Cryptojacking Attack Found on Los Angeles Times Website

A security researcher found Coinhive code hidden on a Los Angeles Times’ webpage that was secretly using visitors’ devices to mine cryptocurrency. Source: Threadpost

Tax refund, or How to lose your remaining cash

Every year, vast numbers of people around the globe relish the delightful prospect of filling out tax returns, applying for tax refunds, etc. Given that tax authorities and their taxpayers are...

uTorrent Users Warned of Remote Code Execution Vulnerability

Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent's web-based BitTorrent client and its uTorrent Classic desktop client. Source: Threadpost

Intel Issues Updated Spectre Firmware Fixes For Newer Processors

Intel has issued a firmware fix to help its Kaby Lake, Coffee Lake and Skylake processors address the Spectre security flaw. Source: Threadpost

New BEC Spam Campaign Targets Fortune 500 Businesses

A new business email compromise campaign targets financial transactions tied to Fortune 500 firms. Source: Threadpost

Disappearing bytes: Reverse engineering the MS Office RTF parser

Microsoft Office was a prime target for attacks in 2017. As well as the large number of vulnerabilities discovered and proof-of-concept exploits published, malware authors felt it necessary to prevent detection...

Flight Sim Labs’ ‘Heavy Handed’ Anti-Piracy Tactics Raise Hackles

Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software. Source: Threadpost

A Slice of 2017 Sofacy Activity

Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy...

Year-Old Coldroot RAT Targets MacOS, Still Evades Detection

Researchers are warning users about the Coldroot remote access Trojan that is going undetected by AV engines and targets MacOS computers. Source: Threadpost

Apple Rushes Fix for Latest ‘Text Bomb’ Bug As Abuse Spreads

Apple said it is working on a fix for the latest text bomb bug that crashes a number of iOS and Mac apps that display specific Telugu language characters.    Source: Threadpost