This Holiday Season, Watch Out for These Cyber-Grinch Tricks
Whether it be that their shoes are too tight, their heads aren’t screwed on just right, or they’re expressing a little bit of “Bah Humbug,” cyber-grinches and cyber-scrooges everywhere view the holiday season as a perfect opportunity to exploit users. In fact, McAfee recently conducted a survey of over 1,000 adults over the age of […] more…More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting
By Feike Hacquebord, Cedric Pernet, and Kenney Lu The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) […] more…It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Online Purchases
As we gear up to feast with family and friends this Thanksgiving, we also get our wallets ready for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s take a look at […] more…It’s Beginning to Look a Lot Like Holiday Shopping: Secure Your Black Friday & Cyber Monday Purchases
As we gear up to feast with family and friends this Thanksgiving, we also get our wallets ready for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s take a look at […] more…DDoS attacks in Q3 2019
News overview This past quarter we observed a new DDoS attack that confirmed our earlier hypothesis regarding attacks through the Memcached protocol. As we surmised, the attackers attempted to use another, rather exotic protocol to amplify DDoS attacks. Experts at Akamai Technologies recently registered an attack on one of their clients that was carried out […] more…Titanium: the Platinum group strikes again
Platinum is one of the most technologically advanced APT actors with a traditional focus on the APAC region. During recent analysis we discovered Platinum using a new backdoor that we call Titanium (named after a password to one of the self-executable archives). Titanium is the final result of a sequence of dropping, downloading and installing […] more…Pipelining VT Intelligence searches and sandbox report lookups via APIv3 to automatically generate indicators of compromise
TL;DR: VirusTotal APIv3 includes an endpoint to retrieve all the dynamic analysis reports for a given file. This article showcases programmatic retrieval of sandbox behaviour reports in order to produce indicators of compromise that you can use to power-up your network perimeter/endpoint defenses. We are also releasing a set of python scripts alongside this blog […] more…Buran Ransomware; the Evolution of VegaLocker
McAfee’s Advanced Threat Research Team observed how a new ransomware family named ‘Buran’ appeared in May 2019. Buran works as a RaaS model like other ransomware families such as REVil, GandCrab (now defunct), Phobos, etc. The author(s) take 25% of the income earned by affiliates, instead of the 30% – 40%, numbers from notorious malware […] more…Chrome 0-day exploit CVE-2019-13720 used in Operation WizardOpium
Executive summary Kaspersky Exploit Prevention is a component part of Kaspersky products that has successfully detected a number of zero-day attacks in the past. Recently, it caught a new unknown exploit for Google’s Chrome browser. We promptly reported this to the Google Chrome security team. After reviewing of the PoC we provided, Google confirmed there […] more…Ransomware: The Digital Plague that Still Persists
Ransomware began its reign of cyber terror in 1989 and remains a serious and dangerous threat today. In layman’s terms, ransomware is malware that employs encryption to lock users out of their devices or block access to critical data or files. A sum of money, or ransom, is then demanded in return for access to […] more…Norsk Hydro Receives First Insurance Payout Following Cyberattack
Norwegian aluminum giant Norsk Hydro recently published its financial results for the third quarter of 2019 and revealed that it received its first insurance payout related to the cyberattack that hit the company in March. read more more…Credential stuffing explained: How to prevent, detect and defend against it
Credential stuffing definition Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. Billions of login credentials have landed in the hands of hackers over the past several years as a result of data breaches. These credentials fuel the underground economy and are used for everything from […] more…A Cybersecurity Horror Story: October’s Creepiest Threats and How to Stay Secure
Halloween time is among us and ghosts and goblins aren’t the only things lurking in the shadows. This past month has brought a variety of spooky cyberthreats that haunt our networks and devices. From malicious malware to restricting ransomware, October has had its fair share of cyber-scares. Let’s take a look at what ghoulish threats […] more…Did You Check Your Quarantine?!
A cost-effective way to detect targeted attacks in your enterprise While it is easy to get caught up in the many waves of new and exciting protection strategies, we have recently discovered an interesting approach to detect a targeted attack and the related actor(s). Quite surprisingly, a big part of the solution already exists in […] more…Steam-powered scammers
Digital game distribution services have not only simplified the sale of games themselves, but provided developers with additional monetization levers. For example, in-game items, such as skins, equipment, and other character-enhancing elements as well as those that help one show up, can be sold for real money. Users themselves can also sell items to each […] more…Test your YARA rules against a collection of goodware before releasing them in production
The rising tide of malware threats has created an arms race in security tool accumulation, this has led to alarm fatigue in terms of noisy alerts and false positives. The last thing you need is more false alarms coming from buggy or suboptimal YARA rules, be it the ones you use in VT Hunting or […] more…More information
- Why Your Website Might Be Throwing a 421 SNI Error (And What to Do About It)
- SkinTrack Turns Your Arm Into a Touchpad. Here’s How It Works
- Hackers Claim Data Theft on 800 Million Cards – But Is It True?
- What is a computer virus? How they spread and 5 signs you’ve been infected
- By 2020, your Wi-Fi-connected car will pay for parking, gas
- Elon Musk Says X, Formerly Twitter, Will Have Voice and Video Calls, Updates Privacy Policy
- Slack launches new Slack Canvas tool at Dreamforce 2022
- The Ten Commandments of Bring Your Own Device
- Malicious Software Poses as Video from a Facebook Friend
- Cyber attacks cost the UK economy £1.9 billion