Threats

1123 articles

Log4Shell: critical vulnerability in Apache Log4j

Critical vulnerability in Apache Log4j library

Researchers discovered a critical vulnerability in Apache Log4j library, which scores perfect 10 out of 10 in CVSS. Here’s how to protect against it.

Businesses’ proxyware headache

Employees can install proxyware without their employer’s knowledge, introducing additional business cyberrisks.

Phishing in Netflix and beyond

We analyze some typical examples of phishing bait for movie streamers.

Fake LinkedIn notifications

We look at some examples of LinkedIn phishing and explain how everyone can avoid taking the bait.

Where does the Discord malware come from, what threats does it pose, and how can you shield yourself?

Malicious activity in Discord chats

In the wake of recent research, we talk about several scenarios that underlie malicious activity on Discord.

New tricks of the Trickbot Trojan

Over the past five years, the Trickbot banking Trojan has evolved into a multifunctional tool for cybercriminals.

Despite their entry-level functionality, feature phones can be dangerous, too. Here’s why

Dangerous feature phones

Just like many other modern devices, seemingly “dumb” feature phones are much smarter than you might think. And this may be a problem.

FinSpy (aka FinFisher) spyware infiltrates Windows, macOS, Linux, Android, and iOS devices, spying on users.

FinSpy: the ultimate spying tool

FinSpy spyware targets Android, iOS, macOS, Windows, and Linux users. Here’s what it can do and how to stay protected.

Google patches three vulnerabilities in Chrome. CVE-2021-37975 and CVE-2021-37976 are actively exploited. CVE-2021-37974 is also dangerous

Three vulnerabilities in Google Chrome

Google released an update that patches three dangerous vulnerabilities in Google Chrome. Update your browser right away!

Spook.js, a scary bedtime story

How Spook.js, the first practical Spectre-based attack, works.

The BloodyStealer virus and gamer accounts on the dark web

BloodyStealer is hunting for gamers

Gamer accounts are in demand on the underground market. Proof positive is BloodyStealer, which steals account data from popular gaming stores.

Router protection for MikroTik users

To protect MikroTik routers from the Mēris botnet, or to clean a previously infected router, users should update RouterOS and check settings.

Scammers send fake transfer notifications to users of the Luno cryptocurrency exchange, lure them to a fake page and hijack their accounts

Cryptophishing on the Luno exchange

Scammers are sending fake transfer receipt notifications to Luno cryptoexchange users and stealing their credentials.

Five practical tips how to avoid file-encrypting infection and protect yourself from ransomers

Five tips for protecting yourself from ransomware

Guard against ransomers who encrypt your files and demand payment for their safe return.

FMWhatsApp mod for WhatsApp downloads Trojans

One version of popular WhatsApp mod FMWhatsApp uses an infected advertising module that downloads Trojans to smartphones.

The dangers of pirated games

Adware, Trojans, and other malware aren’t the only reasons not to download illegal games.

Cybercriminal services are getting Instagram profiles banned. Here's how to protect your account

Instagram ban attacks block users for no reason

Cybercriminals are offering ban-as-a-service for blocking Instagram users.

We’ve discovered several waves of fake purchase confirmation e-mails that prod the recipient to make a phone call to the scammers

Spam mail with vishing numbers

Received a confirmation e-mail for a purchase you didn’t make with a phone number to contact the company? Beware, it’s vishing.

Banking Trojans in a business wrapper

Spammers are using malicious macros to distribute IcedID and Qbot banking malware in seemingly important documents.

Vishing is phishing using voice calls. We explain why vishing has become the most common type of fraud and how you can protect yourself.

Phishing returns to its roots

How scammers use voice calls for phishing.

Scammers have been using a malicious script for the WeakAuras add-on to steal from World of Warcraft players.

A trick auction to steal gold in World of Warcraft

A malicious script in the WeakAuras add-on can eradicate several days of farming in WoW Classic in a second.

Privacy & Kids