APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company
Monongalia Health System (Mon Health) this week disclosed a business email compromise (BEC) incident that was the result of unauthorized access to its email system. read more more…Check up on Your Virtual Safety: Tips for Telehealth Protection
Check up on Your Virtual Safety: Tips for Telehealth Protection In a poll conducted by the Canadian Medical Association, nearly half of Canadians have used telehealth services since the start of the pandemic. Additionally, in a recent McAfee study, we found that 21% of Canadians have used the internet for a doctor visit in 2020, […] more…Why is similarity so relevant when investigating attacks
The concept of similarity is pretty straightforward: are two files similar? There are many ways to figure it out. That’s why different similarity algorithms exist. Now, why is this useful? Attackers need tools for their attacks, basically malware. Malware in the end is a piece of software, built from frameworks, code and libraries, and takes […] more…VirusTotal multisandbox += VenusEye
VirusTotal multisandbox project welcomes VenusEye. The VenusEye sandbox is currently contributing reports on PE Executables, documents and javascript. In their own words: VenusEye Sandbox, as a core component product of VenusEye Threat Intelligence Center, is a cloud-based sandbox service focused on analyzing malwares and discovering potential vulnerabilities. The sandbox service takes multiple(~100) types of files […] more…Varying Degrees of Malware Injections Decoded
It is no longer the day of human-readable injections, or even the use of basic encoding schemes like base64. Instead we’re seeing a rise in complex, and in some instances, elusive encoding schemes that carry with them a big punch. There are varying degrees of malware injections that include some of the following traits: Encoding (pretty […] more…More information
- AIS will be making changes to the eCommerce environment to allow for IPv6 access.
- Robot apocalypse unlikely, but researchers need to understand AI risks
- Apple and Google move computing forward in identical-yet-incompatible ways
- North Korea’s government sanctioned Red Star OS can be remotely hacked, say security researchers
- Huawei Expects 21% Revenue Rise Despite ‘Unfair’ Treatment
- Multipurpose "Xunpes" Trojan Targeting Linux Systems
- After WannaCry, UIWIX Ransomware and Monero-Mining Malware Follow Suit
- UK govt group pumps 40m into cloud start-ups
- Code-sharing leads to widespread bug sharing that black-hats can track
- Microsoft Windows GDI Component CVE-2019-0977 Information Disclosure Vulnerability