Clik here to view.
Mass Injection Attack Targets ASP.NET Sites
There is yet another large-scale injection attack going on right now, with nearly 200,000 pages affected so far. The compromised pages are serving visitors with malicious code that sends them off to a...
View ArticleClik here to view.
Facebook User Error Behind Porn, Mutilation Spam
A campaign of explicit spam on Facebook this week has been linked to a relatively obscure exploit method known as self-inflicted JavaScript injection and not malicious code running on Facebook's...
View ArticlePhishers Bait City Workers in Seattle With Phony Speeding Tickets
Hundreds of government employees in Seattle, Washington received fraudulent emails yesterday that appeared to be traffic violation notifications but were, in fact, vehicles for infection by malicious...
View ArticleHijacked Web Sites Among The Most Visited On Google’s Black List
Legitimate Web sites that have been hijacked and used to serve malicious content greately outnumber malicious sites on a list of the most-trafficked sites on Google's blacklist, according to analysis...
View ArticleBlack Hat Aftermath: A Broken, Battered Internet
The security of the Web is looking a little like Al Bundy right about now (look it up kids). Granted Black Hat is fresh on our minds and you always come away from that event less willing to use the...
View ArticleJavascript Issue Plagues Mailbox App for iOS
UPDATE – The popular Mailbox app for iOS suffers from a bit of a security nightmare. A security researcher in Italy recently discovered that the app automatically executes javascript contained in any...
View ArticleWeakness in Android Ad Client InMobi Puts 2.5 Billion Downloaded Apps at Risk
A popular mobile ad client called InMobi, found in more than 2,000 Android applications on Google Play alone, exposes apps to javascript injections and is vulnerable to man-in-the-middle attacks....
View ArticleAttackers Picking Off Websites Running 7-Year-Old Unsupported Versions of Linux
The risks presented by unsupported operating systems are being called out in a large-scale attack on hundreds of websites. Hackers have hit web servers running a version of the Linux 2.6 kernel...
View ArticleMore Trouble For jQuery As Second Compromise Reported
The website for JavaScript library jQuery is under attack for the second time in a week.
View ArticleDetails on WordPress Zero Day Disclosed
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.
View ArticleWordPress Patches Serious Shortcodes Core Engine Vulnerability
WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.
View ArticleJavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second
CloudFlare reports a massive JavaScript-based DDoS attack against one its customers, likely carried out by unsuspecting mobile browsers served a malicious ad.
View ArticleChinese Mobile Ad Library Backdoored to Spy on iOS Devices
Versions of a popular Chinese mobile ad library have been backdoored with capabilities that can be used to surreptitiously record audio and steal data stored on thousands of iOS devices.
View ArticleNew JavaScript Ransomware Sold as a Service
Researchers have uncovered a ransomware-as-a-service operation called Ransom32. The ransomware is believed to be the first written in JavaScript.
View ArticleWordPress Infections Leading to TeslaCrypt Ransomware
A massive string of WordPress compromises are redirecting victims to the Nuclear Exploit Kit and Teslacrypt ransomware.
View ArticleInside the Latest Apple iMessage Bug
Researchers from Bishop Fox and Uber found a frighteningly simple way to spread trouble through Apple iMessage.
View ArticleCore Windows Utility Can Be Used to Bypass AppLocker
A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections.
View ArticleFive Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters
Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes - two rates as high.
View ArticleRAA Ransomware Composed Entirely of JavaScript
Researchers this week claim they’ve noticed a new strain of ransomware unlike any they’ve seen prior – a type composed entirely of JavaScript.
View ArticleInside the RIG Exploit Kit
In a deep analysis of RIG, Cisco Talos team outlined the way the exploit kit combines different web technologies such as DoSWF, JavaScript, Flash and VBscript to obfuscate attacks.
View Article
