Flash Exploit Targets Uyghur Website
It seems that the attacks against Uyghur hasn’t stopped. We have recently encountered a compromised Uyghur website that renders a malicious flash exploiting the CVE-2013-0634 vulnerability. The flash file contains two DLL files each embedded with EXE binaries. One DLL is for 32-bit systems, while the other appears to be for 64-bit systems. The executable […] more…A New Exploit Kit in Neutrino
Robust and stealthier toolkits are predicted to emerge this year. This was first seen when the WhiteHole Exploit Kit appeared in the threat landscape. It took advantage of several vulnerabilities including the infamous CVE-2013-0422. Additionally, there have been reports of another new exploit kit called “Neutrino” being sold in the underground. The exploit, which we […] more…The Firefox OS: How Safe Will It Be?
One of the more interesting items out of the just-concluded Mobile World Conference in Barcelona was the announcement of the Firefox OS which, as Mozilla CEO Gary Kovacs rather colorfully noted, is “taking [the Web] to mobile.” More than the announcements of how many manufacturers and carriers will release Firefox OS devices, what sets Mozilla’s […] more…From the Phablet to GSMA’s Connected City, Was Mobile World Congress a Success?
For four days, the streets of Barcelona were flooded with mobile enthusiasts from every corner of the globe, looking to see what ground-breaking announcements would be coming out of Mobile World Congress 2013 (MWC). Held from February 25th to February 28th, more than 72,000 attendees from 200 countries passed through the MWC entrance doors to […] more…Barking Up The Wrong Tree
Recently, it was announced that such well-known names in the tech industry such as Facebook, Twitter, Microsoft, and Apple had all been affected by a watering hole attack. Employees at all of these affected firms had visited a popular iOS developer forum, which was compromised to serve a then-unknown Java exploit to its users. Unsurprisingly, […] more…AlbaBotnet, another new crime wave in Latin American cyberspace
After the recent emergence of the criminal PiceBOT in Latin America, AlbaBotnet has joined the growing ranks of regional IT crime. It revolves around online pharming, with a view to delivering targeted phishing attacks which steal information from the online accounts of two major Chilean banks. According to the data we have processed, this campaign […] more…Blackhole Exploit Kit Run Adopts Controversial Java Flaw
In our 2013 Security Predictions, we predicted that conventional malware will focus mainly on refining tools instead of creating new threats. A perfect example of this prediction is how Blackhole Exploit Kit continuously attempts to circumvent the efforts done by the security industry. True enough, we recently received reports of a Blackhole Exploit Kit (BHEK) […] more…From Alarming to Familiar: Different Social Engineering Techniques
In the course of our threat research, we’ve encountered different types of social engineering lures that aim to trigger different emotions such as fear and happiness. These lures are often effective, as we’ve seen happen in several incidents in the past. However, they are also easily recognizable as they often use a common theme, be […] more…Mobile Myths: Can My Apple Devices Get Hacked?
“I bought a Mac, because it’s safer than a PC.” “I always surf the web with my iPhone, because I know it can’t get infected.” “I got a virus on my first PC, so now I only use Apple products.” Sound familiar? Too often, the rhetoric around the Mac vs. PC debate focuses on Apple’s […] more…Same Old Brand New Malware Tricks
In our Security Predictions for this year, Trend Micro CTO Raimund Genes predicted that the evolution of conventional malware will only gradually evolve. Instead of distributing new threats, malware authors will focus more on refining tools and how these attacks are conducted. In particular, we may be seeing certain developments in their stealth tactics to […] more…What Do Infosec Professionals Know About APTs?
Recently, ISACA surveyed more than 1,500 infosec professionals as part of their 2012 Advanced Persistent Threat (APT) Awareness Study. The findings are an interesting mix of the good and the bad. The ISACA survey results indicate that a majority of professionals are familiar or strongly familiar with APTs, with almost all (96.2%) being at least […] more…Cyber Education: The Buck Stops With Us Parents!
Teaching my kids to cross the road safely has taken many years. And to be honest, I am not completely convinced they all have it down pat just yet! I don’t know how many times I have said: ‘Look right, look left and then right again’ or ‘Don’t cross until you see the green man […] more…Shady Surfing: Online Ads 182x More Likely than Adult Websites to Infect Your PC
Wait…what! You heard it right: According to a recent security report, Internet users are 182 times more likely to get a virus from clicking on online ads than visiting an adult website. At first glance, this sounds extremely counterintuitive (and it is). In theory, wouldn’t your risk go up when visiting shady sites? Yes and […] more…The State of Blackhole Spam
The past few months have been a busy one for Blackhole spam attackers. The last time we discussed Blackhole spam runs, we noted that it had returned from its New Year break and was hitting users again. Previously, we’d reported in September about how a new version of the Blackhole Exploit Kit had been introduced […] more…5 Ways to Ensure Online Privacy for Kids
Congress and the Federal Trade Commission (FTC) have taken special steps to ensure that children under 13 years of age don’t share their personal information on the Internet without the express approval of their parents. Congress passed the Children’s Online Privacy Protection Act (COPPA) in 1998 and the FTC wrote a rule implementing the law. The FTC currently […] more…CARBERP Banking Malware Makes a Comeback
In 2010, we noted CARBERP’s noteworthy features, including its capability to install itself without Administrator Privileges, effectively defeating Windows 7 and Vista’s User Account Control (UAC) feature. In 2012, however, a positive turn of events occurred as 8 individuals involved with CARBERP operations were arrested by Russia’s Ministry of Internal Affairs. This arrest should have […] more…More information
- Ransomware makes child porn menaces in broken English
- Dotcom’s Mega looks to fill email security gap left by Lavabit
- Google open-sources Omnitone library for decoding spatial audio on the web
- SIMDA: A Botnet Takedown
- $300 million ‘superhackers’ are not so super after all
- Teen cooks a turkey with flame-shooting drone
- Microsoft Enables Automatic Remediation in Defender for Endpoint
- The Time Has Come to Hack the Planet
- How to Create Secure Passwords For Your Website
- Austria’s Kurz Sets up Cyber Firm With Ex-NSO Chief