In a massive malicious SEO campaign, cybercriminals are promoting low-quality Q&A sites by redirecting visitors to fake discussion forums. As a result, almost 15,000 sites have been compromised. In September 2022, researchers at Sucuri discovered the attacks. Each compromised site was found to contain approximately 20,000 files that were utilized in the search engine campaign.…
Lenovo reports that it has patched two critical security flaws that affected several of its ThinkBook, IdeaPad, and Yoga laptops. Lenovo is also recommending that consumers update their systems immediately. The flaws make it possible for cybercriminals to deactivate the UEFI Secure Boot tool, allowing them to load and run malicious scripts during the system…
An advanced PHP variant of the Ducktail malware poses a risk to Facebook users. On October 13th, 2022, ZScaler, a cloud security firm, published a blog post detailing this latest discovery. The new PHP version is being distributed by “pretending to be a free/cracked program installer.” It also targets numerous platforms, such as Telegram and…
According to a new Akamai analysis, the company’s experts classified about 79 million domains as dangerous in the first half of 2022; based on a NOD (newly observed domain) dataset, this is about 13 million malicious domains per month, representing 20.1% of all the successfully resolved NODs. According to Akamai, a NOD is any domain…
This year, security experts have found three updated versions of Prilex malware that target point-of-sale systems. In 2014, Prilex was a type of malware that targeted ATMs. It switched to PoS (point of sale) devices in 2016, but it wasn’t until 2020 that the malware reached its peak. After that, it faded away in 2021.…
Malware as a Service (MaaS) has gained popularity over the past few years as a method of spreading malware. Typically, MaaS is provided at a monthly, annual, or lifetime subscription price. Once a threat actor obtains access to the malware, they can target individuals through various tactics. A relatively new MaaS has emerged, called Erbium.…
Smaller companies often struggle to develop and invest in robust IT security systems, which can leave them relatively more vulnerable to cyber attacks. If that’s the situation you’re in and you’re trying to decide what to invest in and where to use the money that you have to spend on IT security, here’s a quick…
Even if you don’t consistently install Microsoft’s security patches as soon as they’re released, the September 2022 patch released this week deserves immediate attention. Dozens of bugs, flaws, and vulnerabilities were addressed in this iteration, including fixes for: *30 Remote Code Execution vulnerabilities 18 Elevation of Privilege vulnerabilities 16 Edge/Chromium vulnerabilities 7 Information Disclosure vulnerabilities…
A small but important feature was recently incorporated by the Windows 11 design team. A new Account Lockout Policy enabled by default has been added. This policy automatically locks user accounts (including Admin accounts) after ten failed sign-in attempts. The account remains in a locked state for ten minutes, requiring users to wait that amount…
There’s a new threat to be aware of if you own an android device. Microsoft recently warned that their researchers had spotted a new toll fraud malware strain wreaking havoc in the Android ecosystem. Toll fraud is a form of billing fraud. It is a scheme whereby bad actors attempt to trick unsuspecting victims into…