Five security developments we can be thankful for in 2014
It’s not often that we take a moment to think about what we in security are grateful for. And as we approach the time of year when all the security gurus bring out their crystal balls and prognosticate what the Big Bad of the coming year will be, I would like to take a moment […] more…Regin: Nation-state ownage of GSM networks
Motto: “Beware of Regin, the master! His heart is poisoned. He would be thy bane…“ “The Story of Siegfried” by James Baldwin Introduction, history Download our full Regin paper (PDF). In the spring of 2012, following a Kaspersky Lab presentation on the unusual facts surrounding the Duqu malware, a security researcher contacted us and mentioned […] more…Brazilian Trojan Bankers – now on your Android Play Store!
It took some time but they’re finally here – Brazilian cybercriminals have started to target their attacks towards mobile banking users. This week we spotted the first Trojan banker targeting Brazilian users of Android devices. Two malicious applications meant to pass for apps from local Banks were hosted on Google Play. According FEBRABAN (the local […] more…AT&T kills the ‘permacookie,’ stops tracking customers’ Internet usage (for now)
In recent weeks, Verizon and AT&T have been caught up in a privacy firestorm over their use of so-called “permacookies,” a method of tracking what their users do while browsing the Web with the intent of sharing that data with advertisers. Verizon’s permacookie program lives on, but AT&T has ceased the practice, ProPublica reported on […] more…OnionDuke: APT Attacks Via the Tor Network
Recently, research was published identifying a Tor exit node, located in Russia, that was consistently and maliciously modifying any uncompressed Windows executables downloaded through it. Naturally this piqued our interest, so we decided to peer down the rabbit hole. Suffice to say, the hole was a lot deeper than we expected! In fact, it went […] more…Tracking Activity in the Chinese Mobile Underground
We first lifted the veil on activities in the Chinese cybercriminal underground in 2012. Since then, we have continually reported about notable changes or activity found in this black market. A few months ago, we noted that the Chinese underground has continued to grow, as the cost of connectivity and hardware continues to fall, and […] more…A Killer Combo: Critical Vulnerability and ‘Godmode’ Exploitation on CVE-2014-6332
Microsoft released 16 security updates during its Patch Tuesday release for November 2014, among which includes CVE-2014-6332, or the Windows OLE Automation Array Remote Code Execution Vulnerability (covered in MS14-066). We would like to bring attention to this particular vulnerability for the following reasons: It impacts almost all Microsoft Windows platforms from Windows 95 onward. A stable […] more…Law Enforcement Agencies in Tor: Impact Over the Dark Web
The recent shutdown of SilkRoad 2.0 was just a small part of the events affecting the Tor network that unfolded last week. Tor-related communities, such as privacy enthusiasts, but also cybercriminals (of course!), expressed worry after a global law enforcement operation targeted a number of illegal services based on Tor. Operation Onymous, coordinated by Europol’s European Cybercrime […] more…Following the Trail of South Korean Mobile Malware
There have been previous reports about attacks which targeted third party app sites in South Korea resulting in more than 20,000 smartphones being infected with malicious apps. Note that none of these apps were found on the official Google Play store. Checking our database confirmed that this malware family has already been detected as ANDROIDOS_KrBot.HRX. We […] more…US Postal Service suffers breach of employee, customer data
A U.S. Postal Service data breach has potentially compromised the personal information of 800,000 employees, as well as some customers who contacted the government service. The data breach of some USPS information systems, being investigated by the FBI, may include names, dates of birth, Social Security numbers, addresses and other information of Postal Service employees, […] more…Raids cast doubt on the integrity of TOR
Federal law enforcement agencies in the U.S. and Europe have shut down more than 400 Web sites using .onion addresses and made arrests of those who run them, which calls into question whether the anonymizing The Onion Router (Tor) network itself is still secure. The Web sites – which authorities say sold a range of […] more…iOS Trojan WireLurker: Statistics and New Information
Recently, news appeared about an interesting attack where cybercriminals infect iPhones and Mac OSX users with a rather peculiar malware dubbed WireLurker. You can find a thorough paper from Palo Alto here. First of all, it’s important to note that all Kaspersky Lab users are protected against this threat. The malicious files used by WireLurker […] more…Security Holes in Corporate Networks: Network Vulnerabilities
In our previous blogpost, we told you about the types of attacks that a cybercriminal can undertake while working with a regular user account without local administrator privileges. In particular, we presented an example of how the simplified inheritance of privileges within the context of domain authorization (Single-Sign-On) enables cybercriminals to gain access to various […] more…Who’s Behind Operation Huyao?
As previously discussed Operation Huyao is a well-designed phishing scheme that relys on relay/proxy sites that pull content directly from their target sites to make their phishing sites appear to be more realistic and believable. Only one such attack, targeting a well-known Japanese site, has been documented. No other sites have been targeted by this attack.Publicly available information suggests that […] more…Most Common Attacks Affecting Today’s Websites
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than they ever have in the past. This is a huge win for the World Wide Web and it’s a trend that is pushing technology further towards more robust and securely […] more…BE2 Custom Plugins, Router Abuse, and Target Profiles
The BlackEnergy malware is crimeware turned APT tool and is used in significant geopolitical operations lightly documented over the past year. An even more interesting part of the BlackEnergy story is the relatively unknown custom plugin capabilities to attack ARM and MIPS platforms, scripts for Cisco network devices, destructive plugins, a certificate stealer and more. […] more…More information
- Confused about Cybersecurity Platforms? We Can Help.
- Europol announces two more ransomware busts in Ukraine
- Oracle patches 87 flaws in DB, PeopleSoft, Siebel, Solaris, MySQL and more
- Meet the hacker fighting ISIS with porn
- Radiflow Launches New Intrusion Detection System for ICS/SCADA Networks
- Apple fixes Apple Watch rings issue with watchOS 5.0.1 update
- Next-generation firewalls provide protection but add to workload
- Resolved: Resolved: Wireless service Outage Central Campus
- Rapid7 Appointed CVE Numbering Authority
- Cryptographic backdoors? France says, “Non!”