Sigma rules for Linux and MacOS
TLDR: VT Crowdsourced Sigma rules will now also match suspicious activity for macOS and Linux binaries, in addition to Windows. We recently discussed how to maximize the value of Sigma rules by easily converting them to YARA Livehunts. Unfortunately, at that time Sigma rules were only matched against Windows binaries. Since then, our engineering team […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Exposing Modular Adware: How DealPly, IsErIk, and ManageX Persist in Systems
By RonJay Caragay, Fe Cureg, Ian Lagrazon, Erika Mendoza, and Jay Yaneza (Threats Analysts) Adware isn’t new and they don’t spark much interest. A lot of them are overlooked and underestimated because they’re not supposed to cause harm — as its name suggests, adware is advertising-supported software. However, we have constantly observed suspicious activities caused […] more…Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
The Android banking trojan Geost was first revealed in a research by Sebastian García, Maria Jose Erquiaga and Anna Shirokova from the Stratosphere Laboratory. They detected the trojan by monitoring HtBot malicious proxy network. The botnet targets Russian banks, with the victim count at over 800,000 users at the time the study was published in […] more…Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence
Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-py Ten years ago, VirusTotal launched VT Intelligence; a critical component of VT Enterprise which offers users the capability to search over VirusTotal’s dataset using advanced search modifiers. VT Intelligence allows security professionals to pinpoint malware based on its structural, behavioural, binary, metadata, etc. properties to uncover entire threat campaigns. For example, the following […] more…Cyberthreats to financial institutions 2020: Overview and predictions
Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovered Multi-factor authentication (MFA) and biometric challenges Targeted attack groups specializing in financial institutions: splitting and globalization ATM malware becomes […] more…New Android Malware Found in 144 GooglePlay Apps
McAfee’s Mobile Research team has found a new Android malware in 144 “Trojanized” applications on Google Play. We named this threat Grabos because we found this string in several elements of the code, including variable and method names. Grabos was initially found in the Android application “Aristotle Music audio player 2017,” which claimed to be […] more…Flash Pack Exploit Leads to New Family of Malware
We have been continuously monitoring the FlashPack exploit, especially with the recent attack which affected Japanese users. We recently looked at our Smart Protection Network feedback and found in a new development that majority of the infected systems of FlashPack exploit came from the U.S. Figure 1. Top infected countries for the FlashPack exploit (based on feedback […] more…More information
- iOS 13 Bug Gives Third-Party Keyboards "Full Access" Permissions
- Apple users: Try these five tips for better Mac security
- Virtual Event Today: 2023 Cloud & Data Security Summit
- Microsoft’s Anti-Hacking Efforts Make it an Internet Cop
- Ransomware-hit hospital faces second demand despite paying up
- Meta debuts Horizon OS, with Asus, Lenovo, and Microsoft on board
- Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow Vulnerability
- Malicious Firmware Found on Hundreds of Cisco Routers
- JetBrains Patches Critical Authentication Bypass in TeamCity
- Smart speakers mistakenly eavesdrop up to 19 times a day