CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Files
We uncovered a new crypto-ransomware variant with new routines that include making encrypted files appear as if they were quarantined files. These “quarantined” files are appended by a *.VAULT file extension, an antivirus software service that keeps any deleted files for a certain period of time. Antivirus software typically quarantines files that may potentially cause further damage to […] more…Obama authorizes sanctions against hackers
U.S. President Barack Obama has signed an executive order authorizing the U.S. government to impose sanctions on people, organizations and governments that partake in “malicious cyber-enabled activities” that harm the country. “The same technologies that help keep our military strong are used by hackers in China and Russia to target our defense contractors and systems […] more…State Dept. to shut down email system to clean out malware
The U.S. Department of State will shut down its unclassified email system for a short time to clean up malware that may have resided there since late last year. The State Department said Friday it has scheduled a planned outage of the unclassified email system to make security improvements and to respond to “activity of […] more…Code name found in Equation group malware suggests link to NSA
As security researchers continue to analyze malware used by a sophisticated espionage group dubbed the Equation, more clues surface that point to the U.S. National Security Agency being behind it. In February, Russian antivirus firm Kaspersky Lab released an extensive report about a group that has carried out cyberespionage operations since at least 2001 and […] more…Animals in the APT Farm
In 2014, researchers at Kaspersky Lab discovered and reported on three zero-days that were being used in cyberattacks in the wild. Two of these zero-day vulnerabilities are associated with an advanced threat actor we call Animal Farm. Over the past few years, Animal Farm has targeted a wide range of global organizations. Victims include: Government […] more…Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research and analysis was already published by RSA, we’ve recently discovered that this highly profitable fraud is still out in the wild and remains […] more…PwnPOS: Old Undetected PoS Malware Still Causing Havoc
We have been observing a new malware that infects point-of-sale (POS) systems. This malware may have been active since 2013, possibly earlier. Trend Micro will be naming this new malware family as PwnPOS to differentiate it from other known PoS malware families. In this blog post, we will discuss the technical details of this PoS […] more…TaigaPhone could be the most secure handset on the planet
Move over BlackBerry and say hello Taiga Systems and their TaigaPhone, the latest in cutting-edge cyber-security for the corporate smartphone users. To tackle the increasing global cyber-threat, Russia has been working on their very own super-secure smartphone to ensure that corporate information is always safe and sound. Tags: Russia Security Hardware more…Fanny superworm likely the precursor to Stuxnet
The Stuxnet computer worm that was used to sabotage the Iranian nuclear program was likely preceded by another sophisticated malware program that used some of the same exploits and spread through USB thumb drives to computers isolated from the Internet. The USB worm is called Fanny and is part of a sophisticated malware toolset used […] more…The Upload: Your tech news briefing for Tuesday, February 17
Spy group has embedded tools in foreign networks, systems A cyberspy group using tools similar to those of U.S. intelligence agencies has embedded spy and sabotage firmware in systems and networks in countries including Iran, Russia, Pakistan and China, a report by security vendor Kaspersky Lab claims. Kaspersky said that the tools can’t be combated […] more…A Fanny Equation: "I am your father, Stuxnet"
At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various parts of Stuxnet, such as the zero-days used in the attack. Perhaps the most interesting zero-day exploit from Stuxnet was the LNK exploit (CVE-2010-2568). This allowed Stuxnet […] more…The Great Bank Robbery: the Carbanak APT
Download Full Report PDF The story of Carbanak began when a bank from Ukraine asked us to help with a forensic investigation. Money was being mysteriously stolen from ATMs. Our initial thoughts tended towards the Tyupkin malware. However, upon investigating the hard disk of the ATM system we couldn’t find anything except a rather odd […] more…The Upload: Your tech news briefing for Monday, February 16
Kaspersky exposes huge, ongoing bank-robbery-by-hack Russian cybersecurity firm Kaspersky Lab is releasing a report Monday with some details on a wide-ranging series of hacks into at least 100 banks in 30 counties—some of which are apparently still ongoing. Kaspersky gave the New York Times an advance look at the material, and says that losses total […] more…The Syrian malware part 2: Who is The Joe?
Introduction Kaspersky Lab would like to alert users in the Middle East for new malware attacks being delivered through Syrian news and social networking forums. Malware writers are using multiple techniques to deliver their files and entice the victims to run them, creating an effective infection vector. Mainly depending on social engineering, the attackers exploit […] more…Looking Back (and Forward) at PoS Malware
2014 became the year that placed PoS (point-of-sale) threats in the spotlight. Make no mistake—PoS threats have existed for years. However, the Target data breach last January was the first incident that made the general public notice this threat. 2014: the Year of PoS Malware While the Target breach may have been the first PoS-related […] more…TorrentLocker Ransomware Hits ANZ Region
We recently reported that the EMEA (Europe-Middle East-Africa) region recently experienced a surge in ransomware, specifically, crypto-ransomware attacks. It appears that these attacks are no longer limited to that region. Research from Trend Micro engineers shows that the ANZ (Australia-New Zealand) region is the latest to be greatly affected by this type of malware—this time by […] more…More information
- Why Facebook is using satellites to map every building in 20 countries
- Is The Raspberry Pi Secure?
- Electronic Theses and Dissertations (eTD), Honor Theses (eHT), and ScholarSphere Service Interruption 3/17/2016
- Microsoft Windows CVE-2016-3236 WPAD Remote Privilege Escalation Vulnerability
- It’s time to talk about productivity again
- PoC malware for remote hijacking of USB smart readers
- Can Facebook’s Libra cryptocurrency survive the exodus?
- Botnet targets set-top boxes using Android OS
- Trend Micro Scan Engine Used by North Korea’s SiliVaccine Antivirus
- Microsoft Windows Graphics Component CVE-2016-3262 Information Disclosure Vulnerability