Apple’s Q4 results show growth in ‘interesting times’
Apple remains the most resilient FAANG business. While other big tech firms (like Alphabet and Microsoft and Facebook) report grim news, Apple managed to set fresh records, increased Android-to-iPhone switching numbers, but still slightly missed expectations. To read this article in full, please click here more…Shop till You’re Hacked? 3 Tips to Stay Secure this Holiday Season
With just days until Black Friday, the unofficial kick off to the holiday shopping season is quickly approaching. In anticipation of the busiest time of year for e-commerce, this year we conducted a survey, Stressed Holiday Online Shopping, to understand how financial pressure can impact buyer behavior when it comes to online purchasing and cybersecurity. […] more…Incentives Drive Results
The Challenges of Misaligned Incentives in Cybersecurity Cybercriminals are encouraged by their results, stealing money, breaking services, or gaining notoriety, and can quickly change tactics that are ineffective. But what encourages a cybersecurity team to do their best? Maybe more important, what discourages them? To understand more about this, we surveyed 800 cybersecurity professionals from […] more…Macro Malware: When Old Tricks Still Work, Part 1
Now comes a time when we are reminded of why this security warning prompt in Microsoft Word matters: Figure 1. Microsoft Word security warning for macros I went around my peers this afternoon and asked, “On the top of your head, can you give me a name of an effective macro malware? Better if its […] more…Ransomware by the numbers: Reassessing the threat’s global impact
Kaspersky has been following the ransomware landscape for years. In the past, we’ve published yearly reports on the subject: PC ransomware in 2014-2016, Ransomware in 2016-2017, and Ransomware and malicious crypto miners in 2016-2018. In fact, in 2019, we chose ransomware as the story of the year, upon noticing the well-known threat was shifting its […] more…Why do the Vast Majority of Applications Still Not Undergo Security Testing?
Did you know that 84% of all cyber attacks target applications, not networks? What’s even more curious is that 80% of Internet of Things (IoT) applications aren’t even tested for security vulnerabilities. It is 2018, and despite all the evidence around us, we haven’t fully accepted the problem at hand when it comes to software […] more…Mail-Order STD Tests Make Sharing Results as Easy as Sending a Snap
So. You’re single, it’s the weekend, and you don’t want a rerun of last Saturday night’s chocolate chip pancakes a la mode and Gilmore Girls bingefest. You’ve already Instagrammed this morning’s latte, two gritty urban feet shots, one still life with #buyyourowndamnflowers … and it’s still only six o’clock. Is it too early to fire […] more…PwnPOS: Old Undetected PoS Malware Still Causing Havoc
We have been observing a new malware that infects point-of-sale (POS) systems. This malware may have been active since 2013, possibly earlier. Trend Micro will be naming this new malware family as PwnPOS to differentiate it from other known PoS malware families. In this blog post, we will discuss the technical details of this PoS […] more…Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the […] more…Resolved: Penn Stater Hub site Uninterruptible Power Supply (UPS) Replacement Change Number CHG0045464
PSUIT – ENCS/TNS will be replacing the Uninterruptible Power Supply (UPS) system that serves the Penn Stater HUB site on Tuesday, December 19th, 2017, starting at 5AM with work expected to be completed by 2PM. In order to perform this work, all equipment at the Penn Stater HUB site will only be supplied by EMERGENCY […] more…Obama’s cybersecurity legacy: Good intentions, good efforts, limited results
President Obama is only a couple of weeks out of office, but his legacy on cybersecurity is already getting reviews – mixed reviews. According to a number of experts, Obama said a lot of good things, did a lot of good things and devoted considerable energy to making cybersecurity a priority, but ultimately didn’t accomplish […] more…2014 Spam Landscape: UPATRE Trojan Still Top Malware Attached to Spam
The malware UPATRE was first spotted in August 2013 following the demise of the Blackhole Exploit kit. It was since known as one of the top malware seen attached to spammed messages and continues to be so all throughout 2014 with particularly high numbers seen in the fourth quarter of the year. We have released […] more…Ransomware: The Digital Plague that Still Persists
Ransomware began its reign of cyber terror in 1989 and remains a serious and dangerous threat today. In layman’s terms, ransomware is malware that employs encryption to lock users out of their devices or block access to critical data or files. A sum of money, or ransom, is then demanded in return for access to […] more…False Positives: Why Vendors Should Lower Their Rates and How We Achieved the Best Results
In pursuit of a high cyberthreat detection rate, the some developers of cybersecurity solutions neglect the subject matter of false positives, and unfairly so. Indeed, this is a very inconvenient matter that some developers tend to overlook (or try to solve with questionable methods) until there is a serious incident that could paralyze the work […] more…Results of PoC Publishing
Dreams of a Threat Actor There are two crucial features of the Android OS protection system: it is impossible to download a file without user’s knowledge on a clean device; it is impossible to initialize installation of a third-party app without user’s knowledge on a clean device. These approaches greatly complicate malware writers’ lives: to […] more…Plesk Zero-Day Exploit Results in Compromised Webserver
We’re tracking a zero-day exploit affecting a still unpatched vulnerability in Plesk that enables an attacker to fully control a vulnerable webserver. Plesk is made by Parallels and is a popular hosting control panel. This vulnerability means all websites hosted on systems that use Plesk are at risk. This spells trouble not only for web […] more…More information
- FakeSpy Android Information-Stealing Malware Targets Japanese and Korean-Speaking Users
- Mozilla Reinforces Commitment to Distrust Symantec Certificates
- New products of the week 7.18.16
- Elon Musk appears to offer $1 million bounty to ‘convict’ those responsible for Twitter ‘botnets’
- Researcher wins $200,000 prize from Microsoft for new exploit mitigation technology
- Resolved: Box
- Suspected Bush family hacker Guccifer to be extradited to US
- Millions of Android devices have flawed full disk encryption
- Update: CLC networking reconfiguration 11/21/2016
- S2 Ep24: Tinder, angry customers and weleakinfo takedown – Naked Security Podcast