The GHOST in the machine – 60 Sec Security [VIDEO]
Here’s our weekly one-minute security video. Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy… more…Apple patch out, Fake support bust, Liquor store leak – 60 Sec Security [VIDEO]
How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak? Find out in 60 Second Security. the security news video that only takes a minute… more…Leaks in logfiles, malware on Macs and Korean credit compromise – 60 Sec Security [VIDEO]
Leaky logic leaves logins loose in logfiles; mendacious mails menace Macs with Mavericks malware, and criminal contractor compromises Korean credit company! 60 Sec Security – 25 Jan 2014… more…IT threat evolution Q3 2021
IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this threat actor in spring 2021, we discovered a newer version. It contains […] more…Detection evasion in CLR and tips on how to detect such attacks
In terms of costs, the age-old battle that pits attacker versus defender has become very one sided in recent years. Almost all modern attacks (and ethical offensive exercises) use Mimikatz, SharpHound, SeatBelt, Rubeus, GhostPack and other toolsets available to the community. This so-called githubification is driving attackers’ costs down and reshaping the focus from malware […] more…Targeted Malware Reverse Engineering Workshop follow-up. Part 1
On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global Research & Analysis Team (GReAT), who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReAT’s own Dan Demeter. Ivan demonstrated how to strip the obfuscation from the recently discovered […] more…Cisco Patches Wormable, Zero-Click Vulnerability in Jabber
Three months after addressing a critical flaw in Jabber for Windows, Cisco released patches for a similar vulnerability in the video conferencing and instant messaging client. read more more…Barcode Reader Apps on Google Play Found Using New Ad Fraud Technique
By Jessie Huang (Mobile Threats Analyst) We recently saw two barcode reader apps in Google Play, together downloaded more than a million times, that started showing unusual behavior (Trend Micro detects these as AndroidOS_HiddenAd.HRXJA). This includes behavior that can be seen even when the user is not actively using the phones; the video below shows […] more…Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East
By: Ecular Xu and Grey Guo (Mobile Threats Analysts) We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are […] more…What Parents Need to Know About Live-Stream Gaming Sites Like Twitch
Clash of Clans, Runescape, Fortnite, Counter Strike, Battlefield V, and Dota 2. While these titles may not mean much to those outside of the video gaming world, they are just a few of the wildly popular games thousands of players are live streaming to viewers worldwide this very minute. However, with all the endless hours […] more…IoT Lockdown: Ways to Secure Your Family’s Digital Home and Lifestyle
If you took an inventory of your digital possessions chances are, most of your life — everything from phones to toys, to wearables, to appliances — has wholly transitioned from analog to digital (rotary to wireless). What you may not realize is that with this dramatic transition, comes a fair amount of risk. Privacy for Progress With […] more…Smarter Clicks: 5 Tips to Help Your Family Avoid Risky Cyber Search Traps
Searching the internet has become as much a part of daily life as pouring that first cup of coffee each morning. We rely on it, we expect it to deliver, and often, we do it without much thought. McAfee’s annual Most Dangerous Celebrity list gives us a chance to hit pause on our habits and […] more…Fortnite: Why Kids Love It and What Parents Need to Know
Fortnite: Battle Royale is the hottest video game for kids right now. More than 125 million people have downloaded the game and it’s estimated that 3.4 million play it monthly. But while the last-man-standing battle game is a blast to play, it also has parents asking a lot of questions as their kids spend […] more…Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
by Lenart Bermejo and Ronnie Giagone (Threats Analysts) We came across a new version of a cryptocurrency-mining RETADUP worm (detected by Trend Micro as WORM_RETADUP.G) through feedback from our managed detection and response-related monitoring. This new variant is coded in AutoHotKey, an open-source scripting language used in Windows for creating hotkeys (i.e., keyboard shortcuts, macros, […] more…Unraveling the Lamberts Toolkit
Yesterday, our colleagues from Symantec published their analysis of Longhorn, an advanced threat actor that can be easily compared with Regin, ProjectSauron, Equation or Duqu2 in terms of its complexity. Longhorn, which we internally refer to as “The Lamberts”, first came to the attention of the ITSec community in 2014, when our colleagues from FireEye […] more…Cybersecurity skills aren’t taught in college
Cybersecurity is a growing concern across the globe and businesses are eager to build secure products and keep corporate data safe. The only problem is that cybersecurity is a relatively new skill, and there just aren’t enough qualified candidates to go around. When Intel and the Center for Strategic and International Studies (CSIS) surveyed 775 […] more…More information
- Apple-FBI Encryption Showdown Postponed, for Now
- Survey Examines Cybersecurity Perception in U.S.
- Dutch Government Pauses Coronavirus App Over Data Leak Fears
- Update: explorer.pass.psu.edu Web Server Upgrade – August 17
- XSS, SQLi Flaws Found in Network Management Systems
- Instagram begins rolling out two-factor authentication
- The Ultimate CyberParenting Hack – Managing Your Family’s Cybersafety with the help of your Wi-Fi Router!
- Fake BBC site disappears after bogus story on Charlie Hebdo
- Blizzard confirms developer named in lawsuit was removed for “misconduct”
- Security threats accelerated by connected cars