Digital Education: The cyberrisks of the online classroom
This past spring, as the COVID-19 pandemic took hold, online learning became the new norm as universities and classrooms around the world were forced to close their doors. By April 29, 2020, more than 1.2 billion children across 186 countries were impacted by school closures. Shortly after schools began to transition to emergency remote learning, […] more…Lifting the veil on DeathStalker, a mercenary triumvirate
State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of […] more…How Unsecure gRPC Implementations Can Compromise APIs, Applications
By David Fiser (Security Researcher) Enterprises are turning to microservice architecture to build future-facing applications. Microservices allow enterprises to efficiently manage infrastructure, easily deploy updates or improvements, and help IT teams innovate, fail, and learn faster. It also allows enterprises to craft applications that can easily scale with demand. Additionally, as enterprises switch architectures — […] more…Pig in a poke: smartphone adware
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. In some cases, the solution is quite simple. In others, the task is far harder: the adware plants itself in the system partition, and trying to get rid of it can lead to […] more…Gamaredon APT Group Use Covid-19 Lure in Campaigns
By Hiroyuki Kakara and Erina Maruyama Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. In March, we came across an email […] more…WildPressure targets industrial-related entities in the Middle East
In August 2019, Kaspersky discovered a malicious campaign distributing a fully fledged C++ Trojan that we call Milum. All the victims we registered were organizations from the Middle East. At least some of them are related to industrial sector. Our Kaspersky Threat Attribution Engine (KTAE) doesn’t show any code similarities with known campaigns. Nor have […] more…Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence
Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-py Ten years ago, VirusTotal launched VT Intelligence; a critical component of VT Enterprise which offers users the capability to search over VirusTotal’s dataset using advanced search modifiers. VT Intelligence allows security professionals to pinpoint malware based on its structural, behavioural, binary, metadata, etc. properties to uncover entire threat campaigns. For example, the following […] more…Outlaw Updates Kit to Kill Older Miner Versions, Targets More Systems
By Jindrich Karasek (Threat Researcher) As we’ve observed with cybercriminal groups that aim to maximize profits for every campaign, silence doesn’t necessarily mean inactivity. It appears hacking group Outlaw, which has been silent for the past few months, was simply developing their toolkit for illicit income sources. While they have been quiet since our June […] more…Current and Future Hacks and Attacks that Threaten Esports
by Mayra Rosario Fuentes and Fernando Mercês Esports has evolved from niche entertainment into a highly lucrative industry. Growing ad revenue and sponsorships allow the tournaments to grow; and as the tournaments grow, the prize pool grows as well. Of course, growing popularity and increased funds open up the entities involved to cybercriminals looking for […] more…IoT: a malware story
Since 2008, cyber-criminals have been creating malware to attack IoT-devices, such as routers and other types of network equipment. You will find a lot of statistics on this on Securelist, most notably, here and here. The main problem with these IoT/embedded devices is that one simply cannot install any kind of security software. How do […] more…Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
By Carl Maverick Pascual (Threats Analyst) Cybercriminals continue to use cryptocurrency-mining malware to abuse computing resources for profit. As early as 2017, we have also observed how they have applied fileless techniques to make detection and monitoring more difficult. On August 2, we observed a fileless cryptocurrency-mining malware, dubbed GhostMiner, that weaponizes Windows management instrumentation […] more…McAfee ATR Aids Police in Arrest of the Rubella and Dryad Office Macro Builder Suspect
Everyday thousands of people receive emails with malicious attachments in their email inbox. Disguised as a missed payment or an invoice, a cybercriminal sender tries to entice a victim to open the document and enable the embedded macro. This macro then proceeds to pull in a whole array of nastiness and infect a victim’s machine. […] more…How we hacked our colleague’s smart home
In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. An offer you cannot refuse The backbone of any technology company is made up of […] more…ViceLeaker Operation: mobile espionage targeting Middle East
In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. Kaspersky Lab spyware sensors caught the signal of an attack from the device of one of the victims; and a hash of the APK involved (Android application) was tagged in our sample feed for inspection. Once we looked […] more…BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
By Johnlery Triunfante An unpatched security flaw that gets successfully exploited is one thing. But eight exploits that can stealthily and simultaneously get through your businesses’ assets and data and your customers’ information are quite another. We found a new malware family that targets web servers, network drives, and removable drives using multiple web server […] more…CVE-2019-11815: A Cautionary Tale About CVSS Scores
by John Simpson Vulnerabilities in the Linux kernel are not uncommon. There are roughly 26 million lines of code, with 3,385,121 lines added and 2,512,040 lines removed in 2018 alone. The sheer complexity of that much code means that vulnerabilities are bound to exist. However, what is not at all common is the existence of […] more…More information
- McAfee Employees Share How They #PressForProgress on International Women’s Day
- Microsoft slaps down 99 APT35/Charming Kitten domains
- Bash “Shellshock” vulnerability – what you need to know
- AAPT confirms hackers stole customer data
- Foxit patches critical vulnerability in PDF viewer browser plug-in
- Stolen details of 3.3m Hello Kitty fans – including kids – published online
- Resolved: Mitel/ I2 Session Border Controller Maintenance Work
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Discovering connections between attackers
- Resolved: LionPATH in degraded state