Mirai, BrickerBot, Hajime Attack a Common IoT Weakness
We know that devices in the Internet of Things make enticing targets for attack. They are often insecure and can act as open windows into trusted networks. Cybercriminals are capitalizing on that more and more each day, gathering hundreds of thousands of insecure IoT devices into giant botnets. Remember what happened last fall when Mirai […] more…Most Common Attacks Affecting Today’s Websites
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than they ever have in the past. This is a huge win for the World Wide Web and it’s a trend that is pushing technology further towards more robust and securely […] more…Rebots.php JavaScript Malware Being Actively Injected
Holy JavaScript malware, Batman! On August 11th we started seeing the Rebot JavaScript malware string injected on various websites. Since then, it has increased its appearances, and has variated the way it’s being included on the infected sites. When you visit a compromised site, it will attempt to load an additional JavaScript, like one of […] more…Actionable Threat Intel (II) – IoC Stream
Access to RELEVANT threat data is a recurring challenge highlighted by SOCs and CTI teams, at VirusTotal we want to help you understand your unique threat landscape. Indeed, tracking campaigns and threat actors in VirusTotal’s Threat Landscape module should be a smooth and simple experience. We are excited to announce that VirusTotal users can now […] more…AI boosts Code Language and File Format identification on VirusTotal
We are pleased to announce that VirusTotal has improved the identification of programming languages and file formats through the implementation of Generative AI (artificial intelligence). Historically, automating these tasks has been quite challenging, especially when it comes to certain scripting and plain text file formats. However, with the aid of Generative AI, we have expanded […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…How to Fix “There Has Been a Critical Error on Your Website” in WordPress
Critical errors on any system can be extremely frustrating. But if you’ve recently encountered the “There has been a critical error on your website” message on your WordPress site, don’t fret! In many cases, critical errors are the result of conflicts in plugins, theme files, or PHP related issues. This is one of the most […] more…VT Intelligence Cheat Sheet
Many of you asked for this, and today we are happy to announce the release of our VTI Cheat Sheet with hints and examples on the most useful VT Intelligence queries and modifiers. Instead of providing a list of already documented search modifiers, we created something more specific and close to the real life cases, […] more…Deception at scale: How attackers abuse governmental infrastructure
Continuing our initiative of sharing VirusTotal’s visibility to help researchers, security practitioners and the general public better understand the nature of malicious attacks, we are proud to announce our “Deception at scale: How attackers abuse governmental infrastructure” report. Here are some of the main ideas presented there: Governmental domains are among the top categories used […] more…ScarCruft surveilling North Korean defectors and human rights activists
The ScarCruft group (also known as APT37 or Temp.Reaper) is a nation-state sponsored APT actor we first reported in 2016. ScarCruft is known to target North Korean defectors, journalists who cover North Korea-related news and government organizations related to the Korean Peninsula, between others. Recently, we were approached by a news organization with a request […] more…Cyberthreats to financial organizations in 2022
First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make some forecasts about financial attacks in 2022. Analysis of forecasts for 2021 […] more…IT threat evolution Q2 2021
Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous “DLL side-loading triad”: a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload, generally dropped from a self-extracting archive. This was first thought to […] more…DDoS attacks in Q2 2021
News overview In terms of big news, Q2 2021 was relatively calm, but not completely eventless. For example, April saw the active distribution of a new DDoS botnet called Simps — the name under which it introduced itself to owners of infected devices. The malware creators promoted their brainchild on a specially set-up YouTube channel and Discord […] more…Lazarus targets defense industry with ThreatNeedle
Lazarus targets defense industry with ThreatNeedle (PDF) We named Lazarus the most active group of 2020. We’ve observed numerous activities by this notorious APT group targeting various industries. The group has changed target depending on the primary objective. Google TAG has recently published a post about a campaign by Lazarus targeting security researchers. After taking […] more…ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to “improve” them. Depending on the scope of changes and feature enhancements that are added to an existing web shell’s source code, these updates can be […] more…An overview of targeted attacks and APTs on Linux
Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, there’s a widely held opinion that Linux is a secure-by-default operating system that isn’t susceptible to malicious code. It’s certainly true that […] more…More information
- Big jump in traffic to The Pirate Bay following UK ISP ban
- User vote on Facebook privacy policies hasn’t stemmed criticism
- Armada Collective makes ransom demands on Greek banks: Report
- Java browser plugin to be sent to death row in September
- Twitter hauls spammers into court
- Cybersecurity to help businesses deliver digital growth strategies: Cisco
- The End of “Groundhog Day” for the Security in the Boardroom Discussion?
- FCC says TracFone and other cell companies defrauded US program for the poor
- Senator says Snapchat ‘hiding something’ by skipping data breach hearing
- Hundreds Access Fake Bank Account Data "Leaked" to Dark Web