data theft
Data exfiltration tool PTP-RAT encodes data in pixel colour values
How to exfiltrate data from a machine that doesn’t have file transfer capabilities or whose Remote Desktop Protocol (RDP) connection has been locked down, making it …
Malicious Chrome extension steals all data
There’s a glut of malicious Google Chrome extensions out there, but some are more harmful than others. The one that SANS ISC incident handler Renato Marinho has dubbed …
Defense contractors, manufacturers targeted with malware-as-a-service infostealer
Information stealing FormBook malware is being lobbed at defense contractors, manufacturers and firms in the aerospace sector in the US and South Korea. Delivery methods The …
Disqus, Forrester Research suffer data breach
Popular blog comment hosting service Disqus and market research company Forrester Research announced late on Friday that they’ve suffered a breach. While the latter was …
The 2013 Yahoo breach affected all 3 billion of its users
Yahoo, now part of the newly created Verizon subsidiary Oath, has announced that the 2013 breach it disclosed in December 2016 affected more users than previously believed. …
Equifax, former CEO reveal more details about the devastating breach
Mandiant has concluded the forensic part of its Equifax breach investigation, and the results are as follows: 2.5 million additional US consumers were potentially impacted, …
XPCTRA financial malware leaves no stone unturned
A Trojan that has previously been only stealing users’ banking credentials has been modified to do much more than that. This new variant, dubbed XPCTRA, can also steal …
Hackers stole contact info of 6 million Instagram users and are selling it online
Last week, Instagram pushed out a patch for a bug in the service’s API that allowed attackers to discover users’ email address and/or phone number. Facebook-owned …
Seagate to pay millions for forking over employee info to scammers
A moment of inattention by one of its employees, and Seagate stands to lose tens of millions of dollars. No, the company was not the victim of a BEC scam – instead, it …
Two Iranians charged with hacking, stealing US missile design software
Two Iranians are accused of hacking of a US software company and the theft of missile design software restricted from export from the US without a license. Mohammed Reza …
Android backdoor GhostCtrl can do many unusual things
There is no shortage of Android malware, but it’s not often that one encounters an Android threat that can do as much as the GhostCtrl backdoor. According to Trend Micro …
How Magecart attackers monetize stolen payment card info
The Magecart campaign, aimed at compromising online shops with malicious JavaScript code to collects payment card info, is still going strong, and researchers have pinpointed …