Impersonation phishing scam on Yahoo highlights importance of two-step verification
Yahoo Mail accounts and address books used in family “emergency” impersonation scam.Read More
Microsoft Patch Tuesday – May 2015
This month the vendor is releasing 13 bulletins covering a total of 46 vulnerabilities. Twenty-one of this month’s issues are rated ’Critical’.
Read More
5 questions with: Tomáš He?manský (Product Manager)
Tomáš joined Avast in March 2014 as a Product Manager for Avast Mobile Security. Born in Čáslav, a small town in central Bohemia, he moved to Prague during high school with plans to study at the Police Academy of the Czech Republic. After a while, Tom decided he wanted to study and work in IT […]
2755801 – Update for Vulnerabilities in Adobe Flash Player in Internet Explorer – Version: 40.0
Revision Note: V40.0 (May 12, 2015): Added the 3061904 update to the Current Update section.Summary: Microsoft is announcing the availability of an update for Adobe Flash Player in Internet Explorer on all supported editions of Windows 8, Windows Serve…
3042058 – Update to Default Cipher Suite Priority Order – Version: 1.0
Revision Note: V1.0 (May 12, 2015): Advisory published.Summary: Microsoft is announcing the availability of an update to cryptographic cipher suite prioritization in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Wi…
Breaking Bad-themed ‘Los Pollos Hermanos’ crypto ransomware found in the wild
Crypto ransomware affecting Australian computers uses Breaking Bad theme in ransom demand.Read More
????????????????????????
一键点击式欺诈并不是新的诈骗手段。在日本,这种欺诈手段已经存在了十多年,犯罪分子会引诱受害者点击某些极具诱惑力的提议,强迫他们注册某些通常与色情内容有关的服务。过去,一键点击式欺诈手段主要针对日语用户。最近,赛门铁克公司发现,一键点击式欺诈分子已经开始进行多语言运作,扩展其攻击目标范围,除了常见的日语用户,他们已经开始针对中文目标人群。
??????????????????????
コンテンツをローカライズして香港のユーザーを狙う詐欺が出現
Read More
One-click fraudsters extend reach by learning Chinese
Latest scam campaign localizes content to target users in Hong Kong.Read More
Website Attackers Move to the Cloud While Malware Attacks Fall – Website Security Threat Report 2015
Twitter Card Style:
summary
This post uses information taken from the Symantec Website Security Threat Report 2014 Part One.
2014 saw a change in tactics for those attempting to attack websites and their users. While the number of websites infected with malware decreased almost 50% (from 1 in 566 to 1 in 1126), the number of web attacks decreased by just 13%. This means that each infected website was responsible for many more attacks compared to 2013.
The reason is a huge change of tactics by cyber criminals, who are now using web attack toolkits that are designed to be used in the cloud as Software-as-a-Service (SaaS). These SaaS toolkits use a HTML iframe tag or some obfuscated JavaScript in order to inject malicious code from the SaaS-based exploit toolkit rather than launch the malicious attack directly from exploit code hosted on the compromised website itself.
In terms of the most exploited categories of websites, the attackers are also keeping up with the tech trends. We have seen ‘anonymizer’ websites – which are used to increase web users’ online privacy – break into the top 10 for the first time while automotive sites have dropped out of the top 10.
For much more information on the website security landscape and how you can keep your website visitors safe download the first part of the WSTR here.
