An ongoing malware campaign that attempts to exploit web servers susceptible to the Drupalgeddon 2.0 bug in order to infect them with an XMRig-based cryptominer has generated around $11,000 in profits since commencing last April and peaking on May 20.
Cryptocurrency service Bancor robbed of millions; MyEtherWallet users targeted via malicious VPN Chrome extension
Cryptocurrency token conversion service Bancor disclosed yesterday that hackers stole millions in coins from one of its online wallets, while Etherium crypto wallet service MyEtherWallet warned that hackers may have compromised anyone who accessed its service while using the free VPN service Hola and its Chrome extension.
A cryptojacking operation that injects legitimate websites with secret Coinhive shortlinks was recently discovered to be part of an even larger malicious infrastructure that redirects innocent site visitors to servers that distribute both web-based and standard cryptominers.
The website for the restaurant that recently refused to host White House Press Secretary Sarah Huckabee Sanders was found unknowingly hosting hidden code linking to ads for Viagara and other pharmaceuticals.
Apple's newest enhancements to its Safari browser will inhibit websites and apps -- including Facebook -- from using cookies and fingerprinting techniques to track users across the internet.
A spam campaign called Brain Food has been feeding email recipients a steady diet of junk messages containing links to pages promoting bogus intelligence-boosting supplements and diet pills.
U.S. prosecutors filed an indictment yesterday for two alleged Syrian Electronic Army hacktivists who are accused of compromising news media websites and social media accounts in order to spread propaganda supporting the regime of Sryian president Bashar al-Assad.
The RIG exploit kit has been causing trouble again, this time delivering a backdoor trojan called Grobios, which takes great pains to avoid detection and evade virtual and sandbox environments.
Google's latest stable channel update for the Windows, Mac and Linux versions of Chrome fixes four vulnerabilities, including a critical bug that can lead to sandbox escape.
Nearly 400 websites running outdated and vulnerable versions of the Drupal content management system, many affiliated with governments and educational institutions, were recently discovered to be running cryptomining programs without their operators' knowledge.
A recently uncovered tech support scam campaign has compromised thousands of websites with malicious ad injections that redirect users to a browser locker page that claims their computers are infected.
CPU chip manufacturers are facing a brand new onslaught of Spectre speculative execution vulnerabilities, some of which could be disclosed as soon as Monday, May 7, German technology news outlet c't has reported.
The developer of the PHP (Hypertext Preprocessor) server-side scripting language has issued a series of updates that fix 40 vulnerabilities spread across four different versions -- the most serious of which was severe enough to allow an attacker to execute arbitrary code within the context of an affected application.
We already have the means to significantly curtail fake news campaigns emanating from Russia and elsewhere, but it is up security practitioners, and especially online content and advertising platforms, to meaningfully employ these measures, according to Dr. Daniel Rogers, CEO of Terbium Labs.
A now high-ranking member of the UK's Conservative Party admitted and apologized for hacking into her Labour opponent's website to post pro-Tory propaganda, a crime punishable by up to two years in prison.
Each time a user doubles the amount of time he spends visiting illegal torrent and streaming websites, the malware count on his machine jumps another 20 percent, according to an academic paper released earlier this month.
Digital entertainment powerhouse Netflix officially launched a public bug bounty program on Wednesday, offering vulnerability hunters anywhere from $100 to $15,000 per discovery.
As many as 150 player accounts registered with the UK's National Lottery were compromised, accessed and potentially viewed by an unauthorized party, according to an online statement from Camelot, the parent company that runs the sweepstakes.
Breaches expose 50,000 student and teacher records at Leon County Schools; more districts likely affected
The records of roughly 50,000 students, parents, teachers and staff members from the Leon County Schools District in Tallahassee, Fla. were compromised in two related breach incidents involving a third-party education services provider.
The makers of a new "Traffic Distribution System" that performs malicious drive-by attacks as a service to paying cybercriminals have been advertising their product in underground online markets since December last year, according to a new report from Proofpoint.
The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to at least a select few of the 2.27 million computers that had downloaded the tainted utility program.
Researchers have found that browsers like Chrome and Firefox store a great deal of visitor information, much of which can be easily discovered and taken by cybercriminals.
The adversaries who have been abusing exposed memcached servers to launch amplified distributed denial of service attacks have been including a ransom note amidst their flood of malicious packets, according to researchers from Cybereason who now suspect the actors' true motivation is extortion.
GitHub on Wednesday withstood the largest-ever recorded distributed denial of service attack in history, experiencing roughly 10 minutes of disruption during the onslaught, which was amplified using exposed memcached servers -- a vector that has seen a significant increase in abuse since last month.
Hewlett Packard Enterprise has disclosed the discovery of a serious vulnerability in a previous version of its Lights-Out 3 embedded server management technology, which could be remotely exploited to trigger a denial of service condition.
The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps after Google Project Zero researcher Tavis Ormandy found critical vulnerabilities that can result in remote code execution and information disclosure upon visiting malicious websites.
Exclusive: Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers
Security researchers say they discovered several vulnerabilities and security lapses in Kaspersky Lab's my.kaspersky.com web portal earlier this month, adding that the flaws exposed users to potential session hijackings and account takeovers.