Microsoft Warns on OAuth Attacks Against Cloud App Users
Application-based attacks that use the passwordless “log in with…” feature common to cloud services are on the rise.
Zoom Zero-Day Allows RCE, Patch on the Way
Researchers said that the issue is only exploitable on Windows 7 and earlier.
Joker Android Malware Dupes Its Way Back Onto Google Play
A new variant of the Joker malware has hoodwinked its way onto the Google Play marketplace yet again, in 11 Android apps that were recently removed.
BlueLeaks Server Seized By German Police: Report
The server contained almost 270 gigabytes of data collected from 200 police departments, law enforcement training and support resources and fusion centers.
‘Undeletable’ Malware Shows Up in Yet Another Android Device
Researchers have found trojans and adware in preinstalled apps on a low-cost device distributed by the government-funded Lifeline Assistance Program.
Advertising Plugin for WordPress Threatens Full Site Takeovers
Thousands of vulnerable websites need to apply the patch to avoid RCE.
Notorious Hacker ‘Fxmsp’ Outed After Widespread Access-Dealing
The Kazakh native made headlines last year for hacking McAfee, Symantec and Trend Micro; but the Feds say he’s also behind a widespread backdoor operation spanning six continents.
Microsoft Seizes Malicious Domains Used in Mass Office 365 Attacks
The phishing campaign targeted Office 365 accounts in 62 countries, using business-related reports and the coronavirus pandemic as lures.
15 Billion Credentials Currently Up for Grabs on Hacker Forums
Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.
Redirect auction
We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. Recently, while examining…