Tag: website
-
Patch early, patch often, but don’t blindly trust every ‘patch’
Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of the ‘FakeUpdates’ campaign, where thousands of websites with an out-of-date content management system have been compromised to spread malware. Rather than exploiting vulnerabilities in browsers or browser plug-ins, as…
-
Patch early, patch often, but don’t blindly trust every ‘patch’
Patching is important, but not everything that presents itself as a security patch is safe to install. Malwarebytes researcher Jérôme Segura has written a detailed analysis of the ‘FakeUpdates’ campaign, where thousands of websites with an out-of-date content management system have been compromised to spread malware. Rather than exploiting vulnerabilities in browsers or browser plug-ins, as…
-
There are lessons to be learned from government websites serving cryptocurrency miners
This was awkward. On Sunday, the Information Commissioner’s Office (ICO), the UK’s data protection regulator and thus the public body that issues fines for data breaches, was found to be serving a JavaScript-based cryptocurrency miner on its website. The issue was first reported by security researcher Scott Helme, who discovered that the ICO wasn’t the…
-
There are lessons to be learned from government websites serving cryptocurrency miners
This was awkward. On Sunday, the Information Commissioner’s Office (ICO), the UK’s data protection regulator and thus the public body that issues fines for data breaches, was found to be serving a JavaScript-based cryptocurrency miner on its website. The issue was first reported by security researcher Scott Helme, who discovered that the ICO wasn’t the…
-
WordPress users urged to manually update to fix bug that prevents automatic updating
WordPress has long had a bad reputation in the security community. While this is understandable – compromised installations of the popular content management system are regularly used to spread malware and spam – it is also a little unfair, as the security of WordPress has improved a lot over the years. Indeed, exploitable vulnerabilities in the…
-
WordPress users urged to manually update to fix bug that prevents automatic updating
WordPress has long had a bad reputation in the security community. While this is understandable – compromised installations of the popular content management system are regularly used to spread malware and spam – it is also a little unfair, as the security of WordPress has improved a lot over the years. Indeed, exploitable vulnerabilities in the…
-
Romanian university website compromised to serve Neutrino exploit kit
This blog post was written by Martijn Grooten and Adrian Luca. Like every summer, millions of prospective students around the world have been taking entry exams for the university courses they want to attend. Imagine how horrible it would be if those students, after visiting the website of their university of choice, suddenly found all…
-
Romanian university website compromised to serve Neutrino exploit kit
This blog post was written by Martijn Grooten and Adrian Luca. Like every summer, millions of prospective students around the world have been taking entry exams for the university courses they want to attend. Imagine how horrible it would be if those students, after visiting the website of their university of choice, suddenly found all…
-
To make Tor work better on the web, we need to be honest about it
If you regularly browse the web through the Tor network, you will have noticed that many websites are either inaccessible, or have strong barriers (in the form of difficult CAPTCHAs) put in front of them. In a blog post , ‘The Trouble with Tor’, CloudFlare CEO Matthew Prince, whose company is responsible for many of…
-
Compromised site serves Nuclear exploit kit together with fake BSOD
Support scammers not lying about a malware infection for a change. During our work on the development of the VBWeb tests, which will be started soon, we came across an interesting case of an infected website that served not only the Nuclear exploit kit, but also a fake blue screen of death (BSOD) that attempted…