Tag Archive for: Website

Toymaker’s website pushes ransomware that holds visitors’ files hostage

/in

Enlarge (credit: Malwarebytes)

The website belonging to Maisto International, a popular maker of remote-controlled toy vehicles, has been caught pushing ransomware that holds visitors’ files hostage until they pay a hefty fee.

Malicious files provided by the Angler exploit kit were hosted directly on the homepage of Maisto[.]com, according to antivirus provider Malwarebytes. The attack code exploits vulnerabilities in older versions of applications such as Adobe Flash, Oracle Java, Silverlight, and Internet Explorer. People who visit Maisto[.]com with machines that haven’t received the latest updates are surreptitiously infected with the CryptXXX ransomware. Fortunately for victims in this case, researchers from Kaspersky Lab recently uncovered a weakness in the app that allows users to recover their files without paying the extortion demand. People infected with ransomware in other drive-by attacks haven’t been so lucky.

After discovering the infection of the Maisto homepage, Malwarebytes Senior Security Researcher Jerome Segura used this tool from website security firm Sucuri. It detected that Maisto was running an out-of-date version of the Joomla content management system, which is presumed to be the way attackers were able to load the malicious payloads on the homepage.

Read 4 remaining paragraphs | Comments

Technology Lab – Ars Technica

Millions more adult and dating website accounts for sale on dark web

/in

A hacker on a dark web forum was offering 3.7 million email address and hashed passwords stolen from the porn site Naughty America for $ 300.
Naked Security – Sophos

Symantec partners with hosting providers to offer free TLS certificates to website owners

/in

Symantec wants to see the encrypted Web grow and will offer free basic SSL/TLS certificates to domain owners through Web hosting companies that join its new Encryption Everywhere program.

The company has already signed partnerships with more than ten hosting providers, including InterNetX, CertCenter, Hostpoint and Zoned in Europe, and is close to finalizing deals with ten others. The customers of those companies will receive a basic website encryption package that includes a standard TLS certificate valid for one year.

Depending on their needs, customers will also be able to opt for paid premium packages that include extended validation (EV) certificates or wildcard certificates that are valid for multiple websites hosted on different subdomains.

To read this article in full or to leave a comment, please click here

Network World Security