An Android malware campaign called Judy has been discovered lurking in more than 40 apps in the Google Play Store, and it might have punched its way through as many as 36.5 million devices. Check Point discovered the malware that thankfully doesn't resort to ransomware or stealing bank credentials.
Instead, it installs a form of auto-clicking adware to generate large amounts of fraudulent clicks on advertisements in order to raise money for the perpetrators. The malware has a reach of anywhere between 8.5 million and 36.5 million users worldwide from 41 different apps offered for sale on the Google Play Store.
Read moreWith more than a half billion domains infected by the RoughTed malvertising operation, its effectiveness only continues to escalate, according to Jérôme Segura, lead malware intelligence analyst at Malwarebytes Labs, writing on the company blog.
While it peaked in March 2017, the scourge has been rolling out for more than a year with a dark cornucopia encompassing scams and exploit kits that go after a broad range of targets using their operating system, browser and geolocation to inject the appropriate payload, Segura wrote. And its success in compromising systems lies in its sophisticated techniques that usurp control from victims and get around ad-blockers.
Read moreIf the NSA's leaked hacking tools had a Voltron, it would be EternalRocks. On Sunday, researchers confirmed new malware, named EternalRocks, that uses seven exploits first discovered by the National Security Agency and leaked in April by the Shadow Brokers group. Experts described the malware as a "doomsday" worm that could strike suddenly.
Earlier this month, the WannaCry ransomware plagued hospitals, schools and offices around the world and spread to more than 300,000 computers. It uses two NSA exploits that were leaked by the Shadow Brokers, EternalBlue and DoublePulsar.
Read moreThe majority of machines hit by the WannaCry ransomware worm in the cyber-attack earlier this month were running Windows 7, security firms suggest. More than 97% of the infections seen by Kaspersky Lab and 66% of those seen by BitSight used the older software.
WannaCry started spreading in mid-May and, so far, has infected more than 200,000 computers around the world. In the UK, some hospitals had to turn away patients as the worm shut down computer systems. Many suggested that the reason UK hospitals suffered was because many of them still relied on programmes that required Windows XP - a version of Microsoft's OS that debuted in 2001.
Read moreA series of potentially calamitous leaks in India leave as many as 130 million people at risk of fraud or worse after caches of biometric and other personal data became accessible online.
That’s according to a new report from the Bangalore-based Centre for Internet and Society (CIS), which details breaches at four national- and state-run databases, all of which are said to contain purportedly “uniquely-identifying” Aadhaar numbers. Launched in 2009, the Aadhaar system is an ambitious, albeit flawed program aimed at assigning unique identity numbers, not only to Indian citizens, but everyone who resides and works in the country.
Read moreA known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday.
The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train.
Read moreThe Gmail phishing attack that played out across Google's billion-user email platform Wednesday afternoon was "particularly insidious" and created by someone with considerable skill, say cybersecurity experts.
The scam involved sending users a malicious link from what looked like a familiar contact; when users clicked it and logged on, the hacker gained access to their Gmail credentials, thereby getting the keys to the kingdom for a user's entire online life — and enabling the virus to replicate itself. While Google says it has fixed the problem, it still remains a mystery who may have launched the worm that quickly made the rounds online.
Read moreA massive phishing campaign targeting Google accounts ripped through the internet on Wednesday afternoon. Several people online across a range of industries said they received emails containing what looked like a link to a Google Doc that appeared to come from someone they know.
These, however, were malicious emails designed to hijack their accounts. If you have clicked on the link, go to your Google account's page where you can manage the permissions you've granted to apps. Then locate the "Google Doc" app. This looks totally legitimate, but it's actually not.
Read moreA Chinese infosec researcher has reported about an "almost impossible to detect" phishing attack that can be used to trick even the most careful users on the Internet.
He warned, hackers can use a known vulnerability in the Chrome, Firefox and Opera web browsers to display their fake domain names as the websites of legitimate services, like Apple, Google, or Amazon to steal login or financial credentials and other sensitive information from users. What is the best defence against phishing attack? Generally, checking the address bar after the page has loaded and if it is being served over a valid HTTPS connection. Right?
Read moreSeveral users have complained that ads served through Microsoft's Skype app are serving malicious downloads, which if opened, can trigger ransomware.
News of the issue came from a Reddit thread, in which the original poster said that Skype's home screen -- the first screen that shows up on consumer versions of the software -- was pushing a fake, malicious ad, purporting to be a critical update for the Flash web plug-in. According to the thread, the ad triggered a download of an HTML application, designed to look like a legitimate app. The app, when opened, would download a malicious payload, which locks the user's computer and encrypts its files for ransom.
Read moreAxarhöfði 14,
110 Reykjavik, Iceland