Starting in April security experts at FireEye spotted a massive uptick in Cerber ransomware attacks delivered via a rolling wave of spam. Researchers there link the Cerber outbreaks to the fact that attackers are now leveraging the same spam infrastructure credited for making the potent Dridex financial Trojan extremely dangerous. Cerber, which is best known...

News of yet another attack involving a bank and SWIFT, the financial network used by thousands of banks to transfer funds, came to light Thursday as investigators continue to probe a separate $81 million heist in February involving the network and the central bank of Bangladesh. The Brussels-based global financial messaging network notified users on...

Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes – two which rate as high severity. Google warned users of the vulnerabilities Wednesday as it released a new version, 50.0.2661.102, of the browser. The Chrome security holes were found by four bug bounty hunters as part of Google’s Chromium Project and...

Mozilla on Wednesday filed a motion with the U.S. District Court in Tacoma, Wa., asking the government to disclose a vulnerability it exploited in the Tor Browser and Firefox. The FBI used the zero-day to hack a child pornography site and de-anonymize users visiting the site using the Tor Browser. Mozilla’s motion asks that the...

More than 100 North American companies were attacked by crooks exploiting a Windows zero day vulnerability. The attacks began in early March and involved the zero day vulnerability (CVE-2016-0167) reported and partially fixed in April’s Patch Tuesday security bulletins by Microsoft. The zero day was found by researchers at FireEye, who on Tuesday disclosed details. FireEye said...

We all know outdated software, browsers, and plugins are unsafe, but how unsafe? Duo Labs has taken a hard look at the dangers of outdated software in a report released Tuesday that said 25 percent of business systems risk exposure to 700 possible vulnerabilities. The most insecure software, Duo reported, is Microsoft’s family of Internet Explorer browsers....

Bangladeshi police this week alleged that technicians associated with the financial network SWIFT introduced vulnerabilities that made it easier for hackers to infiltrate the systems of Bangladesh Bank and carry out a massive heist. Earlier this year hackers used stolen credentials to inject malware into the bank’s SWIFT, or the Society for Worldwide Interbank Financial Telecommunication,...

Two-year-old Bucbi ransomware is making a comeback, with new targeted attacks and a new brute force technique. Researchers at Palo Alto Networks said they spotted the ransomware recently infecting a Windows Server demanding a 5 bitcoins (or $2,320) ransom. Researchers report the ransomware is no longer randomly seeking victims, as it did two years ago, but...

Microsoft’s Security Intelligence Report painted a bleak picture when it comes to malware, fraudulent login attempts and the staying power of really old exploits. Key findings in the 198-page biannual report run the gamut illustrating how old threats die hard and what new threats are on the horizon. The report, released Thursday, analyzes the threat...

A new vulnerability has been discovered in Lenovo’s much-maligned Lenovo Solution Center (LSC) software. The vulnerability allows attackers with local network access to a PC to execute arbitrary code, said researchers at Trustwave SpiderLabs. The flaw allows an attacker to elevate privileges and is tied to the LSC application’s backend. It opens the door for a malicious attacker...