Threat Advisory

WordPress Yuzo Plugin Becomes Scamming Tool

WordPress Yuzo Plugin Becomes Scamming Tool

The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day.   The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild....
Continue Reading
phishing scams

Scammers hacked Google Calendar users using sophisticated phishing attacks

Scammers are abusing the Google Calendar feature using a sophisticated phishing scams to steal data of 1.5 billion users of Google Calendar, including Gmail users.It was observed recently that there were multiple cases of a sophisticated phishing scams targeting consumers through unsolicited Google Calendar notifications with the purpose of tricking users into sharing their personal...
Continue Reading
Phishing Attack

Unorthodox Phishing Attack Aimed at Financial Employees in US and UK

A recently discovered phishing campaign has been targeting financial sector employees in the U.S. and UK with remote access trojan payloads stored on a Google Cloud Storage domain.   Researchers that the campaign seeks to infect PCs and other endpoints by tricking victims into clicking on malicious links that lead to .zip or .gz archive...
Continue Reading
NoKor Hacking Group – Serious Threat to the Banking Sector

NoKor Hacking Group – Serious Threat to the Banking Sector

A North Korean-connected hacking group progressively is efforting banking-inspired assaults, proposing that digital heists are presently one of its primary exercises in the internet, as per another cyber security report.   The worldwide digital firm said in Thursday that the Lazarus Group is a threat to the banking industry area after it completed a progression...
Continue Reading
Banking malware detection

Lokibot: The Banking Trojan that hacked a hacker, now comes with the list of targeted banks

Last December we discussed a written article about a hacker getting hacked by a banking Trojan. The banking malware was identified as the Lokibot which was exploited by being used by different cybercriminals. The details are in the previous article https://www.izoologic.com/2018/12/27/hacker-just-got-hacked/ Can you fathom how critical it is when a hacker itself gets hacked? Now...
Continue Reading
Radisson Hotel Group Hacked

Radisson Hotel Group Hacked!

The Radisson Hotel Group is informing individuals from its Loyalty Scheme about an information rupture that may have brought about the unknowingly illegal presentation of their sensitive personal information. The illegally exposed data incorporates names, physical locations, email addresses, telephone numbers, Radisson Reward numbers and frequent flyer numbers and information of the individuals/members. The malicious...
Continue Reading
SMiShing Campaign

SMiShing Campaign Targeting Android Users using Fake Banking App

Another SMiShing effort has been seen in the wild, focusing on Spanish-talking clients and utilizing a phony Android Banking application. The phony application, called Movil Secure has just piled on several downloads in a time of only six days.   As indicated by security firm specialists, who found the new battle, the phony Movil Security...
Continue Reading
Firefox Monitor

Has that website been pwned? Firefox Monitor will tell you

Firefox Monitor, a breach warning site propelled by Mozilla in September, would now be able to convey cautions from inside Firefox program.  When the service goes live in the coming weeks, Firefox users running version 62 and later will see a symbol show up in the location bar when they visit a known breach site....
Continue Reading
Chegg Data Breach – Password Resets for 40 Million Users

Chegg Data Breach – Password Resets for 40 Million Users

Chegg, an education technology company, reportedly suffered a massive data breach a few months ago. The incident, however, remained hidden as the company didn’t notice the hack previously. Nonetheless, recently, an Education Technology Consultant and Tech Blogger, Phil Hill, stumbled upon an 8-K form filed with the SEC (Securities and Exchange Commission) that made him...
Continue Reading
1 2 3 6