Exploit This

Security News, Exploits, and Vulnerabilities.

mSpy Denies Breach, Even as Customers Confirm It

Last week, KrebsOnSecurity broke the news that sensitive data apparently stolen from hundreds of thousands of customers mobile spyware maker mSpy had been posted online. mSpy has since been quoted twice by other publications denying a breach of its systems. Meanwhile, this blog has since contacted multiple people whose data was published to the deep Web, all of whom confirmed they were active or former mSpy customers.

Security Firm Redefines APT: African Phishing Threat

A security firm made headlines last week when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests that the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.

St. Louis Federal Reserve Suffers DNS Breach

The St. Louis Federal Reserve today sent a message to the banks it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office.

Starbucks Hacked? No, But You Might Be

When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus. Hardly a week goes by when I don’t hear from readers about a breathless story proclaiming that yet another household brand name company has been hacked. Upon closer inspection, the stories usually are based on little more than anecdotal evidence from customers who had their online loyalty or points accounts hijacked and then drained of value.

Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked

mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Dark Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”

The Naikon APT

The Naikon APT was one of the most active APTs in Asia. The attackers targeted mainly top-level government agencies and civil and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China. For years they have mined victims, apparently in search of geo-political intelligence.

Spam and Phishing in the First Quarter of 2015

The share of spam in email traffic in the first quarter of 2015 was 59.2%; the percentage of spam gradually declined during the quarter. Spam traffic included a large number of mass mailings with Microsoft Word or Excel attachments containing macro viruses.

Microsoft Security Updates May 2015

Microsoft released a set of thirteen Security Bulletins (MS015-043 through MS015-055) to start off May 2015, addressing 38 vulnerabilities in a wide set of Microsoft software technologies. Three of these are rated critical for RCE and the rest of the May 2015… Read Full Article

Adobe, Microsoft Push Critical Security Fixes

Microsoft today issued 13 patch bundles to fix roughly four dozen security vulnerabilities in Windows and associated software. Separately, Adobe pushed updates to fix a slew of critical flaws in its Flash Player and Adobe Air software, as well as patches to fix holes in Adobe Reader and Acrobat. Three of the Microsoft patches earned the […]

How to mitigate 85% of threats with only four strategies

The Australian Signals Directorate Top35 list of mitigation strategies shows us that at least 85% of intrusions could have been mitigated by four mitigation strategies together. Kaspersky Lab has technological solutions to cover the most strategies from ASD’s list.

%d bloggers like this: