More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
By Feike Hacquebord, Cedric Pernet, and Kenney Lu The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) […] more…Current and Future Hacks and Attacks that Threaten Esports
by Mayra Rosario Fuentes and Fernando Mercês Esports has evolved from niche entertainment into a highly lucrative industry. Growing ad revenue and sponsorships allow the tournaments to grow; and as the tournaments grow, the prize pool grows as well. Of course, growing popularity and increased funds open up the entities involved to cybercriminals looking for […] more…AutoIT-compiled Negasteal/Agent Tesla, Ave Maria Delivered via Malspam
By Miguel Carlo Ang and Earle Maui Earnshaw We recently saw a malicious spam campaign that has AutoIT-compiled payloads – the trojan spy Negasteal or Agent Tesla (detected by Trend Micro as TrojanSpy.Win32.NEGASTEAL.DOCGC), and remote access trojan (RAT) Ave Maria or Warzone (TrojanSpy.Win32.AVEMARIA.T) – in our honeypots. The upgrading of payloads from a typical trojan […] more…Hacking LED Wristbands: A ‘Lightning’ Recap of RF Security Basics
By Jonathan Andersson and Federico Maggi Early this year, we published a security analysis of industrial radio remote controllers. In that research, we examined different vulnerabilities in the implementation of radio frequency (RF) communication and the possible impact of an attack on these weaknesses. We believe that RF security research is of great importance especially […] more…How Visiting a Trusted Site Could Infect Your Employees
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it’s defined as a watering hole […] more…Analysis: New Remcos RAT Arrives Via Phishing Email
By Aliakbar Zahravi (Malware Researcher) In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques […] more…Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
By Augusto Remillano II and Jakub Urbanec Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week. A Mirai variant that calls itself “Asher” […] more…HVACking: Understanding the Delta Between Security and Reality
The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated an industrial control system (ICS) produced by Delta Controls. The product, called “enteliBUS Manager”, is used for several applications, including building management. Our research […] more…LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
by Miguel Ang, Erika Mendoza and Jay Yaneza First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing […] more…‘Twas the night before
Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source. […] more…Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
By: Hara Hiroaki and Loseway Lu (Threats Analysts) Since our last research on TA505, we have observed new activity from the group that involves campaigns targeting different countries over the last few weeks. We found them targeting countries in the Middle East such as United Arab Emirates and Saudi Arabia, as well as other countries […] more…Shadowgate Returns to Worldwide Operations With Evolved Greenflash Sundown Exploit Kit
by Joseph C. Chen After almost two years of sporadic restricted activity, the ShadowGate campaign has started delivering cryptocurrency miners with a newly upgraded version of the Greenflash Sundown exploit kit. The campaign has been spotted targeting global victims, after operating mainly in Asia. Background of the Greenflash Sundown exploit kit The ShadowGate (also called […] more…What kids get up to online
Today’s children navigate the Internet better than adults. They are not afraid to try out new technology, and are quick to grasp new trends and sometimes invent their own. New social networks, mobile games, music, and gadgets are all part and parcel of their daily lives. But just because they feel at home online does […] more…Monero-Mining Malware PCASTLE Zeroes Back In on China, Now Uses Multilayered Fileless Arrival Techniques
Abusing PowerShell to deliver malware isn’t new; it’s actually a prevalent technique that many fileless threats use. We regularly encounter these kinds of threats, and Trend Micro behavior monitoring technology proactively detects and blocks them. We have smart patterns, for instance, that actively detect scheduled tasks created by malicious PowerShell scripts. We also have network […] more…The GDPR – One Year Later
A couple of weeks ago, one famous lawyer blogged about an issue frequently discussed these days: the GDPR, one year later. “The sky has not fallen. The Internet has not stopped working. The multi-million-euro fines have not happened (yet). It was always going to be this way. A year has gone by since the General […] more…New Mirai Variant Uses Multiple Exploits to Target Routers and Other Devices
By: Augusto Remillano II and Jakub Urbanec We discovered a new variant of Mirai (detected as Backdoor.Linux.MIRAI.VWIPT) that uses a total of 13 different exploits, almost all of which have been used in previous Mirai-related attacks. Typical of Mirai variants, it has backdoor and distributed denial-of-service (DDoS) capabilities. However, this case stands out as the […] more…More information
- Pirate sites ban Windows 10 over privacy worries
- Updates are coming for a telematics unit that hacked a Corvette
- Adopt Counterinsurgency Security Measures to Patrol the New Network Perimeter
- Huawei continues to plead innocent despite serious criminal charges
- 6 Enterprise Solutions for Successful Identity Management
- Ex-porn Actor German Spy Guilty of Trying to Share State Secrets
- Cambium Wireless Networking Devices Vulnerable to Attacks
- North Korea ‘Tried to Hack’ Pfizer for Vaccine Info – South’s Spies: Reports
- How Apple iOS 8 eases some privacy concerns
- Tech giants form AI group to counter Nvidia with new interconnect standard