News

Web server threats and application attacks

• May 29, 2019 29 May'19

  Hackers scan for MySQL ransomware targets

  A security researcher found that malicious actors have been scanning database servers for MySQL ransomware targets running on Windows, but mitigation should be relatively easy.

• April 19, 2019 19 Apr'19

  DNS hijacking campaign targets national security organizations

  A DNS hijacking campaign targeting national security organizations and critical infrastructure may be part of a new trend, according to the researchers behind recent attacks.

• April 16, 2019 16 Apr'19

  Microsoft disputes Outlook data breach report

  Microsoft warned Outlook users who may have had data compromised in an attack using customer support login credentials to access account information over the course of months.

• April 04, 2019 04 Apr'19

  Pipdig WordPress plugin accused of DDoS attacks and backdoors

  Pipdig, a blog theme and plugin company, was accused of using obfuscated code to gain backdoor access to customer blogs and launch low-scale DDoS attacks on rivals.

• April 03, 2019 03 Apr'19

  Proof-of-concept Magento exploit used in attacks

  Experts are urging users to patch after a proof-of-concept Magento exploit was picked up by malicious actors and used in attempted attacks on e-commerce websites.

• March 01, 2019 01 Mar'19

  Coinhive shutdown imminent after troubled cryptomining past

  The Coinhive cryptominer is scheduled to be shut down following a troubled history and experts don't think the company gave the full story as to why the shutdown is happening.

• February 27, 2019 27 Feb'19

  MarioNet attack exploits HTML5 to create botnets

  Researchers created a new browser-based attack, called MarioNet, that exploits an HTML5 API and can create botnets even after a browser tab is closed or a target navigates away.

• February 13, 2019 13 Feb'19

  Dunkin' security alert warns of new credential-stuffing attacks

  Dunkin' sent a security alert to customers warning of potentially malicious access of accounts due to the second credential stuffing attack in less than three months.

• January 29, 2019 29 Jan'19

  Dailymotion credential stuffing attacks lasted more than 6 days

  Video-sharing website Dailymotion reset passwords for an unknown number of users following 'large-scale' credential stuffing attacks that lasted for more than six days before being stopped.

• January 25, 2019 25 Jan'19

  DNS hijack attacks lead to government directive from DHS

  Following a string of DNS hijack attacks around the globe, the Department of Homeland Security has directed federal agencies to harden defenses against DNS tampering.

• January 11, 2019 11 Jan'19

  Iran implicated in DNS hijacking campaign around the world

  FireEye researchers investigating a DNS hijacking campaign against governments and telecom companies said those who are potential targets of Iran should take precautions.

• January 10, 2019 10 Jan'19

  UnCAPTCHA attack updated to bypass spoken phrases

  Researchers updated their unCAPTCHA proof of concept to be more efficient in bypassing audio CAPTCHAs and be able to handle spoken phrases and not just strings of numbers.

• December 20, 2018 20 Dec'18

  Twitter bugs expose user data and direct messages

  Two Twitter bugs led to questions about the platform's user privacy and security, while the company said one of the bugs opened the door to possible state-sponsored attacks.

• December 11, 2018 11 Dec'18

  Second Google+ data exposure leads to earlier service shutdown

  Another Google Plus data exposure -- this time potentially affecting more than 52 million users -- will cause the service to be shut down four months earlier than scheduled.

• November 27, 2018 27 Nov'18

  USPS website flaw exposed data for one year

  The U.S. Postal Service inadvertently exposed the data of 60 million users and has only just fixed the underlying website flaw, despite being notified of the issue one year ago.