Critical VxWorks flaws expose millions of devices to hacking
Researchers have found 11 serious vulnerabilities in VxWorks, the world’s most popular real-time operating system (RTOS) that powers over 2 billion devices including enterprise network firewalls and routers, industrial controllers and medical equipment. Many of the flaws allow attackers to take over devices remotely by just sending network packets, which make them particularly dangerous. Researchers […] more…Using Intelligent Data Controls to Accelerate Business
In our previous blog post, Getting Started with Cloud Governance, enterprise security architect Wayne Anderson discussed the challenge of understanding the “sanctioned” path to the cloud and how governance was the initial building block for cloud security. To understand the sanctioned path, we must have visibility into our overall use of cloud services and further […] more…Examining the Link Between TLD Prices and Abuse
Briefing Over the years, McAfee researchers have observed that certain new top-level Domains (TLDs) are more likely to be abused by cyber criminals for malicious activities than others. Our investigations reveal a negative relationship between the likelihood for abuse and registration price of some TLDs, as reported by the McAfee URL and email intelligence team. […] more…4 Ways for Parents to Handle the Facebook Messenger Bug
9 out of 10 children in the U.S. between the ages of six and twelve have access to smart devices. And while parents know it’s important for their children to learn to use technology in today’s digital world, 75% want more visibility into their kids’ digital activities. This is precisely why Facebook designed Messenger Kids […] more…Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
You have likely heard that blockchain will disrupt everything from banking to retail to identity management and more. You may have seen commercials for IBM touting the supply chain tracking benefits of blockchain.[i] It appears nearly every industry is investing in, adopting, or implementing blockchain. Someone has probably told you that blockchain can completely transform […] more…How to steal a million (of your data)
Any user data — from passwords for entertainment services to electronic copies of documents — is highly prized by intruders. The reason is simply that almost any information can be monetized. For instance, stolen data can be used to transfer funds to cybercriminal accounts, order goods or services, and, if the desire or opportunity is […] more…Guide to top security certifications
Cyberattacks against enterprise networks are on the rise, and the bad guys, from solo actors all the way up to nation states, show no signs of easing up anytime soon. As the cost of a data breach keeps increasing, companies are spending more money on security, resulting in tons of unfilled security positions. So, what […] more…FaceApp: The App That Ages Your Employees and Your CIO
Bring Your Own Device (BYOD) is one of the defining characteristics of the modern mobile workforce but it’s also a weakness many businesses aren’t paying enough attention to. It’s likely many corporate BYOD users have downloaded a hot new app named FaceApp. An AI face editor, this app is rising in popularity all thanks to […] more…On the IoT road: perks, benefits and security of moving smartly
Kaspersky has repeatedly investigated security issues related to IoT technologies (for instance, here, or here). Earlier this year our experts have even gained foothold in the security of biomechanical prosthetic devices. The same implies to smart car security: our own research has indicated that there are number of issues—look here or here. This year, we […] more…Data Privacy and Security Risks in Healthcare
Healthcare is a business much like all verticals I work with; however, it has a whole different set of concerns beyond those of traditional businesses. The compounding threats of malware, data thieves, supply chain issues, and the limited understanding of security within healthcare introduces astronomical risk. Walking through a hospital a few weeks ago, I […] more…Spam Campaign Targets Colombian Entities with Custom-made ‘Proyecto RAT,’ Uses Email Service YOPmail for C&C
by Jaromir Horejsi and Daniel Lunghi (Threat Researchers) We observed a recent campaign that primarily targets financial institutions and governmental organizations in the South American region, particularly in Colombia. This blog post covers the activities we observed, the remote access tools (RATs) used, the campaign’s techniques and procedures, and its indicators of compromise (IoCs). Our […] more…VirusTotal MultiSandbox += SNDBOX
Today, VirusTotal is happy to welcome SNDBOX to the Multi-sandbox project. SNDBOX is a cloud based automated malware analysis platform. SNDBOX advanced dynamic analysis capabilities gives additional insights and visibility intro a variety of file-types. In their own words: SNDBOX malware research platform developed by researchers for researchers and provides static, dynamic and network analysis. […] more…Cybersecurity Hygiene: 8 Steps Your Business Should be Taking
Whether you’re managing your enterprise’s cybersecurity or you’ve outsourced it to a service provider, you’re ultimately the one that will be held accountable for a data breach. If your vendor loses your data, your customers and board of directors will likely still hold you responsible. McAfee’s recent report, Grand Theft Data II: The Drivers and […] more…SLUB Gets Rid of GitHub, Intensifies Slack Use
by Cedric Pernet, Elliot Cao, Jaromir Horejsi, Joseph C. Chen, William Gamazo Sanchez Four months ago, we exposed an attack that leveraged a previously unknown malware that Trend Micro named SLUB. The past iteration of SLUB spread from a unique watering hole website exploiting CVE-2018-8174, a VBScript engine vulnerability. It used GitHub and Slack as […] more…The Cost of a Hacked Website – Survey
As part of our commitment to the website security community, we want to know the true impacts of a website compromise from the owner’s perspective. If you are a business that has dealt with any type of website attack, your participation in this six-minute survey will help us improve our services and support website owners […] more…Turla renews its arsenal with Topinambour
Turla, also known as Venomous Bear, Waterbug, and Uroboros, is a Russian speaking threat actor known since 2014, but with roots that go back to 2004 and earlier. It is a complex cyberattack platform focused predominantly on diplomatic and government-related targets, particularly in the Middle East, Central and Far East Asia, Europe, North and South […] more…More information
- Big data privacy must be fixed before the revolution can begin
- Finns Targeted By Localized Ransomware
- Resolved: Software Upgrade to the University Collaboration Suite
- The Critical Challenge of Application Security
- App Permissions 1.7.0
- Skype admits bug sends messages to wrong contacts
- "Most adorable bug" – Raspberry Pi 2 crashes when you take a photo of it
- Spanish police arrest eight in $45 million global ATM fraud
- Apple releases ‘malware removal tool’ following computer hack
- U.S. Government Contractors Score Poorly on Cyber Risk Tests