Exploit This

Security News, Exploits, and Vulnerabilities.

Security Firm Redefines APT: African Phishing Threat

A security firm made headlines last week when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests that the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.

St. Louis Federal Reserve Suffers DNS Breach

The St. Louis Federal Reserve today sent a message to the banks it serves alerting them that in late April 2015 attackers succeeded in hijacking the domain name servers for the institution. The attack redirected Web searches and queries for those seeking a variety of domains run by the government entity to a Web page set up by the attackers in an apparent bid by cybercrooks to hijack online communications of banks and other entities dealing with the regional Fed office.

Starbucks Hacked? No, But You Might Be

When it comes to reporting on breaches involving customer accounts at major brands, the news media overall deserves an F-minus. Hardly a week goes by when I don’t hear from readers about a breathless story proclaiming that yet another household brand name company has been hacked. Upon closer inspection, the stories usually are based on little more than anecdotal evidence from customers who had their online loyalty or points accounts hijacked and then drained of value.

Mobile Spy Software Maker mSpy Hacked, Customer Data Leaked

mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Dark Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.”

The Naikon APT

The Naikon APT was one of the most active APTs in Asia. The attackers targeted mainly top-level government agencies and civil and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China. For years they have mined victims, apparently in search of geo-political intelligence.

Spam and Phishing in the First Quarter of 2015

The share of spam in email traffic in the first quarter of 2015 was 59.2%; the percentage of spam gradually declined during the quarter. Spam traffic included a large number of mass mailings with Microsoft Word or Excel attachments containing macro viruses.

Microsoft Security Updates May 2015

Microsoft released a set of thirteen Security Bulletins (MS015-043 through MS015-055) to start off May 2015, addressing 38 vulnerabilities in a wide set of Microsoft software technologies. Three of these are rated critical for RCE and the rest of the May 2015… Read Full Article

Adobe, Microsoft Push Critical Security Fixes

Microsoft today issued 13 patch bundles to fix roughly four dozen security vulnerabilities in Windows and associated software. Separately, Adobe pushed updates to fix a slew of critical flaws in its Flash Player and Adobe Air software, as well as patches to fix holes in Adobe Reader and Acrobat. Three of the Microsoft patches earned the […]

How to mitigate 85% of threats with only four strategies

The Australian Signals Directorate Top35 list of mitigation strategies shows us that at least 85% of intrusions could have been mitigated by four mitigation strategies together. Kaspersky Lab has technological solutions to cover the most strategies from ASD’s list.

Who’s Scanning Your Network? (A: Everyone)

Not long ago I heard from a reader who wanted advice on how to stop someone from scanning his home network, or at least recommendations about to whom he should report the person doing the scanning. I couldn’t believe that people actually still cared about scanning, and I told him as much: These days there are countless entities — some benign and research-oriented, and some less benign — that are continuously mapping and cataloging virtually every devices that’s put online.

%d bloggers like this: