The GHOST in the machine – 60 Sec Security [VIDEO]
Here’s our weekly one-minute security video. Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy… more…Threat Hunting with VirusTotal
We recently conducted our first “Hunting with VirusTotal” open training session, providing some ideas on how to use VT Intelligence to hunt for in-the-wild examples of modern malware and infamous APT campaigns. In case you missed it, here you can find the video recording available on Brighttalk. We also created a PDF version of the […] more…Targeted Malware Reverse Engineering Workshop follow-up. Part 1
On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global Research & Analysis Team (GReAT), who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReAT’s own Dan Demeter. Ivan demonstrated how to strip the obfuscation from the recently discovered […] more…What Parents Need to Know About Live-Stream Gaming Sites Like Twitch
Clash of Clans, Runescape, Fortnite, Counter Strike, Battlefield V, and Dota 2. While these titles may not mean much to those outside of the video gaming world, they are just a few of the wildly popular games thousands of players are live streaming to viewers worldwide this very minute. However, with all the endless hours […] more…Apple patch out, Fake support bust, Liquor store leak – 60 Sec Security [VIDEO]
How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak? Find out in 60 Second Security. the security news video that only takes a minute… more…Deception at scale: How attackers abuse governmental infrastructure
Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How attackers abuse governmental infrastructure” report. Here are some of the main ideas presented there: Governmental domains are among the top categories used […] more…Cisco Patches Wormable, Zero-Click Vulnerability in Jabber
Three months after addressing a critical flaw in Jabber for Windows, Cisco released patches for a similar vulnerability in the video conferencing and instant messaging client. read more more…IoT Lockdown: Ways to Secure Your Family’s Digital Home and Lifestyle
If you took an inventory of your digital possessions chances are, most of your life — everything from phones to toys, to wearables, to appliances — has wholly transitioned from analog to digital (rotary to wireless). What you may not realize is that with this dramatic transition, comes a fair amount of risk. Privacy for Progress With […] more…Leaks in logfiles, malware on Macs and Korean credit compromise – 60 Sec Security [VIDEO]
Leaky logic leaves logins loose in logfiles; mendacious mails menace Macs with Mavericks malware, and criminal contractor compromises Korean credit company! 60 Sec Security – 25 Jan 2014… more…IT threat evolution Q3 2021
IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, we discovered a newer version. It contains […] more…Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
By Jessie Huang (Mobile Threats Analyst) We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones; the video below shows […] more…Smarter Clicks: 5 Tips to Help Your Family Avoid Risky Cyber Search Traps
Searching the internet has become as much a part of daily life as pouring that first cup of coffee each morning. We rely on it, we expect it to deliver, and often, we do it without much thought. McAfee’s annual Most Dangerous Celebrity list gives us a chance to hit pause on our habits and […] more…Uncovering Hidden Threats with VirusTotal Code Insight
In the constantly changing world of cybersecurity, generative AI is becoming an increasingly valuable tool. This blog post shows various examples that elude traditional detection engines yet are adeptly unveiled by Code Insight. We explore diverse scenarios, ranging from firmware patches in DJI drones that disable red flight lights, to the covert theft of WhatsApp […] more…Detection evasion in CLR and tips on how to detect such attacks
In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks (and ethical offensive exercises) use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called githubification is driving attackers’ costs down and reshaping the focus from malware […] more…Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
By: Ecular Xu and Grey Guo (Mobile Threats Analysts) We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are […] more…Fortnite: Why Kids Love It and What Parents Need to Know
Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend […] more…More information
- A phishing tale about the one that got away
- 2 Comedians You Should Watch on YouTube This Week
- Microsoft Windows Kernel CVE-2019-1472 Local Information Disclosure Vulnerability
- HP warning of remotely exploitable Laser Printer bug
- SAP Updates Four Hot News Notes on November 2019 Patch Day
- RadioShack presses ahead plan for sale of customer data
- Passwords have a decade of life left in them, survey shows
- Cyber Attack Warning for London Olympics 2012
- Hackers claim to steal 110,000 SSNs from Tenn. school system
- How to Book Your Next Holiday Online and NOT Get Scammed