Mobile Ransomware: How to Protect Against It
In our previous post, we looked at how malware can lock devices, as well as the scare tactics used to convince victims to pay the ransom. Now that we know what bad guys can do, we’ll discuss the detection and mitigation techniques that security vendors can use to stop them. By sharing these details with other […] more…IT threat evolution Q3 2016. Statistics
Download the full report (PDF) Statistics All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide […] more…The Last Key on The Ring – Server Solutions to Ransomware
This entry is the last part of a four-part blog series discussing the different techniques ransomware uses to affect users and organizations. These techniques show that the best way to mitigate the risks brought about by this threat is to implement multiple layers of protection in different aspects of an enterprise network: from the gateway, […] more…New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files
Like a game of cat and mouse, the perpetrators behind the Locky ransomware had updated their arsenal yet again with a new tactic—using Windows Scripting File (WSF) for the arrival method. WSF is a file that allows the combination of multiple scripting languages within a single file. Using WSF makes the detection and analysis of ransomware challenging […] more…KSN Report: Mobile ransomware in 2014-2016
Part 1. KSN Report: PC ransomware in 2014-2016 Download PDF version Statistics The activity of mobile ransomware, although not as widely covered in the media as PC ransomware, also skyrocketed over the period covered by this report. Especially in the second half. Fig. 12: The number of users encountering mobile ransomware at least once in […] more…Will CryptXXX Replace TeslaCrypt After Ransomware Shakedown?
by Jaaziel Carlos, Anthony Melgarejo, Rhena Inocencio, and Joseph C. Chen The departure of TeslaCrypt from the ransomware circle has gone and made waves in the cybercriminal world. Bad guys appear to be jumping ships in hopes of getting a chunk out of the share that was previously owned by TeslaCrypt. In line with this recent […] more…Will CryptXXX Replace TeslaCrypt After Ransomware Shakeup?
by Jaaziel Carlos, Anthony Melgarejo, Rhena Inocencio, and Joseph C. Chen The departure of TeslaCrypt from the ransomware circle has gone and made waves in the cybercriminal world. Bad guys appear to be jumping ships in hopes of getting a chunk out of the share that was previously owned by TeslaCrypt. In line with this recent […] more…Without a Trace: Fileless Malware Spotted in the Wild
Improvements in security file scanners are causing malware authors to deviate from the traditional malware installation routine. It’s no longer enough for malware to rely on dropping copies of themselves to a location specified in the malware code and using persistence tactics like setting up an autostart feature to ensure that they continue to run. […] more…Simda’s Hide and Seek: Grown-up Games
On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime […] more…CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Files
We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These “quarantined” files are appended by a *.VAULT file extension, an antivirus software service that keeps any deleted files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to […] more…Repackaging HTML5 Apps into Android Malware
Predictably, with the finalization of HTML5 standard by World Wide Web Consortium (W3C) last October, there will be a rapid growth of new HTML5 web apps coming out in the near future. Considering the platform independent characteristic in web apps, we foresee that HTML5 will accelerate the repackaging from web apps to mobile apps for […] more…CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game
Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe’s advisory describes this vulnerability as a “de-referenced memory pointer that could lead to code execution.” Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit […] more…A Twitch of Fate: Gamers Shamelessly Wiped Clean
Twitch.tv is a video gaming focused live streaming platform. It has more than 50 million viewers and was acquired by Amazon.com in August for nearly a billion dollars. We recently received a report from a concerned user about malware that is being advertised via Twitch’s chat feature. A Twitch-bot account bombards channels and invites viewers […] more…BANKER Malware Hosted In Compromised Brazilian Government Sites
Two Brazilian government websites have been compromised and used to serve malware since April 24. We spotted a total of 11 unique malware files being distributed from these sites, with filenames that usually include “update”, “upgrade”, “Adobe”, “FlashPlayer” or combinations thereof. Besides the different filenames, these samples also have different domains where they can connect to […] more…How to Protect Your Devices from a Fast Spreading Java Virus
Last week, a new security issue surfaced for a popular programming language known as Java. This Java security issue is classified as a zero-day threat, and it spreads malicious files to unprotected computers. A zero-day threat is an attack that exploits a previously unknown vulnerability in a computer application (in this case Java), which means that the attack […] more…Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript plus 20 other security fixes
We’ve known for some time now that Firefox 18 would bring some significant speed improvements to Mozilla’s popular browser, and the final version—released today—made good on that promise officially. In fact, a new JavaScript compiler in the software is delivering performance improvements of up to 25 percent on Web apps and games, Mozilla says. Tags: […] more…More information
- 4 tech nightmares keeping IT leaders up at night
- Microsoft, Intel and Goldman Sachs Lead New Supply Chain Security Initiative
- Resolved: CPR Deployments for Workday
- DHS finds no tampering of Durham County election devices
- SAP Releases Five ‘Hot News’ Notes on March 2023 Patch Day
- Red Hat Confirms GitLab Instance Hack, Data Theft
- Facebook is not launching a "No Religion" or a "No Swearing" campaign
- Facebook takes steps to boost password recovery security
- 2012 Buyers Guide to Web Protection
- 5 excuses for doing nothing about computer security!