dcsimg

Caution: Misuse of security tools can turn against you

We have a saying in Greece: “They assigned the wolf to watch over the sheep.” In a security context, this is a word of caution about making sure the tools we use to keep our information private don’t actually cause the data leaks themselves. In this article, I will be talking about some cases that I have come across in which security tools have leaked data they were intended … [Read more...]

Adware and PUPs families add push notifications as an attack vector

Some existing families of potentially unwanted programs and adware have added browser push notifications to their weapons arsenal. Offering themselves up as browser extensions on Chrome and Firefox, these threats pose as useful plugins then haggle users with notifications. A family of search hijackers The first I would like to discuss is a large family of Chrome extensions that were already … [Read more...]

Plugin vulnerabilities exploited in traffic monetization schemes

In their Website Hack Trend Report, web security company Sucuri noted that WordPress infections rose to 90 percent in 2018. One aspect of Content Management System (CMS) infections that is sometimes overlooked is that attackers not only go after the CMSes themselves—WordPress, Drupal, etc.—but also third-party plugins and themes. While plugins are useful in providing additional features for … [Read more...]