Microsoft has published a draft policy in which the company outlines what kinds of vulnerabilities it will patch and which vulnerabilities qualify for a bug bounty.
More on my blog at Forbes.
Author: Martijn
Almost two-thirds of financial institutions have yet to form threat hunting teams โ a growing necessity as the number of high-profile attacks rises.
Read more on Payment Source. (Note: subscription wall.)
Exchanges arenโt very transparent about their methods, but that in fact most handle such internal transactions exactly how regular banks have worked for centuries.
Read more on Payment Source. (Note: subscription wall.)
Google has made a subtle change to its Chrome browser, banning the inline installation of new extensions, thus making it harder for malware authors to trick users into unwittingly installing malicious extensions.
Read more on Virus Bulletin’s blog.
Rather than hooking into the browser process, BackSwap takes the place of the user and enters the same commands into the browser that a user would if they wanted to hack themselves.
Read more on Payment Source. (Note: subscription wall.)
Two major Canadian banks, Bank of Montreal and Simplii Financial, have become victims of hacks that affected some 50,000 and 40,000 customers respectively. Neither bank decided to pay the ransom by the hackers’ May 28 deadline.
Read more on Payment Source. (Note: subscription wall.)
The domain of the little-used SpamCannibal DNS blacklist had expired, resulting in it effectively listing every single IP address.
Read more on Virus Bulletin’s blog.
Researchers at IBM X-Force have discovered MnuBot, a banking trojan targeting users in Brazil, which is noteworthy for using SQL Server for command and control communication.
Read more on Virus Bulletin’s blog.
XMRig used in new macOS cryptominer
A new piece of cryptocurrency-mining malware on macOS has been found to use the popular XMRig miner.
Read more on Virus Bulletin’s blog.
CDN provider Cloudflare reports an increase in DDoS attacks targeting layer 7 and focusing on exhausting server resources rather than sending large volumes of data. This fits in a wider trend.
Read more on Virus Bulletin’s blog.