Organizations lost $2.7 billion to Internet-enabled theft, fraud and exploitation in 2018, with business e-mail compromise scams resulting in the highest of these financial losses, according to the FBI’s Internet Crime Complaint Center (IC3).
Tag: Internet security
Researchers Find More Connected Sex Toys Face Hacking Risk
Researchers have found that Vibratissimo sex toys manufactured by a German company are vulnerable to attacks that could expose sensitive user information and allow hackers to take remote control of someone’s sex toy.
New Rapidly-Spreading Hide and Seek IoT Botnet Identified by Bitdefender
BitDefender has identified a new fast-spreading IoT botnet called Hide and Seek that has the potential to perform information theft for espionage or extortion.
BadNews: Mobile Attackers Pivot To Malicious Ads
The identification over the weekend of a large-scale outbreak of mobile malware dubbed “BadNews” is bad news, indeed for millions of Android device users, who downloaded applications from the official Google Play application store that connected their devices to a malicious advertising network, dubbed “BadNews.” The discovery of the malware-infected apps, which were downloaded between two- and nine million times, suggests a new wrinkle in the mobile malware space, with attackers turning to honest-seeming mobile ad networks to push out malicious links and collect information on compromised devices. “This is one of the first times that we’ve seen a malicious distribution network clearly posing as an ad network,” wrote Lookout’s Marc Rogers on the company blog. He speculated that the new tactic may reflect improved security on the Google Play app store following the introduction of the Bouncer malware scanner. Lookout said that the company notified Google, which removed the […]
Anti-Social: Popular WordPress Sharing Plugin Linked To Payday Loan Spam
A popular plug-in for sharing blog content on social networks was discovered to have hidden code that was injecting WordPress blogs with links to phony Pay Day Loan offers and other spam, according to the firm Sucuri. The plug-in, named Social-Media-Widget (SMW) was compromised with malicious code 12 days ago, in concert with an update of the widget. The new version of the plug-in contained a hidden call to a remote PHP script that inserted “Pay Day Loan” spam text and links into WordPress web sites running the plugin. The goal was to infect as many web sites as possible with text that would increase the web reputation and visibility of a web site run by the spammers, according to the post on Tuesday, by Daniel Cid, Sucuri’s CTO. SMW is among the most popular add-ons for Wordpess sites. It allows bloggers who use WordPress to configure sharing buttons that will […]
