Mass WordPress compromises redirect to tech support scams
Thousands of WordPress sites have been injected with the same malicious redirection. We review the infection details and the malicious traffic leading to browser lockers.
Explained: regular expression (regex)
What is regular expression (regex) and what makes it vulnerable to attack? Learn how to use regex safely and avoid ReDoS attacks in the process.
USPS-themed malspam now delivering 1-2-3 knock-out
We’ve detected an uptick in USPS-themed malspam walloping users with a 1-2-3 knock-out of nasty malware designed to infiltrate your system and steal all your most valuable information. This malware-laced email is actively being distributed with various Subject and Body messages containing references to missing and/or late USPS parcels.
Fake pharma sites are getting even more obnoxious
Recently, we have noticed that pharma sites seem to have discovered the use of JavaScript to change the “Stay or Leave” messages that you see, when you try to close or leave their sites.
Advanced phishing tactics used to steal PayPal credentials
A new example was found of a phishing mail trying to get a hold of your PayPal login credentials by using a javascript sending them to a data_receiver_url
Clipboard poisoning attacks on the Mac
Graham Cluley drew my attention the other day to an issue that has apparently been known to some for years, but was new to me: clipboard poisoning, an issue where a website can replace what you think is on your clipboard with something else. Although this seems like an insignificant issue on first glance, it turns out that there are some very serious implications.
App Update Tool Could Endanger iOS Users
Some iOS developers are integrating an update library called JSPatch, used for delivering faster updates to their apps. That’s a great idea, but unfortunately, there are some serious security concerns involved.
Browlock Redirects Via Google Image Search
Scammers redirect image search results to display browlock scare pages.
A Tumblr of trouble
Tumblr is a hot spot for malware infections, spam and other security issues. But this one disguises itself as a legitimate JavaScript.
A nefarious use of Google Drive to load malicious redirects
A lesser known aspect of the popular cloud storage Google Drive is its built-in site publishing feature that allows you to upload an entire directory containing static web files (HTML, JavaScript, CSS, etc.) and to publish your own website. Bad guys are uploading malicious scripts and using them as part of a well thought chain…