Critical Java 0-day flaw exploited in the wild
Researchers from security firm FireEye have discovered targeted attacks exploiting a zero-day Java vulnerability to deliver the Poison Ivy RAT onto the unsuspecting …
Google announces $2 milion in prizes for Pwnium 2
Following the announcement that it will be upping the monetary rewards given to security researchers that responsibly disclose Chromium vulnerabilities, Google has announced …
Bogus “Your eBay funds are cleared” email leads to exploits
Following the email supposedly sent by an unsatisfied customer, eBay sellers are targeted by scammers once again. While the first email threatened with negative feedback, this …
Bogus wire rejection notices lead to exploit kit
Fake notices about a rejected wire transfer have been hitting inboxes around the world, trying to trick recipients to download the attached malicious file, Sophos warns. The …
Fake Facebook photo tag notification leads to malware
Beware of fake Facebook emails telling you that you’ve been tagged in a photo, as you could easily end up infected with malware. The emails do visually resemble messages …
The use of exploit kits changed spam runs
Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate …
Microsoft revokes 28 of its code-signing certificates
The long awaited patch for the CVE-2012-1889 vulnerability that has been heavily exploited in the wild and the exploit for which has even been included in the Blackhole …
Fake Amex warning leads to exploit kit
A fake American Express email trying to lure users into following a malicious link by making them think that someone has reset their password for their online account has …
Blackhole exploit kit got upgraded
Phoenix and Blackhole are the most popular and widely used exploit kits because their creators are always tinkering with them and pushing out update and improved attack …
Researchers break RSA SecurID 800 token in 13 minutes
An international team of scientists that goes by the name of “Team Prosecco” claims to have devised attacks that manage to extract the secret cryptographic key …
Bogus BancorpSouth emails lead to exploit kit
Fake security related notices ostensibly coming from BancorpSouth, a bank holding company operating mainly in the South of the United States, have been hitting users’ …
Compromised website serving “state-sponsored” 0-day exploit
The still unpatched Microsoft XML Core Services vulnerability (CVE-2012-1889) that allows attackers to gain the same user rights as the logged on user and execute malicious …
Featured news
Resources
Don't miss
- CISOs, are your medical devices secure? Attackers are watching closely
- Cybersecurity classics: 10 books that shaped the industry
- NIST selects HQC as backup algorithm for post-quantum encryption
- NetBird: Open-source network security
- Burnout in cybersecurity: How CISOs can protect their teams (and themselves)