Malvertising—the combination of malware and advertising—is nothing new. Cyber criminals have long taken advantage of legitimate web advertising agencies to sneak evil code into the ads of some very popular websites. However, a new malvertising campaign called Stenago takes stealthy malicious ads to a new level. By hiding its evil script in the transparency data of an image, and … [Read more...]
Your Facebook Friends Might Be Sending You Ransomware
Over the weekend, a security researcher discovered malware distributed via Facebook messages. Attackers used Facebook messages to send a malicious Scalable Vector Graphics (SVG) image that, when clicked, executes heavily obfuscated JavaScript. The JavaScript ultimately redirects the victim to a fake YouTube webpage that then prompts the user to install a browser extension with … [Read more...]
No, Brad Pitt isn’t Dead and Hopefully You Didn’t Click That Link
Cyber criminals often take advantage of people’s curiosity to phish sensitive information. Last week, cyber criminals used the news of Brad Pitt and Angelina Jolie’s impending divorce to launch a phishing campaign against Facebook users. The attack linked to a fake Fox News report claiming celebrity Brad Pitt took his own life in order to trick users into loading a malicious … [Read more...]
Lessons from Blackhat 2016 – Investigating DDoS-as-a-Service
Last week at the Blackhat and DEFCON security conferences in Las Vegas, I had the privilege of attending several presentations by some brilliant information security researchers. My next few editorials will cover my favorite presentations and what we all can learn from them. Last Thursday at Blackhat, FBI special agent Elliot Peterson and Andre Correa, co-founder of Malware … [Read more...]