Flash Player is Dead, Long Live Flash Player! (Krebs on Security, Aug 02 2017)
Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple, Facebook, Google, Microsoft and Mozilla. But don’t break out the bubbly just yet: Adobe says Flash won’t be put down officially until 2020….
After phishing attacks, Chrome extensions push adware to millions (security – Ars Technica, Aug 03 2017)
Compromised accounts push fraudulent extension updates to unsuspecting users….
Data Breach Trends (ASIS Security Management, Aug 04 2017)
A opinion on the Verizon DBIR and breach trends: “It’s somewhat frustrating in the world of cybersecurity because it means that we’ve given up… and our only hope is that by the time [the hacker] gets the sensitive information and figures out what it is, it will no longer be that sensitive,” Vaystikh adds….
Attackers Use Typo-Squatting To Steal npm Credentials (Threatpost | The first stop for security news, Aug 04 2017)
Nothing new, but it’s interesting that it still happens: “Criminals used a typo-squatting technique and uploaded rogue JavaScript libraries to a popular code repository npm.”…
TwoFace Webshell: Persistent Access Point for Lateral Movement (Palo Alto Networks Blog, Aug 05 2017)
Unit 42 uncovers TwoFace: a two-layered webshell used to remotely access the network of a targetd organization in the Middle East….
Latest Intelligence for July 2017 (Symantec Security Response, Aug 05 2017)
Email malware rate continues to increase and WannaCry, Petya inspire other threats to add self-spreading components….
Hackers are making their malware more powerful by copying WannaCry and Petya ransomware tricks | ZDNet (ZDNet, Aug 05 2017)
The group behind Trickbot is attempting to give its Trojan malware the self-spreading worm-like capabilities that have made recent ransomware attacks go global….
WannaCry researcher denies creating banking malware at court hearing (ZDNet, Aug 04 2017)
A security researcher who helped curb a global outbreak of the WannaCry ransomware earlier this year has told a court he is not guilty of charges of allegedly creating a notorious banking malware….