An analysis of Regin’s Hopscotch and Legspin
With high profile threats like Regin, mistakes are incredibly rare. However, when it comes to humans writing code, some mistakes are inevitable. Among the most interesting things we observed in the Regin malware operation were the forgotten codenames for some of its modules. These are: Hopscotch Legspin Willischeck U_STARBUCKS We decided to analyze two of […] more…French newspapers go offline, but hosting company rules out DDoS as cause
High-profile French media websites went offline for a few hours Friday morning, prompting frenzied speculation about “unprecedented” cyberattacks—but the hosting company behind the sites soon dismissed talk of a massive distributed denial-of-service attack. A number of sites, including those of daily newspaper 20 Minutes and online news site Slate, went offline or were difficult to […] more…Chthonic: a New Modification of ZeuS
In the fall of 2014, we discovered a new banking Trojan, which caught our attention for two reasons: First, it is interesting from the technical viewpoint, because it uses a new technique for loading modules. Second, an analysis of its configuration files has shown that the malware targets a large number of online-banking systems: over […] more…What’s New in Exploit Kits in 2014
Around this time in 2013, the most commonly used exploit kit – the Blackhole Exploit Kit – was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there […] more…Sony/Destover: Mystery North Korean Actor’s Destructive and Past Network Activity
This week, for the first time, the FBI issued a Flash warning about a destructive wiper activity, used in the attack on Sony Pictures Entertainment. Samples of this Destover malware contained configuration files created on systems using Korean language packs. Since the attack, further information about the malware has surfaced in one form or another, but some […] more…Regin: Nation-state ownage of GSM networks
Motto: “Beware of Regin, the master! His heart is poisoned. He would be thy bane…“ “The Story of Siegfried” by James Baldwin Introduction, history Download our full Regin paper (PDF). In the spring of 2012, following a Kaspersky Lab presentation on the unusual facts surrounding the Duqu malware, a security researcher contacted us and mentioned […] more…The Art of Website Malware Removal – The Basics
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand the anatomy of the attack and prevent it from happening again. However, there is a less glamorous task that must take place once an attack vector is exploited; that is […] more…Tracking Activity in the Chinese Mobile Underground
We first lifted the veil on activities in the Chinese cybercriminal underground in 2012. Since then, we have continually reported about notable changes or activity found in this black market. A few months ago, we noted that the Chinese underground has continued to grow, as the cost of connectivity and hardware continues to fall, and […] more…New Phishing Technique Outfoxes Site Owners: Operation Huyao
We’ve found a new phishing technique targeting online shopping sites that may significantly change the threat landscape for phishing sites. Conventional phishing sites require an attacker to replicate the targeted site; a more accurate copy is more likely to fool intended victims. This technique we found allows for the creation of nearly perfect copies – […] more…Most Common Attacks Affecting Today’s Websites
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than they ever have in the past. This is a huge win for the World Wide Web and it’s a trend that is pushing technology further towards more robust and securely […] more…Snapchat, Whisper promise privacy but fail (miserably) to deliver
Social media apps that promise ephemeral communications or true anonymity frequently fail to live up to all meaningful expectations. User locations are tracked without permission. “Disappearing” photos and messages are hacked in massive numbers. Users who thought they were communicating anonymously are discovered and linked to their real identities. That’s just the start of the […] more…WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are […] more…Well, that escalated quickly
An interesting title felt just about right for an interesting topic when I first submitted my research paper about the evolution of bitcoin cybercrime for this year’s edition of the Virus Bulletin conference, held in the sleepless Seattle. Discussing the situation from an economic standpoint I aimed to paint a picture reflecting how the present […] more…Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn’t it always funny to see what the final message received would be? Oh and how it would have morphed […] more…Microsoft IIS Web Server – CMD Process Contributing to Website Reinfections
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infections as well. It is one of those things that comes with the job. Today, we’re going to chat about an interesting reinfection case in which […] more…Microsof IIS Web Server – CMD Process Contributing to Website Reinfections
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infections as well. It is one of those things that comes with the job. Today, we’re going to chat about an interesting reinfection case in which […] more…More information
- Library to close down anonymous Tor browsing after DHS pressure
- Machine learning versus spam
- PHP ‘ReflectionNamedType’ Denial of Service Vulnerability
- Mirai “internet of things” malware from Krebs DDoS attack goes open source
- Adobe Flash Faces Final Curtain by December 2020
- The world of Apple, ambient AI, and privacy
- How to deal with dates and times without any timezone tantrums…
- Dow Jones Watchlist Found Exposed to Open Internet
- Enterprise security: The easiest data breaches are the hardest to stop
- Evaluating Cloud File Sharing and Collaboration Solutions