Latest News


Google, Mozilla Ban Hundreds of Browser Extensions in Chrome, Firefox

After discovering a wide pattern of potentially malicious behavior in browser extensions, the two search giants are cracking down.

Both the Google Chrome and Mozilla Firefox teams are cracking down on web browser extensions that steal user data and execute remote code, among other bad actions.

Browser extensions are add-ons that users can install to enhance their web surfing experience – they offer the ability to do everything from setting a special search wallpaper to displaying continuous weather data to language translation. This group also includes things such as ad blockers and security scanning (...)

New Muhstik Botnet Attacks Target Tomato Routers

A new variant of the Muhstik botnet has appeared, this time with scanner technology that for the first time can brute-force web authentication to attack routers using Tomato open-source firmware, researchers have found.

Researchers at Palo Alto Networks’ Unit 42 discovered the new variant harvesting vulnerable routers and IoT devices in early December, they reported in a blog post Tuesday. Muhstik, showing a wormlike self-propagating capability that can infect Linux servers and IoT devices, has been active since March 2018.

Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices

A hacker has published this week a massive list of Telnet credentials for more than 515,000 servers, home routers, and IoT (Internet of Things) "smart" devices.

The list, which was published on a popular hacking forum, includes each device's IP address, along with a username and password for the Telnet service, a remote access protocol that can be used to control devices over the internet.

Phishers are using “black SEO” to lure users in to malicious downloads masquerading as the latest Star Wars movie.

Whenever the internet lights up in anticipation of anything, there are fraudsters and scammers waiting in the wings to take advantage of it. This week’s premiere of Star Wars: The Rise of Skywalker is no exception, with cybercriminals eyeing one of the world’s most beloved franchises as rich fodder for phishing attempts.

Researchers at Kaspersky ran a scan of the web this week and have found more than 30 phishing sites and malicious social-media profiles disguised as official movie accounts. The actual number of these kinds of sites, of course, could be much higher

267M Facebook Users’ Phone Numbers Exposed Online

A database exposing the names, phone numbers and Facebook user IDs of millions of platform users was left unsecured on the web for nearly two weeks before it was removed.

Security researcher Bob Diachenko, who along with Comparitech discovered the unsecured Elasticsearch database, believe it belongs to a cybercriminal organization, as opposed to Facebook. Diachenko went to the internet service provider (ISP) managing the IP address of the server so that the access could be removed.

“A database this big is likely to be used for phishing and spam, particularly via SMS,” according to the Thursday report. “Facebook users should be on the lookout for suspicious text messages. Even if the sender knows your name or some basic information about you, be skeptical of any unsolicited messages.”