Crooks behind the revamped CryptXXX 3.100 ransomware have switched its distribution from the Angler Exploit Kit to the Neutrino Exploit Kit. The sudden change in distribution was spotted on Monday by researchers at the SANS Internet Storm Center. “This is not the first time we’ve seen campaigns associated with ransomware switch between Angler EK and...

Officials at the University of Calgary admitted this week that the school recently paid $20,000 CDN to rid its systems of ransomware that hampered productivity for 10 days. Linda Dalgetty, the school’s VP of Finance and Services, acknowledged via press release on Wednesday that the school paid the ransom, which translates to roughly $15,756 USD, to maintain...

Attackers have found a new way to exploit the Widows Background Intelligent Transfer Service (BITS) which is being used to infect and reinfect targeted PCs with malware even after the initial infection has been removed. According to security researchers at Dell SecureWorks, attackers are exploiting a lesser-known BITS “notification” feature. The feature allows attackers to create a...

D-Link is wrestling with a vulnerability in its DCS­930L Wi-Fi camera that was privately disclosed by security company Senrio. The flaw exposes the cameras to remote code execution, a Senrio report says. CEO Stephen Ridley told Threatpost that his company is working with D-Link on remediation. D-Link, meanwhile, said in a statement emailed to Threatpost:...

Mozilla fixed 13 security issues, including two critical vulnerabilities that could have led to spoofing and clickjacking, among other issues, when it updated Firefox to the latest build, Firefox 47, this week. One of the issues, a buffer overflow, could have resulted in a potentially exploitable crash according to an advisory published by the company on Tuesday....

It was June 2012 when Dale Meredith was shopping online for a BBQ grill for Father’s Day and found one at Sears.com. The only snag, he had to create a username and password to buy it. That irked him. He was annoyed because it was literally the hundredth-plus service—including his local newspaper, home router, and...

Google said that it will initiate on June 16 a gradual deprecation of SSLv3 and RC4 for Gmail IMAP/POP mail clients. Both the crypto protocols cipher are notoriously unsafe and are being phased out in big chunks of the Internet. Google, for its part, had already announced in May that it would no longer support...

A recent Internet scan threw a bucket of cold water on the notion that wonky, unsecured services have been significantly reduced from the Internet. “Today’s Internet in 2016 looks like the 1996 Internet, which is a little depressing,” said Rapid7 security research manager Tod Beardsley. Beardsley and colleagues Bob Rudis and Jon Hart today published...

Ridesharing company Uber recently patched a vulnerability in its site that could have allowed an attacker to log into some “.uber.com” sites without a password and further compromise its internal network. Uber awarded Finnish security researcher Jouko Pynnönen $10,000 for discovering the flaw last month, equalling the highest bounty the company has paid out since it launched the...

Facebook has patched a vulnerability in the desktop and mobile versions of its Messenger app that allows an attacker to access and modify chats, exposing the victim to potential fraud and malware. Researchers at Check Point Software Technologies privately disclosed the issue May 2 to Facebook, which patched it two weeks later. The flaw, Check...