Cybercrime, domestic routers hijacked to spread coronavirus malware
Cyber security experts: DNS settings are changed to show victims WHO fake APP on COVID-19. This installs the Oski trojan which exfiltrates the victim's data.
Cyber Security: Update Chrome now, you will block AZORult
KELA experts: the AES-256 algorithm inhibits the ability of malware to extract passwords from the browser. This is also confirmed by the contraction of data on Genesis, the cybercrime shop.
WordPress, 13 plugins are vulnerable to XSS attacks
Cyber Security Experts: PoCs are also in circulation, allowing to easily exploit the flaws. Update your sites now!
Cybercrime, ongoing phishing campaign uses WeTransfer as bait
Cyber security experts: the lure is a false order and the goal is to make victims open a fake page of the service to steal their credentials.
WordPress, flaw on the WP Client and WP Time Capsule plugins
WebARX cyber security researchers: bugs in authentication logic allow this to be bypassed and administrator access without the need for valid credentials.
Greta Thunberg used as a bait by cybercrime to spread Emotet
CertPa cyber security experts: A malware campaign is underway with spear phishing attacks on the occasion of Christmas. Proofpoint: They also target .edu domains.
Cybercrime, wave of spam in the EU with RTF documents armed with malware
Microsoft cyber security experts: the goal is to spread a backdoor Trojan, exploiting an old vulnerability. Probably there will be new malspam campaigns with same characteristics.