Years-Long ‘SilentFade’ Attack Drained Facebook Victims of $4M
Facebook detailed an ad-fraud cyberattack that’s been ongoing since 2016, stealing Facebook credentials and browser cookies.
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.
Emotet Emails Strike Thousands of DNC Volunteers
Hundreds of U.S. organizations on Thursday received emails purporting to come from the Democratic National Committee, in a new politically charged Emotet spear-phishing attack.
QR Codes: A Sneaky Security Threat
What to watch out for, and how to protect yourself from malicious versions of these mobile shortcuts.
Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
Cybercriminals set up three different CAPTCHAs that Office 365 targets must click through before the final phishing page.
NFL, NBA Players Hacked in Would-Be Cyber-Slam-Dunk
Federal prosecutors charged two men with crimes that carry up to 20 years in prison.
Spammers Smuggle LokiBot Via URL Obfuscation Tactic
Researchers say that the campaign sidesteps end user detection and security solutions.
InterPlanetary Storm Botnet Infects 13K Mac, Android Devices
In addition to Windows and Linux machines, a new variant of the malware now targets Mac and Android devices.
OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more.
Android Spyware Variant Snoops on WhatsApp, Telegram Messages
The Android malware comes from threat group APT-C-23, also known as Two-Tailed Scorpion and Desert Scorpion.