Internet Security | SC Media

Internet Security

Domen toolkit customizes fake web page overlays to bolster infection odds

A malicious campaign has been leveraging a newly discovered social engineering toolkit to distribute a wide range of phony web page overlays, seemingly generating at least 100,000 page views in the just the past few weeks. The toolkit, dubbed Domen, uses a cleverly written client-side script (“template.js”) to deliver these fraudulent overlays, which are loaded…

Vast majority of newly registered domains are malicious

Newly registered domains (NRDs) are created at the astounding rate of about 200,000 every day and a recent report indicates that 70 percent of these are malicious or suspicious and used for a wide range of nefarious activities. The NRDs are an interesting breed with some staying active for a very brief period, just hours,…

Fake VPN and office software websites spread Bolij.2 banking trojan

Cybercriminals recently set up impostor websites for the NordVPN virtual private network service and two office software products, in an attempt to infect visitors with the Win32.Bolij.2 banking trojan, according to researchers. Launched on Aug. 8, the fake NordVPN site, nord-vpn[.]club, has already drawn thousands of visitors so far this month, Dr.Web reports in an…

D-Link agrees to overhaul security in FTC settlement

D-Link agreed to make several security enhancements that overhaul the firm’s security platform to settle a Federal Trade Commission (FTC) litigation case concerning allegations that the company misrepresented the security of its products.  The case stems from a 2017 complaint against D-Link for the company’s routers and IoT cameras leaving sensitive consumer information, including live…

Apple adds security measures for app, website developers

Apple included a single sign on tool and a new email security feature in iOS 13 that software developers can implement in their apps and websites, the company announced this week at its Worldwide Developers Conference. To facilitate a customer’s ability to sign into an app or website Apple introduced Sign In with Apple. This…

Google adds to Baltimore’s ransomware woes

A recent attempt by Baltimore government officials to create a workaround that would allow them to email while the city recovers from a ransomware attack was temporarily stymied by Google. Baltimore staffers had started to create Google Gmail accounts as a temporary replacement communication system. However, Google’s automatic security apparatus shut down the accounts as…

Microsoft’s May Patch Tuesday covers ZombieLoad, WER vulnerabilities

Microsoft put forth a long list of security updates to cover 79 vulnerabilities, 19 listed as critical, which included four connected to a Microarchitectural Data Sampling (aka ZombieLoad) vulnerability in Intel processors in its May Patch Tuesday release. While CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 grabbed the headlines yesterday, Microsoft also patched CVE-2019-0863 which has been spotted…

ghostlyskullmobilemalware_826540

Retefe Revisited: Banking trojan reemerges, adopts new set of tools

Researchers have noticed a recent upswing in attacks against banks featuring the Retefe banking trojan, following what was apparently a fairly quiet 2018 for the malware. The trojan is historically known for targeting the banking industry in countries like Austria, Sweden, Switzerland and the UK. Rather than using malicious web injects to execute man-in-the-browser attacks…

VPN Endgame

Choosing a virtual private network (VPN) can be difficult. Besides selecting a VPN provider, users must also choose between a paid VPN or a free VPN, among other factors. Simply picking a seemingly “free” VPN can have consequences ranging from having information logged and sold to advertisers, which may defeat the purpose of using a…

DNSpionage actors adjust tactics, debut new remote administration tool

The actors responsible for the DNSpionage DNS hijacking campaign have altered some of their tactics, techniques and procedures (TTPs), introducing a new reconnaissance phase as well as a new malicious remote administration tool called Karkoff. Discovered last November, the operation primarily targets Lebanon- and United Arab Emirates-affiliated .gov domains, commandeering the websites’ DNS servers so…

Next post in Security News