Cybercrime Week in Review 11 April 2015
FBI Warns of Fake Govt Sites, ISIS Defacements (KrebsonSecurity)
The Federal Bureau of Investigation (FBI) is warning that individuals sympathetic to the Islamic State of Iraq and al-Shams (ISIS) are mass-defacing Websites using known vulnerabilities in WordPress.
Security Advisory: Persistent XSS in WP-Super-Cache (SUCURI Blog)
During a routine audit for our Website Firewall (WAF), we discovered a dangerous Persistent XSS vulnerability affecting the very popular WP-Super-Cache plugin (more than a million active installs according to wordpress.org).
AwSnap! New Hack Can Crash Chrome Browsers of Mass Audiences (The Hacker News)
Few weeks back, we reported how a string of just 13 characters could cause your tab in Chrome to crash instantly. However, there was an exception that this special 13 characters string was only working on Mac OS X computers with no impact on Windows, Android, or iOS operating systems.
Linux Australia gets pwned, rooted, RATted and botted (naked security)
Linux Australia had a bit of a nightmare Easter Weekend. While the rest of us were loafing at the beach, the Penguinistas from Down Under were owning up to a pretty extensive cyberintrusion.
Cyber-crypto-criminal-cock-up. Little money and (probably) embarrassed Ransomware coding fail foils fraudsters (The Register)
A newly released crypto-ransomware strain has been broken, thus allowing victims — in over two out of three cases — to get back their data without paying.
Insider Breach Costs AT&T $25 Million FCC: Pilfered PII Could Be Used to Unlock Mobile Phones (BankInfoSecuirty)
AT&T is paying a hefty price – $25 million – for call center employees in Mexico, Colombia and the Philippines accessing personally identifiable information from some 278,000 customer accounts without authorization.
White Lodging Services confirms second payment card breach (CSO)
A large hotel management company has confirmed a second payment card breach in less than 14 months, underscoring the difficulties businesses are having with data thieves.
CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Files (Security Intelligence Blog)
We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files.