Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to drop a binary browser exploit with .SWF files, infecting the client machine. This time we saw the opposite, where a binary .SWF file injects an invisible iFrame. This is an […] more…A Twitch of Fate: Gamers Shamelessly Wiped Clean
Twitch.tv is a video gaming focused live streaming platform. It has more than 50 million viewers and was acquired by Amazon.com in August for nearly a billion dollars. We recently received a report from a concerned user about malware that is being advertised via Twitch’s chat feature. A Twitch-bot account bombards channels and invites viewers […] more…New Approach to the Old “Facebook Profile Viewer” Ruse
The truth about the Facebook Profile Viewer is simple: it doesn’t exist. You can check every Facebook page or app available, but you can be 100% sure that each one that says “See who viewed your profile!” or “Who’s stalking you?” is just a ruse for Facebook users to reveal their passwords or spread spam. […] more…One-Click Fraud Variant on Google Play in Japan Steals User Data
Last week McAfee Labs reported a series of “one-click fraud” malware on Google Play in Japan. We have been monitoring this fraudulent activity and have found more than 120 additional variants on Google Play since the previous report. The malicious developers upload five or six applications per account using three to five accounts every night, […] more…How to Protect Your Devices from a Fast Spreading Java Virus
Last week, a new security issue surfaced for a popular programming language known as Java. This Java security issue is classified as a zero-day threat, and it spreads malicious files to unprotected computers. A zero-day threat is an attack that exploits a previously unknown vulnerability in a computer application (in this case Java), which means that the attack […] more…Malicious Developers Release Rogue Bad Piggies Versions
It’s a pig-eat-pig world out there – at least on the mobile app threat front. Right after reports of malicious Bad Piggies on Google Chrome webstore circulated, we found that certain developers also released their own, albeit rogue versions of the said gaming app. On the heels of Bad Piggies‘ launch last month, we saw […] more…Malicious Developers Released Rogue Bad Piggies Versions
It’s a pig-eat-pig world out there – at least on the mobile app threat front. Right after reports of malicious Bad Piggies on Google Chrome webstore circulated, we found that certain developers also released their own, albeit rogue versions of the said gaming app. On the heels of Bad Piggies‘ launch last month, we saw […] more…Compromised Websites Hosting Calls to Java Exploit
Remember that Java 0 day vulnerability that was discovered a few weeks ago and took a while to get patched by Oracle? You know, the one that caused a large portion of the security community to recommend everyone to disable Java completely in their browsers? Well, it wasn’t hype. This vulnerability has been exploited since […] more…LilyJade Version 2.0 – Malicious Browser Extension
In Market, there are different web browsers available, in order to gain the popularity and more usability of these browsers among the users requires some extra features apart from just merely being used to browse web. In hence, they introduce some extra feature to their browsers one among that is the browser plug-in which the […] more…
A Flashback Post-Mortem: What Mac Users Need to Know
With Apple pushing out both a standalone removal tool for users and a combined Java update/removal tool, it’s safe to say that the current outbreak of Flashback malware is well on its way to being addressed. However – such a widespread incident (affecting at least 1% of all Macs in use today) is likely to […] more…Uncovering a Colombian Malware Campaign with AI Code Analysis
VirusTotal Code Insight keeps adding new file formats. This time, we’re looking at two vector-based formats from very different eras: SWF and SVG. Curiously, right after we rolled out this update in production, one of the very first submitted files gave us a perfect, and unexpected, example of Code Insight in action: it uncovered an […] more…Inside of the WASP’s nest: deep dive into PyPI-hosted malware
Photo by Matheus Queiroz on Unsplash In late 2022 we decided to start monitoring PyPI, arguably the most important Python repository, as there were a number of reports on it hosting malware. PyPI took exceptional relevance amongst all repositories as, historically, it was trusted by default by many software developers. Any security breach or abuse […] more…APT43: An investigation into the North Korean group’s cybercrime operations
Introduction As recently reported by our Mandiant’s colleagues, APT43 is a threat actor believed to be associated with North Korea. APT43’s main targets include governmental institutions, research groups, think tanks, business services, and the manufacturing sector, with most victims located in the United States and South Korea. The group uses a variety of techniques and […] more…Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants
A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the web. Originally found on the popular game Minecraft, it has since been shown to affect most web servers running Apache along with its ubiquitous logging […] more…Cyberthreats to financial organizations in 2022
First of all, we are going to analyze the forecasts we made at the end of 2020 and see how accurate they were. Then we will go through the key events of 2021 relating to attacks on financial organizations. Finally, we will make some forecasts about financial attacks in 2022. Analysis of forecasts for 2021 […] more…Great R packages for data import, wrangling, and visualization
The table below shows my favorite go-to R packages for data import, wrangling, visualization and analysis — plus a few miscellaneous tasks tossed in. The package names in the table are clickable if you want more information. To find out more about a package once you’ve installed it, type help(package = "packagename") in your R […] more…More information
- HR Services Firm ComplyRight Suffers Data Breach
- Production AIS and IdS Service Degradation – November 12
- Some CLC Service may be unavailable the morning of 2/13/2013
- US feds’ names, home and email addresses hacked and posted online
- Google Announces New Accounts Sign-in Rules
- Biometrics fix foiled by make up
- Is Your SNS Addiction Getting Out of Hand? – All Names Aren’t Cool
- Library service interruption, December 12, 2012
- When Certificate Authority Business Models and Vendor Certificate Policies Clash
- Edward Snowden: Don’t censor your d**k pics