Malware Serving SEO Spam from External Sites
We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to SEO spam campaigns through PHP, database injections or .htaccess redirects. An SEO spam infection can be devastating to a website’s credibility and reputation. Many website owners recognize and appreciate […] more…KRACKs Against Wi-Fi Serious But Not End of the World
On October 12, researcher Mathy Vanhoef announced a set of Wi-Fi attacks that he named KRACKs, for key reinstallation attacks. These attack scenarios are against the WPA2 authentication and encryption key establishment portions of the most recent set of protocols. The technique is through key reinstallation. The attack can potentially allow attackers to send attacker […] more…Analytics 101
From today’s smart home applications to autonomous vehicles of the future, the efficiency of automated decision-making is becoming widely embraced. Sci-fi concepts such as “machine learning” and “artificial intelligence” have been realized; however, it is important to understand that these terms are not interchangeable but evolve in complexity and knowledge to drive better decisions. Distinguishing […] more…How KRACK Threatens Wi-Fi’s Security Underpinnings and What It Means for You
If you grew up before, or even during the 90s, you were familiar with a world of cords. A cord for the telephone, a cord for the CD player and a cord — of course — for the internet. But around the late 80s and early 90s, things started to change. Cashier systems gained a […] more…A Closer Look at North Korea’s Internet
By Vladimir Kropotov, Philippe Z Lin, Fyodor Yarochkin and Feike Hacquebord Introduction North Korea’s presence on the internet is commonly perceived as something that only goes one way: hackers go out, nothing gets in. Incidents like the Sony Pictures hack in 2014 and a couple of global bank heists were reported to be the work of North […] more…Staying Anonymous on the Blockchain: Concerns and Techniques
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from individuals, businesses, and hackers. One of the selling points of Bitcoin and others of its type is anonymity. Yet there are concerns that online currency transactions may not be as anonymous as many wish. In […] more…Dnsmasq: A Reality Check and Remediation Practices
Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options. Based on Censys and Shodan data, […] more…Linux Kernel Vulnerability Can Lead to Privilege Escalation: Analyzing CVE-2017-1000112
A memory corruption bug in UDP fragmentation offload (UFO) code inside the Linux kernel can lead to local privilege escalation. In this post we will examine this vulnerability and its accompanying exploit. Although this bug affects both IPv4 and IPv6 code paths, we analyzed only IPv4 code running on vulnerable kernel version 4.8.0 of Ubuntu […] more…How Thinking Like an Attacker Makes You a Better Threat Hunter
In the race against cybercrime, like in a chess game, threat hunters are constantly trying to get one step ahead of the opponent, trying to predict what the next movement will be. Evidence suggests, however, that most organizations struggle to catch up with the pace, with their defenders (also commonly referred as blue teams) falling […] more…How Cyber Thugs Use Music and Celebrity Searches to Dupe Your Family
Like stockbrokers watch the market, cybercriminals keep an eye on the public’s latest obsessions. And, once they spot a trend in our search behavior, they know exactly where to plant malware links designed to steal personal information from our devices. Such is the case with Canadian pop-punk artist Avril Lavigne, who by no fault of […] more…Most Dangerous Celebrities 2017: #RT2Win a Hollywood Worthy Prize
“Hey hey, you you!” Did you hear that we released our 2017 Most Dangerous Celebrities List? This year marks the release of our 11th annual roundup of the Most Dangerous Celebrities—that is, the stars that are most likely to land you viruses when searched for online. Can you guess who took this year’s number one […] more…The importance of cyber self-defense education
As recent headlines have highlighted, one thing is clear; there is still a lot of work that needs to be done in the world of cybersecurity. Whether it is companies being breached or personal data being offered to the highest bidder, it is an incredibly challenging job to keep everyone safe online. In order to […] more…a-PATCH-e: Struts Vulnerabilities Run Rampant
by Steve Povolny Equifax confirmed the attack vector used in its data breach to be CVE-2017-5638, a vulnerability patched last March 2017 via S2-045. The vulnerability was exploited to gain unauthorized access to highly sensitive data of approximately 143 million U.S. and 400,000 U.K. customers, as well as 100,000 Canadian consumers. This vulnerability was first disclosed […] more…New RETADUP Variants Hit South America, Turn To Cryptocurrency Mining
By Lenart Bermejo, Kenney Lu, and Cedric Pernet Several months ago, we discovered and exposed RETADUP malware in Israeli hospitals. We also learned that an Android malware known as “GhostCtrl” was stored in their infrastructure, which might be used for cyberespionage or cybercrime. Since then, we’ve encountered more samples in the wild. While RETADUP was found in […] more…iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices
by Hara Hiroaki, Higashi Yuka, Ju Zhu, and Moony Li While iOS devices generally see relatively fewer threats because of the platform’s walled garden approach in terms of how apps are installed, it’s not entirely unbreachable. We saw a number of threats that successfully scaled the walls in 2016, from those that abused enterprise certificates to […] more…BankBot Found on Google Play and Targets Ten New UAE Banking Apps
By Kevin Sun The Android-targeting BankBot malware (all variants detected by Trend Micro as ANDROIDOS_BANKBOT) first surfaced January of this year and is reportedly the improved version of an unnamed open source banking malware that was leaked in an underground hacking forum. BankBot is particularly risky because it disguises itself as legitimate banking apps, typically […] more…More information
- Rising Tides: Bryson Bort on Cyber Entrepreneurship and the Needed Focus on Critical Infrastructure
- Baidu web browsers leaked sensitive information, researchers say
- U.S. Government Attributes ICS Attacks to Russia, China, Iran
- Don’t Improve Network Security – Create Secure Networks
- Sony wakes up to new PlayStation security nightmare
- Austrian Armed Forces switch from Microsoft Office to LibreOffice
- Resolved: Wireless service disruption – University Park (Central Campus)
- Twitter’s new “threats, abusive language” filter has its restrictions
- Apple reveals overhauled iOS 7 with vibrant, more colorful design
- New FCC chairman tells wireless carriers to unlock cell phones