Top IT Security Bloggers

  • Equifax or Equiphish?

    Krebs on Security
    More than a week after it said most people would be eligible to enroll in a free year of its TrustedID identity theft monitoring service, big three consumer credit bureau Equifax has begun sending out email notifications to people who were able to take the company up on its offer. But in yet another security stumble, the company appears to be training recipients to fall for phishing scams.
  • Adobe security team posts public key – together with private key

    Sophos - Naked Security
    If you generate an encryption keypair and you get a public key and a private key, which one do you think you should keep to yourself?
  • Tracking phones without a warrant ruled unconstitutional

    Sophos - Naked Security
    'Stingray use without a warrant violates 4th Amendment'
  • Cryptomining or online ads – which one floats your boat? [VIDEO]

    Sophos - Naked Security
    Is cryptomining in the background better than ads in the foreground as a way of earning money to "pay" for free sites?
  • News in brief: DDoS threat spam; Army logic bomber; Viacom leak

    Sophos - Naked Security
    Your daily round-up of some of the other stories in the news
  • Using infrared cameras to break out of air-gapped networks

    Sophos - Naked Security
    Invisible data exfiltration from isolated networks
  • EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner

    TrendLabs - Malware Blog
    We’ve uncovered the notorious EITest campaign delivering a JavaScript (JS) cryptocurrency miner (detected by Trend Micro as HKTL_COINMINE) using tech support scams as a social engineering lure. These are fraud activities impersonating legitimate technical support services, conning unwitting victims to avail/pay for these services (or hand out financial data), by scaring them that their machine has been infected with malware, for instance.
    The EITest campaign’s main arsenal is compromised websites. Its activity can be traced to as early as 2014 and once used the Angler exploit kit to deliver ransomware. Starting January 2017, it has eschewed exploit kits in favor of “HoeflerText” (a popular font) phishing attacks or  . In a month, we identified 990 compromised websites injected with a malicious script that diverts the would-be victim to a website related to the tech support scam. Of late, though, the campaign has added the Coinhive JS miner into ongoing attacks, turning the victim’s computer into a Monero cryptocurrency miner. Analysis also revealed that this JS cryptocurrency miner is the same “Coinhive” JS miner found embedded in The Pirate Bay’s website.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner
  • EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner

    Trend Micro - Security Intelligence
    We’ve uncovered the notorious EITest campaign delivering a JavaScript (JS) cryptocurrency miner (detected by Trend Micro as HKTL_COINMINE) using tech support scams as a social engineering lure. These are fraud activities impersonating legitimate technical support services, conning unwitting victims to avail/pay for these services (or hand out financial data), by scaring them that their machine has been infected with malware, for instance.
    The EITest campaign’s main arsenal is compromised websites. Its activity can be traced to as early as 2014 and once used the Angler exploit kit to deliver ransomware. Starting January 2017, it has eschewed exploit kits in favor of “HoeflerText” (a popular font) phishing attacks or  . In a month, we identified 990 compromised websites injected with a malicious script that diverts the would-be victim to a website related to the tech support scam. Of late, though, the campaign has added the Coinhive JS miner into ongoing attacks, turning the victim’s computer into a Monero cryptocurrency miner. Analysis also revealed that this JS cryptocurrency miner is the same “Coinhive” JS miner found embedded in The Pirate Bay’s website.
    Post from: Trendlabs Security Intelligence Blog - by Trend Micro
    EITest Campaign Uses Tech Support Scams to Deliver Coinhive’s Monero Miner
  • TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 18, 2017

    Trend Micro - Cloud Security Blog
    The Morton Salt slogan “When it rains it pours” refers to its free flowing salt with a pouring spot and is a variation of the proverb “It never rains but it pours.” Unfortunately, Mother Nature has taken the proverb literally. This has been a devastating hurricane season for the United States and surrounding countries in...
  • This Week in Security News

    Trend Micro - Cloud Security Blog
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back each Friday for...

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place