Ransomware Families Use NSIS Installers to Avoid Detection, Analysis
Malware families are constantly seeking new ways to hide their code, thwart replication, and avoid detection. A recent trend for the delivery of ransomware is the use of the Nullsoft Scriptable Install System (NSIS) with an encrypted payload. The list of the most common families using this technique is diverse and includes Cerber, Locky, Teerac, Crysis, […] more…What are the Pros and Cons of Snooping on Your Kids Online?
I’ve changed my mind on the snooping question quite a bit since I began writing about family safety over five years ago. I’ve had to. Technology has dramatically changed all of us in that short time. Still, at least once a month a parent asks me, “How much should I really be snooping on my […] more…Malware: 5 Tips for Fighting the Malicious Software
Malware—the term seems to be at the center of the news every day, with each headline telling of a new way the cyber threat has inserted itself into our lives. From an entire attack campaign on banks worldwide, to a strain residing within medical devices, to a variant that has learned to self-heal, the list […] more…Businesses as Ransomware’s Goldmine: How Cerber Encrypts Database Files
Possibly to maximize the earning potential of Cerber’s developers and their affiliates, the ransomware incorporated a routine with heavier impact to businesses: encrypting database files. These repositories of organized data enable businesses to store, retrieve, sort, analyze, and manage pertinent information. When utilized effectively they help maintain the organization’s efficiency, so holding these mission-critical files […] more…Can Internet of Things be the New Frontier for Cyber Extortion?
The Internet of Things (IoT)—the network of devices embedded with capabilities to collect and exchange information—has long been attracting the attention of cybercriminals as it continues to gain momentum in terms of its adoption. Gartner has estimated that more than 20.8 billion IoT devices will be in use by 2020; IoT will be leveraged by […] more…ATMZombie: banking trojan in Israeli waters
On November 2015, Kaspersky Lab researchers identified ATMZombie, a banking Trojan that is considered to be the first malware to ever steal money from Israeli banks. It uses insidious injection and other sophisticated and stealthy methods. The first method, dubbed “proxy-changing”, is commonly used for HTTP packets inspections. It involves modifying browser proxy configurations and […] more…Sophos takes rare step of citing Microsoft flaw as a must-fix
Sophos generally steers clear of pointing to a single patch from Microsoft’s Patch Tuesday, but is breaking its own rule this month by highlighting one it says can prevent a world of hurt. The patch – MS15-034 – addresses a bug that could allow remote-code execution on a victim machine, and that can be exploited […] more…Multiplatform Boleto Fraud Hits Users in Brazil
A study conducted around June last year revealed a malware-based fraud ring that infiltrated one of Brazil’s most popular payment methods – the Boleto Bancário, or simply the boleto. While the research and analysis was already published by RSA, we’ve recently discovered that this highly profitable fraud is still out in the wild and remains […] more…Are metaverse pioneers making the same old security mistakes?
Ask security pros what they would change about the Internet if they could go back in time knowing what they know now, and most can point to a list of mistakes we could have avoided. But according to some experts, we’re still making the same mistakes today, with the development of the 3D virtual reality […] more…Website Security: A Case of SEO Poisoning
There are so many ways your website can be co-opted by hackers for many different reasons, targeting the value created via your SEO is highly attractive. It provides an attacker the opportunity to cheat the system by quickly benefiting from your raw traffic, your audience. In this post we will share details of a recent […] more…Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn’t it always funny to see what the final message received would be? Oh and how it would have morphed […] more…Spam in May 2014
Spam in the spotlight In the run-up to the summer, spammers offered their potential customers seedlings and seeds for gardening. In addition, English-language festive spam in May was dedicated to Mother’s Day – the attackers sent out adverts offering flowers and candies. Holiday spam for Mom As usual, the spammers were very busy in the […] more…Wi-Fi security and fake ac/dc charges threaten your data at the 2014 World Cup
When we’re traveling we tend to bring lots of smart devices with us. It’s great to be able to share a beautiful photo, let people know where you are or put your latest news on Twitter or Facebook. It’s also a good way to find info about restaurants, hotels and transport connections. But to do […] more…Don’t Let Location-Based Services Put You in Danger
Location-based services utilize geo-location information to publish your whereabouts. In some cases, these services can also provide discounts or freebies as a reward for “checking in” at participating businesses and gathering “points.” These services can also be used to share photos and other media in real-time with your friends and followers. Geo-location or geo-tagging can […] more…More information
- Facebook Building a ‘War Room’ to Battle Election Meddling
- An Open Source Effort to Encrypt the Internet of Things
- Plaintext Passwords Often Put Industrial Systems at Risk: Report
- OSIsoft Warns Employees, Contractors of Data Breach
- VirusTotal += SecureAge
- Facebook bug may have made 14m users’ posts public
- Pen testing tool or exploit? 6 samples of ways hackers get in
- Russian Found Guilty of Hacking LinkedIn, Formspring, Dropbox
- How to connect to enterprise Wi-Fi security on Android devices
- Ask Sucuri: What should I know when engaging a Web Malware Company?