Encrypting all HTTP traffic has long been considered a key security goal, but there have been two key obstacles to this. First, certificates are not free and many owners are unwilling to pay; secondly the certificates themselves are not always something that could be set up by a site owner. The Let’s Encrypt project was…Read More
Joseph C Chen
The blog page of one of the leading media sites in the United Kingdom, “The Independent” has been compromised, which may put its millions of readers at risk of getting infected with ransomware. We have already informed The Independent about this security incident and are working with them to contain the situation. For their part, the news website staff was quick to respond and take action to mitigate the risk this event posed to the website itself and its user base.Read More
Malvertising and exploit kits work hand-in-hand – and are an amazingly effective threat that keeps victimizing users over and over again. The latest victim? Users in Japan.
Since the start of September, almost half a million users have been exposed to a malvertising campaign powered by the Angler exploit kit. This particular attack was highly targeted towards users in Japan. At the height of this campaign, almost 100,000 users saw the malvertisements per day.To make these ads essentially impossible to distinguish from real ones, the attackers used copies of the banners used by legitimate ads for their own malicious advertising.Read More
A recent campaign compromised Taiwan and Hong Kong sites to deliver Flash exploits related to Hacking Team and eventually download PoisonIvy and other payloads in user systems. This campaign started on July 9, a few days after the Hacking Team announced it was hacked. The actors compromised the sites of a local television network, educational…Read More
MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States,…Read More