A New Security Age Needs a New Approach to Security
Security evolves to meet the needs of the age. Keys, for example, were created to secure homes and possessions. Encryption, the elements of which stretch back for thousands of years, filled the need to secure messages over a long distance. Security – as both a concept and an industry — is relatively simple to understand […] more…Spam and phishing in Q3 2018
Quarterly highlights Personal data in spam We have often said that personal data is candy on a stick to fraudsters and must be kept safe (that is, not given out on dubious websites). It can be used to gain access to accounts and in targeted attacks and ransomware campaigns. In Q3, we registered a surge […] more…Perl-Based Shellbot Looks to Target Organizations via C&C
We uncovered an operation of a hacking group, which we’re naming “Outlaw” (translation derived from the Romanian word haiduc, the hacking tool the group primarily uses), involving the use of an IRC bot built with the help of Perl Shellbot. The group distributes the bot by exploiting a common command injection vulnerability on internet of […] more…NIST’s Creation of a Privacy Framework
On Tuesday, Oct. 16, the National Institute of Standards and Technology (NIST) held its “Kicking off the NIST Privacy Framework: Workshop #1” in Austin, Texas. I was honored to be asked to participate. This was the first in a series of public workshops focusing on the development of a useful and voluntary Privacy Framework, like […] more…Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response
by Erika Mendoza, Anjali Patil, Jay Yaneza, and Jessie Prevost Smart Protection Network (SPN) data and observations from Managed Detection and Response (MDR) for the North American region show the persistence of older threats and tactics: delivery methods such as spam emails are still going strong, while ransomware attacks have seen a renewed vigor alongside […] more…DDoS Attacks in Q3 2018
News Overview The third quarter 2018 turned out relatively quiet in terms of DDoS attacks. “Relatively” because there were not very many high-level multi-day DDoS onslaughts on major resources. However, the capacities employed by cybercriminals keep growing year after year, while the total number of attacks shows no signs of decline. The early July attack […] more…Hackers attacking your memories: science fiction or future threat?
Authors: Kaspersky Lab and the Oxford University Functional Neurosurgery Group There is an episode in the dystopian near-future series Black Mirror about an implanted chip that allows users to record and replay everything they see and hear. A recent YouGov survey found that 29% of viewers would be willing to use the technology if it […] more…Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
By Miguel Ang and Donald Castillo As cybersecurity defenses continue to improve, cybercriminals have learned to become more creative with malware. We recently encountered threats being packaged inside old yet rarely used file types in spam campaigns. Spam continues to be a cybercriminal favorite – this old-school infection vector makes up more than 48 percent […] more…Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware
by Hubert Lin, Fyodor Yarochkin, and Alfredo Oliveira We recently observed cases of abuse of the systems running misconfigured Docker Engine-Community with Docker application program interface (API) ports exposed. We also noticed that the malicious activities were focused on scanning for open ports 2375/TCP and 2376/TCP, which are used by the Docker engine daemon (dockerd). […] more…The Connection Between IoT and Consumers’ Physical Health
When we think about how technology impacts our daily lives, we don’t really notice it unless it’s a big-picture concept. In fact, there are many areas where technology plays an outsized impact on our lives — and we hardly notice it at all. Traffic lights can be controlled remotely, thermostats can automatically warm or chill […] more…CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
We found design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. We’ve worked […] more…Threats in the Netherlands
Introduction On October 4, 2018, the MIVD held a press conference about an intercepted cyberattack on the OPWC in the Netherlands, allegedly by the advanced threat actor Sofacy (also known as APT28 or Fancy Bear, among others). According to the MIVD, four suspects were caught red handed trying to break into the OPWC’s network. Sofacy […] more…As Search Engines Blacklist Fewer Sites, Users More Vulnerable to Attack
Turns out, it’s a lot harder for a website to get blacklisted than one might think. A new study found that while the number of bot malware infected websites remained steady in Q2 of 2018, search engines like Google and Bing are only blacklisting 17 percent of infected websites they identify. The study analyzed more […] more…Securing the Social Security Number to Protect U.S. Citizens
With cyber criminals having more flexibility in funding and operations than ever before, U.S. citizens are vulnerable not only to breaches of security but also of privacy. In the United States, no article of personal information is meant to be more private or secure than the Social Security Number (SSN). This is for good reason. […] more…Zero-day exploit (CVE-2018-8453) used in targeted attacks
Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. We reported this vulnerability to Microsoft on August 17, 2018. Microsoft confirmed the vulnerability and designated it CVE-2018-8453. In August 2018 our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit […] more…Together is Power: Why McAfee Partnered with British Telecom Group
Cybersecurity threats are growing in both number and strength day by day, making it almost impossible for any one person or organization to maintain a secure environment. This threat is potent, often indiscriminate, and puts both organizations and consumers at risk. Protection, therefore, requires an equally powerful and robust response. But building a strong response […] more…More information
- Jennifer Lawrence nude photo thief is going to the slammer
- UCS Server Reboot – February 9
- Juniper upgrades security software with threat intelligence, VPN package
- Facebook Messenger Malware FacexWorm Steals Passwords and Mines for Cryptocurrency
- Microsoft Windows Journal CVE-2015-2519 Integer Overflow Remote Code Execution Vulnerability
- Microsoft Word Access Violation Remote Code Execution Vulnerability
- Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info
- Belgium’s Nuclear Plants Face Threat of Cyber-attack: EU Counter-terror Chief
- How AI on Apple Silicon will help the enterprise
- Crooks plant backdoor in software used by courtrooms around the world