Threat Hunting with VirusTotal
We recently conducted our first “Hunting with VirusTotal” open training session, providing some ideas on how to use VT Intelligence to hunt for in-the-wild examples of modern malware and infamous APT campaigns. In case you missed it, here you can find the video recording available on Brighttalk. We also created a PDF version of the […] more…How to Prepare for Your Child’s First Smartphone
If only more things in life came with training wheels; a child’s first smartphone could certainly use some. Like taking off the training wheels and riding out into the neighborhood for the first time, a smartphone opens an entirely new world for children. There are apps, social media, group chats with friends, TikTok stars, and the joy of simply being “in” with their classmates and […] more…KBOT: sometimes they come back
Although by force of habit many still refer to any malware as a virus, this once extremely common class of threats is gradually becoming a thing of the past. However, there are some interesting exceptions to this trend: we recently discovered malware that spread through injecting malicious code into Windows executable files; in other words, […] more…The Top Technology Takeaways From CES 2020
Another Consumer Electronics Show (CES) has come and gone. Every year, this trade show joins practically everyone in the consumer electronics industry to show off the latest and greatest cutting-edge innovations in technology. From bendable tablets to 8k TVs and futuristic cars inspired by the movie “Avatar,” CES 2020 did not disappoint. Here are a […] more…How Visiting a Trusted Site Could Infect Your Employees
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it’s defined as a watering hole […] more…Expanding Our Vision to Expand the Cybersecurity Workforce
I recently had the opportunity to testify before Congress on how the United States can grow and diversify the cyber talent pipeline. It’s great that members of Congress have this issue on their radar, but at the same time, it’s concerning that we’re still having these discussions. A recent (ISC) Study puts the global cybersecurity […] more…IT threat evolution Q1 2019
Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor’s past behaviour, we predicted last […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…The New Intern-Net
By Cristina Barrera, Channel Team Intern in Plano, Texas. As a college student today, it often feels like it’s essential to get top grades, volunteer, participate in sports, play an instrument, and find a cure for a rare disease in my spare time just to get a job interview. And now, on top of this, […] more…Latest phishing tactics: infected PDFs, bogus friend requests, fake HR emails
The bad guys have always got new tricks up their sleeves: here are some tips to help you steer clear of them more…Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files […] more…ATMZombie: banking trojan in Israeli waters
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. It uses insidious injection and other sophisticated and stealthy methods. The first method, dubbed “proxy-changing”, is commonly used for HTTP packets inspections. It involves modifying browser proxy configurations and […] more…Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn’t it always funny to see what the final message received would be? Oh and how it would have morphed […] more…Skillport Online Learning Platform Upgrade
On Thursday, November 28, Skillsoft will be upgrading the Skillport online learning platform to version 7.3. The Skillport websites (psuohrlearning.skillport.com and psuohrvolunteer.skillport.com) will be unavailable for most of the day. The sites should return to fully operational status on Friday, November 29. If you have any questions about the upgrade, please contact the Center for […] more…4 Ways to Protect Your Medical Information from Healthcare Fraud
Winter is upon us, and with it comes the dreaded flu season. In turn, this means more trips to the doctor’s office and the potential for high medical bills – a monetary incentive that fraudsters have not overlooked. According to the FBI, healthcare fraud costs the United States an estimated $80 billion a year, with […] more…More information
- 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations
- Serious Flaws Found in Westermo Industrial Routers
- The Federal Bureau of Investigation (FBI) officially linked the Diavol ransomware operation to the infamous TrickBot gang.
- Over 900k Impacted by Data Breach at Defunct Boston Ambulance Service
- Pebble smart watch hits Best Buy online, coming to retail this Sunday
- Microsoft Internet Explorer and Edge CVE-2016-3202 Remote Memory Corruption Vulnerability
- Shazam is always listening to you on Mac
- Afero Raises $50 Million for Its Secure IoT Platform
- Fake iOS Fitness Apps Steal Money
- With a light July Patch Tuesday, it’s time to invest in your IT processes