News

• New Citadel malware variant targets Payza online payment platform

  A new variant of the Citadel financial malware is targeting users of the Payza online payment platform by launching local in-browser attacks to steal their credentials, according to researchers from security firm Trusteer.

• Researchers find critical vulnerabilities in popular game engines

  Security researchers found serious vulnerabilities in the engines of several popular first-person shooter video games that could allow attackers to compromise their online servers and the computers of players accessing them.

• Researchers uncover large cyberfraud operation targeting Australian bank customers

  Security researchers from Russian cybercrime investigations firm Group-IB have uncovered a cyberfraud operation that uses specialized financial malware to target the customers of several major Australian banks.

• Academic institutions urged to take steps to prevent DNS amplification attacks

  Colleges and universities are being encouraged to scrutinize their systems to keep them from being hijacked in DDoS (distributed denial-of-service) attacks.

• Name.com forces customers to reset passwords following security breach

  Domain registrar Name.com forced its customers to reset their account passwords on Wednesday following a security breach on the company's servers that might have resulted in customer information being compromised.

• AutoIt scripting increasingly used by malware developers

  AutoIt, a scripting language for automating Windows interface interactions, is increasingly being used by malware developers thanks to its flexibility and low learning curve, according to security researchers from Trend Micro and Bitdefender.

• Hackers increasingly target shared Web hosting servers for use in mass phishing attacks

  Cybercriminals increasingly hack into shared Web hosting servers in order to use the domains hosted on them in large phishing campaigns, according to a report from the Anti-Phishing Working Group (APWG).

• Recently patched Java flaw already targeted in mass attacks, researchers say

  A recently patched Java remote code execution vulnerability is already being exploited by cybercriminals in mass attacks to infect computers with scareware, security researchers warn.

• Twitter OAuth feature can be abused to hijack accounts, researcher says

  A feature in the Twitter API (application programming interface) can be abused by attackers to launch credible social engineering attacks that would give them a high chance of hijacking user accounts, a mobile application developer revealed Wednesday at the Hack in the Box security conference in Amsterdam.

• Bitcoin mining malware spreading on Skype, researcher says

  Security researchers from Kaspersky Lab have identified a spam message campaign on Skype that spreads a piece of malware with Bitcoin mining capabilities.

• Yandex launches public DNS service with malicious URL filtering

  Russian Web search firm Yandex launched a public DNS (Domain Name System) resolution service on Thursday that leverages the company's existing website scanning technology to block access to malicious and adult-rated sites.

• Most Java-enabled browsers vulnerable to widespread Java exploits, Websense says

  Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published Monday by security vendor Websense.

• Researchers find TeamViewer-based cyberespionage operation

  Security researchers have uncovered yet another ongoing cyberespionage operation targeting political and human rights activists, government agencies, research organizations and industrial manufacturers primarily from Eastern European countries and former Soviet Union states.

• Researcher hijacks insecure embedded devices en masse for Internet scanning project

  An anonymous researcher created a massive botnet by hijacking about 420,000 Internet-accessible embedded devices with default or no login passwords and used it to map the entire Internet.

• Site hosting leaked celebrity data goes offline

  A site that published the private information and credit reports of several celebrities and other public figures last week went offline on Sunday. The last person to have his alleged private information exposed on the site was CIA director John Brennan.