BetaNews: Over one million phishing websites are created every month . “Every month, almost 1.5 million new phishing websites are created. This is according to a new report by Webroot, showing just how big of an industry phishing really is. The Webroot Quarterly Threat Trends Report says that 1.385 million new phishing sites are created every month. May was the busiest of them all, with 2.3 million sites created.”
Ars Technica: CCleaner malware outbreak is much worse than it first appeared. “The recent CCleaner malware outbreak is much worse than it initially appeared, according to newly unearthed evidence. That evidence shows that the CCleaner malware infected at least 20 computers from a carefully selected list of high-profile technology companies with a mysterious payload.”
Bleeping Computer: Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs. “The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today’s top five browsers, finding most bugs in Apple’s Safari. The tool — named Domato — is a fuzzer, a security testing toolkit that feeds a software application with random data and analyzes the output for abnormalities. Google engineer Ivan Fratric created Domato with the goal of fuzzing DOM engines, the browser components that read HTML code and organize it into the DOM (Document Object Model), which is then ‘painted’ and displayed inside the browser window that human users view on their screens.” Just keep in mind that the test was run by Google.
Wired: How Malware Keeps Sneaking Past Google Play’s Defenses. “THE STANDARD ADVICE for Android users to avoid downloading malicious apps is simple: Only get apps from the official Google Play Store. Unlike third-party app stores that are generally difficult to vet and validate, Google Play has built-in mechanisms to screen every app for malware, ransomware, and assorted sketchiness. So why, then, has so much malware slipped through lately?”
Ottawa Citizen: Google is linking secret, court-protected names – including victim IDs – to online coverage. “Google’s powerful search engine is defeating some court-ordered publication bans in Canada and undermining efforts to protect young offenders and victims. Computer experts believe it’s an unintended, ‘mind-boggling’ consequence of Google search algorithms.” Please read the entire story. It’s a bit terrifying.
The Register: More data lost or stolen in first half of 2017 than the whole of last year. “More data records were leaked or stolen by miscreants during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion). Digital security company Gemalto’s Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are exposed or swiped every day.”
CNET: Equifax sends breach victims to fake support site. “Now Equifax knows what it’s like to have its identity stolen. The credit monitoring company has been tweeting out a link to victims of its massive breach that’s actually a fake support page set up to look exactly like its own. The real Equifax support URL is equifaxsecurity2017.com. But since Sept. 9, two days after the breach was announced, Equifax has also been tweeting out the spoof page at securityequifax2017.com.” Absolutely mindbending.