It’s a Zoo Out There! Data Analysis of Alleged ZooPark Dump
In early May, researchers disclosed a Mobile malware campaign by a group focused on Middle Eastern targets. This actor was found to be an evolving and sophisticated group using fake Android apps, namely Telegram, to trick users into installing malicious software. They have been active since 2015 and evolved over several campaigns into 2018. On […] more…India’s Biometric Database Reportedly Breached, More Than One Billion Compromised
Between Equifax and Uber, there’s been a plethora of massive data breaches lately. These breaches not only compromise personal data, but they’re also leaving those impacted concerned about potential identity theft as a result. Now, India is faced with their largest data breach yet – as their governmental database Aadhaar has reportedly been compromised, which […] more…New GnatSpy Mobile Malware Family Discovered
Earlier this year researchers first disclosed a targeted attack campaign targeting various sectors in the Middle East. This threat actor was called Two-tailed Scorpion/APT-C-23. Later on, a mobile component called VAMP was found, with a new variant (dubbed FrozenCell) discovered in October. (We detect these malicious apps as ANDROIDOS_STEALERC32). VAMP targeted various types of data from the phones of victims: […] more…Massive Malaysian Data Breach Compromises Over 46 Million Phone Numbers
There are data breaches that impact an entire customer group, or even a certain state. And then there are data breaches that impact practically everyone in a nation. This actually happened this week, as practically every citizen of Malaysia, a country that boasts a population of some 31.2 million, was impacted by a cyberattack. A […] more…We’ve Mastered Encrypted Messaging, So Are Encrypted Calls Next?
We’ve all heard the names before – WhatsApp, Viber, Telegram, Wire, Signal, Allo… with so many cyberattacks in the news recently, people have begun to rely on encrypted messaging apps to protect their privacy from potential hackers. These services secure end-to-end connections using varying tactics and levels of encryption – you may find yourself questioning […] more…Protecting Your Privacy on Social Media
Social media sites are made for sharing, so protecting your privacy sometimes comes as an afterthought. But, the kind of information you share and whom you share it with can make a big difference between having a positive experience on social media, and putting your money and private details at risk. Sites like Facebook and […] more…Feeling Overwhelmed, Parents? Here’s Your Online Safety Cheat Sheet
Can we just get an extra five hours tacked onto each day so we can stay on top of our kid’s online activity? That’s the rhetorical question most parents carry around unspoken. With all the to-dos of parenting, isn’t there a shortcut on all that social media stuff we don’t have to bookmark or save […] more…Report Finds Some Health Apps Aren’t Healthy for Your Privacy
One of the big features in today’s Internet-of-Things-centric world is the ability to effortlessly track and record health-related data. In fact, some companies make a lot of money providing users with tools, gadgets and social interfaces to more accurately track fitness and overall health. The abundance of these sensors has created a small cottage industry […] more…Uncovering the Inner Workings of EyePyramid
Two Italians referred to as the “Occhionero brothers” have been arrested and accused of using malware and a carefully-prepared spear-phishing scheme to spy on high-profile politicians and businessmen. This case has been called “EyePyramid”, which we first discussed last week. (Conspiracy theories aside, the name came from a domain name and directory path that was found during the […] more…7 Simple Ways to Minimize Risk to Your Family’s Privacy Online
If there is an upside to the torrent of headlines about fake news, intelligence leaks, and email hacking surrounding this year’s U.S. election cycle, it’s this: People may be personalizing cyber threats more than ever. The upside of fake news? Let’s be honest. Most consumers online easily zip past digital safety headlines and opt for clicks […] more…IT threat evolution Q3 2016
Download the full report (PDF) Overview Targeted attacks and malware campaigns Dropping Elephant Targeted attack campaigns don’t need to be technically advanced in order to be successful. In July 2016 we reported on a group called Dropping Elephant (also known as ‘Chinastrats’ and ‘Patchwork’). Using a combination of social engineering, old exploit code and some […] more…A Case of Misplaced Trust: How a Third-Party App Store Abuses Apple’s Developer Enterprise Program to Serve Adware
For bogus applications to be profitable, they should be able to entice users into installing them. Scammers do so by riding on the popularity of existing applications, embedding them with unwanted content—even malicious payloads—and masquerading them as legitimate. These repackaged apps are peddled to unsuspecting users, mostly through third-party app stores. Haima exactly does that, […] more…IT threats during the 2016 Olympic Games in Brazil
Olympic threats designed to trick you Are you planning to visit Brazil during the Olympic Games? Or watch it online? In this blog post we discuss the threats to visitors aiming to travel to Brazil to watch the games and to those planning to watch it online. In the first part we’ll talk about phishing […] more…Ashley Madison, Why Do Our Honeypots Have Accounts On Your Website?
She is 33 years old, from Los Angeles, 6 feet tall, sexy, aggressive, and a “woman who knows what she wants”, according to her profile. She is intriguing. However, her intrigue doesn’t end there: her email address is one of Trend Micro’s email honeypots. Wait… what? This was how we learned that Ashley Madison users were being targeted for […] more…Anonymous’ #OpPetrol: What is it, What to Expect, Why Care?
Last month, the hacker collective Anonymous announced their intention to launch cyber attacks against the petroleum industry (under the code name #OpPetrol) that is expected to last up to June 20. Their claimed reason for this attack is primarily due to petroleum being sold with the US dollar instead of currency of the country where […] more…2012 Web Malware Trends Report Summary
Sucuri is a website security company focused on the detection and remediation of web malware. In 2012, via our SiteCheck scanner, we scanned 9,953,729 unique domains. This small report is based on the data we were able to compile from that platform and our analysis of that same data. The Foundation Healthy Website View We […] more…More information
- World Backup Day – are your important files backed up?
- Less Than One Week to DNS Changer Server Shutdown: Are You Ready?
- Will the U.S. government draft cybersecurity professionals?
- DDoS attack on Dyn could have been prevented
- Microsoft Internet Explorer and Edge CVE-2017-11846 Remote Memory Corruption Vulnerability
- Huawei Chairman: We Don’t Know Why Australia Banned Us from the NBN
- No Ransom Paid in Recent Attack, Texas Says
- Dell Unveils Solution to Detect Evasive Malware
- Nvidia Patches High-Severity GPU Driver Vulnerabilities
- Mobile Ad Network Abused in DDoS Attack: CloudFlare