Internet Security News, Articles and Updates

Vulnerable MikroTik routers being used to spread Coinhive miner

A security researcher has found that tens of thousands of unpatched MikroTik routers are serving up webpages containing a Coinhive miner.

Cryptojacking operation leverages shortlinks and traffic distribution system to infect users

A cryptojacking operation that injects legitimate websites with secret Coinhive shortlinks was recently discovered to be part of an even larger malicious infrastructure that redirects innocent site visitors to servers that distribute both web-based and standard cryptominers.

Google, Mozilla boot Stylish from add-on stores after it collects data on browsing histories

It seems that for nearly 18 months Stylish collected information about users' web-browsing histories.

Prowli campaign monetized 40K machines across various industries

The campaign dubbed Operation Prowli was observed targeting vulnerable platforms, including CMS servers, backup servers, DSL modems and IOT devices to mine cryptocurrency, promote fake websites and run tech support scams,

Hackers hijack SpamCannibal, spam users with false notifications

All queries to the website's blacklist received a positive response so that spam filters believed the IP addresses were blacklisted.

HTTP injectors used to steal mobile internet connectivity

Flashpoint researchers have come across several Telegram messaging channels being used to exchange HTTP injectors which can then be used to obtain free mobile internet access.

UK politician admits and apologizes for hacking into opponent's website 10 years ago

A now high-ranking member of the UK's Conservative Party admitted and apologized for hacking into her Labour opponent's website to post pro-Tory propaganda, a crime punishable by up to two years in prison.

ICLoader PUA downloader adds malware to its list of deliverable product

A campaign pushing the potentially unwanted app downloader ICLoader was found also to be dropping malware in addition to its traditional advertising and useless software.

Browser stored personal information there for the taking: Report

Researchers have found that browsers like Chrome and Firefox store a great deal of visitor information, much of which can be easily discovered and taken by cybercriminals.

Malicious Reddit 'twin' discovered

The internet now has two front pages, but one is a fake created to scam Reddit fans or as phishing bait.

NIST 1.1 tackles cybersecurity metrics, supply chain

The second draft update of the landmark NIST CSF ups its value and ease of use.

New Mirai variant back on radar after new exploit code published

A new strain of the Mirai IoT malware has been discovered following the publication of exploit code targeting networking equipment.

2020 Census at risk of interference, GAO says

The Government Accountability Office said the security of the 2020 Census IT systems falls short and called for greater congressional oversight.

Microsoft adds ransomware defense with new Windows update

Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.

Mirai Botmaster behind Deutsche Telekom router hijack pleads guilty

A 29-year-old hacker has plead guilty in German court to an attack last year which downed internet service all across the country.

Cisco patches critical remote code execution flaw in WebEx browser extensions

Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

FCC votes to rollback net neutrality regs

The vote, which had been anticipated and hotly debated, was cast along party lines.

FCC claims DDoS, not John Oliver fans advocating net neutrality, slowed site

The Federal Communications Commission blamed a website slowdown to DDoS attacks not a charge of protests led by "Last Week Tonight" host John Oliver.

RiskSecNY: Tips for Threat Sharing

Threat Sharing should be a two-way street with all parties sharing relevant information with each other.

Chrome extension trojan places victims in an endless malware loop

People in several Central and South American countries who want nothing more than to watch video online are being hit with a trojans that redirects the viewers to a new URL that contains malicious content.

FCC chair calls for net neutrality rollback

While he didn't offer many details of the new plans - those will be released Thursday - Ajit Pai called the regulations on the internet adopted by the FCC two years ago, "heavy handed" and politically motivated.

Met Police officer buys malware that monitors messages, calls and more

A London police officer has purchased malware for mobile phones and computers that can intercept calls, emails and more.

CREST/IISP Con: We have tools to fix it so why's the internet still broken?

Malicious hackers are taking advantage of broken internet infrastructure that could be fixed, said NCSC technical director Ian Levy in his keynote speech yesterday at CRESTCon & IISP Congress 2017.

Web hacking only getting worse as webmasters fail to patch ageing code

As part of its #NoHacked campaign, Google has published figures on the state of website security, and the trend doesn't look good.

Zscaler reveals risk of SSL based threats, warns of new security priority

More than half of the internet traffic is already HTTPS encrypted for the sake of higher security. However, the encrypted traffic is used by cyber-criminals as well to hide their malicious activities from detection.

US telecoms regs bow to ISPs, customers no longer federally protected

The US Federal Communications Commission has bowed to the telecoms lobby in blocking a regulation which would make ISPs take 'reasonable measures' to protect customer data.

Securing smart cities requires collaboration

"Cybersecurity is a service and the service is enterprise is risk management," City of San Diego Chief Information Security Officer, Deputy Director Gary Hayslip