Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them
This is the second part of our two-part blog series on Operation Black Atlas. The first blog entry is entitled, Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools. Operation Black Atlas has already spread to a multi-state healthcare provider, dental clinics, a machine manufacturer, a technology company […] more…The German Underground: Buying and Selling Goods via Droppers
The recent Paris attacks were carried out with both guns and explosives. While the perpetrators probably made the latter themselves, they could not do the same for their guns. So where did they turn to? One option may have been: the Deep Web. On November 27, a German arms dealer was arrested on suspicion of […] more…How Exploit Kit Operators are Misusing Diffie-Hellman Key Exchange
By Brooks Li, Stanley Liu and Allen Wu Feedback from the Trend Micro™ Smart Protection Network™ has allowed us to discover that the notorious Angler and Nuclear exploit kits have included the latest Flash vulnerability (CVE-2015-5560) in their regular update. This means that systems with Adobe Flash Player 18.0.0.209 and earlier are vulnerable; however users running the […] more…VMware pitches network virtualization for better security
VMware is making a case that network virtualization can improve security in the enterprise. VMware, one of the biggest proponents of virtualizing the entire data center, says CIOs concerned about protecting their IT infrastructures from attackers should look at virtual networking, which has been around a while but isn’t as popular as server virtualization. “The […] more…Inside the head of your company’s cyber traitor
A recurring theme in cybercrime protection is ROI. It usually refers to how much effort — in terms of time and money — a thief must throw at a potential victim compared with the likely value of what could be obtained. Simply put, a thief can justify spending a lot more effort breaking into Fort […] more…The GasPot Experiment: Hackers Target Gas Tanks
Physically tampering with gasoline tanks is dangerous enough, given how volatile gas can be. Altering a fuel gauge can cause a tank to overflow, and a simple spark can set everything ablaze. But imagine how riskier it is if a hacker can do all this remotely, especially now that a number of fuel companies worldwide […] more…Flash Threats: Not Just In The Browser
July has been a fairly poor month for Adobe Flash Player security, to say the least. Three separate zero-day vulnerabilities (all courtesy of the Hacking Team dump) have left many people concerned about Flash security, with many (including this blog) calling for it to go away. Some sort of reaction from Adobe to improve Flash […] more…New Router Attack Displays Fake Warning Messages
Just because security researchers report about threats doesn’t mean we’re exempted from them. I recently experienced an incident at home that involved tampered DNS router settings. I was redirected to warning pages that strongly resemble those used in previous FAKEAV attacks. I noticed that my home internet router DNS settings have been modified from its default settings. (My router […] more…Organizational Challenges in the Internet of Things
As a result of the increase in cyber-attacks launched by nation-states, cybercriminals, hacktivist groups and other entities, it has become increasingly important to understand the ecosystem of hardware, O/S, software, and services that are used in each organization’s network, including the data/telemetry that is collected and sent outside the organization’s network. This problem is especially magnified with […] more…The Naikon APT
Our recent report, “The Chronicles of the Hellsing APT: the Empire Strikes Back” began with an introduction to the Naikon APT, describing it as “One of the most active APTs in Asia, especially around the South China Sea”. Naikon was mentioned because of its role in what turned out to be a unique and surprising […] more…The best way to protect passwords may be creating fake ones
Password managers are a great way to supply random, unique passwords to a high number of websites. But most still have an Achilles’ heel: Usually, a single master password unlocks the entire vault. But a group of researchers has developed a type of password manager that creates decoy password vaults if a wrong master password […] more…Identifying and Dividing Networks and Users
Proper network segmentation is the most critical proactive step in protecting networks against targeted attacks. It is also important for organization to properly identify and categorize their own users and the networks they access. This is an important task as it allows an administrator to properly segment both user privileges and network traffic. Some users will […] more…IIS At Risk: The HTTP Protocol Stack Vulnerability
Unpatched versions of Microsoft’s Internet Information Services (IIS) web server are vulnerable to a remote denial of service attack that can prove to be very threatening if set against critical systems. The vulnerability, which was fixed by Microsoft in MS15-034 as part of the April 2015 Patch Tuesday cycle, can trigger the blue screen of death or more commonly known as […] more…The Chronicles of the Hellsing APT: the Empire Strikes Back
Introduction One of the most active APT groups in Asia, and especially around the South China Sea area is “Naikon”. Naikon plays a key part in our story, but the focus of this report is on another threat actor entirely; one who came to our attention when they hit back at a Naikon attack. Naikon […] more…Welcome to the Internet of Things. Please check your privacy at the door.
It knows when you are sleeping and when you are awake. It knows when you’re home and when you’re away. It knows how how fast you drive, how many steps you took yesterday, and how hard your heart is working right now. It’s the Internet of Things (IoT), and it is terrible at keeping secrets. […] more…Crypto-Ransomware Sightings and Trends for 1Q 2015
It seems that cybercriminals have yet to tire of creating crypto-ransomware malware. Since the start of 2015, we have spotted several variants of crypto-ransomware plague the threat landscape. In January, the Australia-New Zealand region was beset by variants of TorrentLocker. But we soon discovered that TorrentLocker infections were not limited to that region; Turkey, Italy, […] more…More information
- Give a store your e-mail address, it’ll find you on Facebook
- CISA Warns AMI BMC Vulnerability Exploited in the Wild
- Chinese police get facial recognition glasses
- Pollock Hub site Uninterruptible Power Supply (UPS) replacement
- Quora Data Breach Hits 100 Million Users
- Governments Urge Organizations to Hunt for Ivanti VPN Attacks
- Microsoft Windows GDI+ Component CVE-2018-8397 Remote Code Execution Vulnerability
- Pod2g Hints iOS 5.1.1 Jailbreak to be Released During #HITB2012AMS?
- UK MoD extends cyber security deal with BT
- Network history: Why it’s important and who’s responsible for it