Don’t Be an April Fool – Protect Your Digital Assets
Be Part of World Back Up Data Day on 31st March There are not many worse feelings that the realisation that a document you’ve worked tirelessly on has vanished! We’ve all been there and it’s not nice at all. Whether you break into a sweat, scream or even say a word you shouldn’t – losing […] more…Tips for New Remote Workers
With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality for many people around the world, and Sucuri can help you make this new endeavor easier for you. We have been an entirely remote team since the creation of the […] more…Cryptojacking is almost conquered – crushed along with coinhive.com
Cryptojacking may not be entirely gone following the shutdown of notorious cryptomining service Coinhive – but it’s drastically diminished. more…Two Dozen Arrested for Laundering Funds From BEC, Other Scams
Twenty-four individuals were arrested for laundering funds illegally obtained via business email compromise (BEC), romance, and retirement account scams targeting victims across the United States. The large-scale fraud operation facilitated by the arrested individuals has caused losses of more than $30 million, the Department of Justice has revealed. read more more…MonitorMinor: vicious stalkerware
The other day, our Android traps ensnared an interesting specimen of stalkerware — commercial software that is usually used to secretly monitor family members or colleagues. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality. Let’s take a look one step at a time. Modern […] more…MonitorMinor: vicious stalkerware?
Updated March 17th, 2020 The other day, our Android traps ensnared an interesting specimen of commercial software that is positioned as a parental control app, but may also be used to secretly monitor family members or colleagues – or, in other words, for stalking. Such apps are often called stalkerware. On closer inspection, we found […] more…Busting Ghostcat: An Analysis of the Apache Tomcat Vulnerability (CVE-2020-1938 and CNVD-2020-10487)
by: Magno Logan (Information Security Specialist) Discussions surrounding the Ghostcat vulnerability (CVE-2020-1938 and CNVD-2020-10487) found in Apache Tomcat puts it in the spotlight as researchers looked into its security impact, specifically its potential use for remote code execution (RCE). Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set […] more…Security Risks in Online Coding Platforms
By David Fiser (Senior Cyber Threat Researcher) Threat Modeling for Online Coding Platforms Before cloud integrated development environments (IDEs) became an option, you, i.e., the developer, typically need to download and/or install everything you need onto your own workstations. However, as DevOps gained traction and cloud computing usage grew, you can now also code online. […] more…Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence
Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-py Ten years ago, VirusTotal launched VT Intelligence; a critical component of VT Enterprise which offers users the capability to search over VirusTotal’s dataset using advanced search modifiers. VT Intelligence allows security professionals to pinpoint malware based on its structural, behavioural, binary, metadata, etc. properties to uncover entire threat campaigns. For example, the following […] more…Mobile malware evolution 2019
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. Figures of the year In 2019, Kaspersky mobile products and technologies detected: 3,503,952 malicious installation packages. 69,777 new mobile banking Trojans. 68,362 new mobile ransomware Trojans. Trends of the year In summing up 2019, two trends […] more…VirusTotal MultiSandbox += QiAnXin RedDrip
VirusTotal would like to welcome QiAnXin RedDrip to the multi-sandbox project! QiAnXin is now sending execution behavior reports to the VirusTotal ecosystem for a wide variety of file types. In their own words: QiAnXin RedDrip Sandbox, developed by QI-ANXIN Threat Intelligence Center, is a cloud‐based malware analysis service provided to security researchers, analysts as well […] more…Attacking the Organism: Financial Services
When it comes to high-value assets, few industries can come close to financial services. It’s not just the obvious fact that banks are giant warehouses of money—banks represent critical pieces of infrastructure that entire economies rely upon. read more more…Operations at U.S. Natural Gas Facilities Disrupted by Ransomware Attack
A ransomware infection at a natural gas compression facility in the United States resulted in a two-day operational shutdown of an entire pipeline asset, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) revealed on Tuesday. read more more…IOTA shuts down network temporarily to fight wallet hacker
Popular cryptocurrency IOTA has temporarily shut down its entire network after a hacker stole funds from ten of its highest-value users. more…Timeless Principles to Help Your Child Develop Social Superpowers
“You can make more friends in two months by becoming interested in other people than you can in two years by trying to get other people interested in you.” ~ Dale Carnegie Each year it’s my tradition to re-read a handful of books that continue to shape my perspective. One of those books is the […] more…Microsoft springs last-minute demand on buyers of Windows 7 after-expiration support
Microsoft this week threw a wrench into the workings of its long-touted Windows 7 post-retirement support, telling IT administrators that there was a brand new prerequisite that must be installed before they can download the patches they’d already paid for. The last-minute requirement was titled “Extended Security Updates Licensing Preparation Package” and identified as KB4538483 […] more…More information
- What WERE they thinking? Internet-enabled cameras under the security lens once again…
- North Korea Possibly Behind WannaCry Ransomware Attacks
- Update: Sites Down
- Researchers bypass PayPal’s two-factor authentication system
- Cybersecurity Labeling for Smart Devices Aims to Help People Choose Items Less Likely to be Hacked
- Microsoft Windows Graphics Component CVE-2014-1818 Remote Code Execution Vulnerability
- Inkblots improve security of online passwords
- Has HTTPS finally been cracked? Five researchers deal SSL/TLS a biggish blow…
- UK to rush through “emergency” phone and internet data retention law
- Update: UCS 502 Errors