitmain”.…
Source: Unplug the Bitcoin miner and do us all a favour: Antminer has remote shutdown flaw
Almost two million Androids infected by FalseGuide malware, masquerading as game guides
A malware family known as FalseGuide masqueraded as game guides on Google Play to infect nearly two million Android devices. David Bisson reports.
Source: Almost two million Androids infected by FalseGuide malware, masquerading as game guides
Hackers exploited Word flaw for months while Microsoft investigated
SAN FRANCISCO (Reuters) – To understand why it is so difficult to defend computers from even moderately capable hackers , consider the case of the security flaw officially known as CVE-2017-0199. The bug was unusually dangerous but of a common …
Source: Hackers exploited Word flaw for months while Microsoft investigated
