Tech support scammers and their banking woes
We all know about tech support scams by this point. We know how they cold call, lie their way into your computer, and steal your money. Unfortunately for the scammers, banks know this as well, making it quite difficult at times to maintain an account to store the criminal’s ill-gotten gains. So how does the…
Free Nintendo Switch emulators are fake
Fake emulators for newly released Nintendo console used as bait to get users to fill out survey scams and download potentially unwanted applications. Over the last few weeks, scammers have been trying to dupe users into believing that a software emulator exists for the Nintendo Switch, the company’s newest console that was released on March…
World of Warcraft phish campaign lures victims with free pet
A phishing campaign currently in circulation is attempting to bait World of Warcraft with the promise of free in-game pets. We’ve seen two variations on this so far, and it’s possible there’s more. Both of the below examples lead to the same phishing URL. As great as the promise of some free content is, this…
Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago
The Apple desktop and mobile product vulnerabilities that were revealed this week, in a WikiLeaks data dump of documents allegedly describing several secret CIA projects, were all fixed years ago, Apple said Friday. The leaked information on the Apple vulnerabilities is from a larger collection of documents that WikiLeaks has dubbed “Vault 7,” containing hitherto…
Apple: CIA’s Mac, iPhone Vulnerabilities Already Patched
Apple’s initial analysis of the iPhone and Mac exploits disclosed by WikiLeaks on Thursday shows that the vulnerabilities they use have already been patched. The company told WikiLeaks to send the information it possesses through the regular submission process. WikiLeaks’ second “Vault 7” dump, dubbed by the organization “Dark Matter,” includes documents describing tools allegedly…
Vulnerability Management and Triage in 3 Steps
Security testing tools can help organizations build better software by identifying vulnerabilities early in the SDLC. For security professionals and developers, however, the hard work begins when the testing is complete. Once you have a list of vulnerabilities across multiple applications, what’s your next step in vulnerability management and triage? And how do you ensure…
Microsoft Patches Many Exploited, Disclosed Flaws
Microsoft has released a total of 18 security bulletins to address tens of vulnerabilities, including more than a dozen that have already been publicly disclosed or exploited in attacks. The March 2017 updates also include the patches that should have been released last month. Microsoft postponed most of the February security updates – except the…
Actively Exploited Struts Flaw Affects Cisco Products
Cisco informed customers on Friday that at least some of its products are affected by an Apache Struts2 command execution vulnerability that has been exploited in the wild over the past days. The flaw has been confirmed to affect the Cisco Identity Services Engine (ISE), the Prime Service Catalog Virtual Appliance, and the Unified SIP…
Most Federal Government Websites Lack Basic Security
HTTPS and DNSSEC not used across the board on agency websites despite federal requirements to do so. The majority of federal agency websites fail to meet basic standards for security as well as for speed and mobile-friendliness.
185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked
A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet. The flaw that allows this to happen is found in a custom version of GoAhead, a lightweight embedded web server that has been fitted into the devices.