IT threat evolution Q1 2019
Targeted attacks and malware campaigns Go Zebrocy Zebrocy was first observed being used as a Sofacy backdoor in 2015. However, the collection of cases where this tool has been used mean that we consider it a subset of activity in its own right. On the basis of this threat actor’s past behaviour, we predicted last […] more…Node.js 5.7 released ahead of impending OpenSSL updates
The Node.js Foundation is gearing up this week for fixes to OpenSSL that could mean updates to Node.js itself. Releases to OpenSSL due on Tuesday will fix defects deemed to be of “high” severity, Rod Vagg, foundation technical steering committee director, said in a blog post on Monday. Within a day of the OpenSSL releases, […] more…Buyer’s guide: How to choose the right business laptops
With hundreds of business-oriented laptops to choose from, picking the right ones to outfit your company’s workforce can be daunting. We’re here to help with a buyer’s guide that breaks the options into categories and provides details, price estimates, and pros and cons of each. Ranging from $200 for the cheapest budget models to nearly […] more…Financial Cyberthreats in 2020
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of digital […] more…How Visiting a Trusted Site Could Infect Your Employees
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it’s defined as a watering hole […] more…Saving Summer: 5 Strategies to Help Reign In Family Screen Time Over Break
It’s the most wonderful time of the year — for teachers and lifeguards. For everyone else (parents) we have a little prep work to do to make sure the summer doesn’t lull our kids into digital comas. Most of us have learned that given zero limits, kids will play video games, watch YouTube, send snaps, […] more…Game of Threats
Introduction While the way we consume TV content is rapidly changing, the content itself remains in high demand, and users resort to any means available to get at it – including illegal and non-ethical ones like the use of pirated stuff. The world is embracing the idea of paying for entertainment more and more with […] more…New Magecart Attack Delivered Through Compromised Advertising Supply Chain
by Chaoying Liu and Joseph C. Chen On January 1, we detected a significant increase in activity from one of the web skimmer groups we’ve been tracking. During this time, we found their malicious skimming code (detected by Trend Micro as JS_OBFUS.C.) loaded on 277 e-commerce websites providing ticketing, touring, and flight booking services as […] more…Stolen Data from Chinese Hotel Chain and Other Illicit Products Sold in Deep Web Forum
by Fyodor Yarochkin (Senior Threat Researcher) We uncovered personally identifiable information (PII) stolen from a China-based hotel chain being sold on a deep web forum we were monitoring. Further analysis revealed that the stolen data was not only the PII of Chinese customers, but also included the hotel chain’s customers from Western and East Asian […] more…IoT Devices: The Gift that Keeps on Giving… to Hackers
McAfee Advanced Threat Research on Most Hackable Gifts You’ve probably noticed the recent increase in Internet connected drones, digital assistants, toys, appliances and other devices hitting the market and maybe even showing up in your own home. The sale of these “Internet-of-Things” (IoT) devices is expected to reach 600 million units this year[1] and, unfortunately, […] more…Are Your Online Mainframes Exposing You to Business Process Compromise?
by Roel Reyes (Senior Threat Researcher) Legacy mainframes are still used by enterprises to handle big data transactions across a range of industries, from financial institutions, telecoms, and internet service providers (ISPs) to airlines and government agencies. Why are they still in use? As the saying goes: “if it ain’t broke, don’t fix it”. But […] more…EyePyramid and a Lesson on the Perils of Attribution
In the past weeks, information-stealing malware EyePyramid made headlines after it was used to steal 87GB of sensitive data from government offices, private companies and public organizations. More than 100 email domains and 18,000 email accounts were targeted, including those of high-profile victims in Italy, the U.S., Japan and Europe. The natural assumption for many […] more…Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files […] more…App Store Flooded with Phony Retail Apps to Kick Off Holiday Season
The holiday season has officially kicked off, which means a number of things for many of us: seasonal cheer, quality time with loved ones, and admittedly for many, lots and lots of shopping. And these days, many of holiday retail sales are happening online. Unfortunately, that also means now more than ever, there’s more holiday-related […] more…Teaching Kids to Rise Above the Twitter Trolls
The social media platform Twitter has been making the headlines every day lately and not for good reasons. The popular 140-character driven network is under fire for its increasingly troll-heavy content and its failure to regulate abusive tweeters. From celebrities shutting down accounts to politicians and special interest groups daily (and very publically) engaged in […] more…Can Internet of Things be the New Frontier for Cyber Extortion?
The Internet of Things (IoT)—the network of devices embedded with capabilities to collect and exchange information—has long been attracting the attention of cybercriminals as it continues to gain momentum in terms of its adoption. Gartner has estimated that more than 20.8 billion IoT devices will be in use by 2020; IoT will be leveraged by […] more…More information
- Radius Server Maintenance
- Bitcoin wallets on Android at risk of theft, developers say
- Cloud Security Firm Netskope Raises $340 Million at $3 Billion Valuation
- 10 Quick Facts About XSS Viruses and Worms: What You Need to Know
- Facebook to reengineer the IPO with all-night hackathon
- Employers on track to get more nosey with employees’ social media lives
- How Apple’s iCloud Drive works — and how to use it
- Create Strong Passwords with a Password Generator
- Ongoing Attacks Hit West African Financial Institutions Since Mid-2017
- Social Blade Confirms Breach After Hacker Offers to Sell User Data