Mobile Security Roundup 1H 2014
The first half of this year has been quite eventful for the mobile threat landscape. Sure, we had an idea the state of affairs from 2013 would continue on to this year, but we didn’t know just to what extent. From ballooning mobile malware/high risk app numbers to vulnerabilities upon vulnerabilities, let’s recap just what […] more…4th Latin American Security Analysts Summit in Cartagena
Casco Historico, Cartagena, Colombia Last week, GReAT LatAm had the pleasure of participating in the Fourth Latin American Security Analysts Summit in Cartagena, Colombia. We were joined by 29 journalists from 12 different countries throughout the region and a guest speaker. This is one of our favorite events as it presents a rare opportunity to […] more…Thoughts on WordPress Security and Vulnerabilities
As avid readers of this blog know, we’ve discovered or written about multiple vulnerabilities within the WordPress ecosystem over the last couple of weeks specifically relating to popular plugins. MailPoet and Custom Contact Forms drove the bulk of the engagement, but those using WPTouch, TimThumb and vBulletin were also made aware of vulnerabilities. If it […] more…Behind the ‘Android.OS.Koler’ distribution network
Our full Koler report (PDF) At the beginning of May 2014 a security researcher named Kaffeine made the first public mention of Android.OS.Koler.a, a ransomware program that blocks the screen of an infected device and requests a ransom of between $100 and $300 in order to unlock the device. It doesn’t encrypt any files or […] more…Behind the ‘AndroidOS.Koler’ distribution network
Our full Koler report (PDF) At the beginning of May 2014 a security researcher named Kaffeine made the first public mention of Trojan.AndroidOS.Koler.a, a ransomware program that blocks the screen of an infected device and requests a ransom of between $100 and $300 in order to unlock the device. It doesn’t encrypt any files or […] more…Open Socket Poses Risks To Android Security Model
The security of the Android platform is based on its sandbox and permission protection mechanism, which isolates each app and restricts how processes can communicate with each other. However, because it is designed to be open to include other open source projects like Linux and OpenSSL, it can inherit many features as well as vulnerabilities. This means that […] more…New Brute Force Attacks Exploiting XMLRPC in WordPress
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is always interesting however are the tools employed to make it happen. You create a website, because it’s super easy these days, publish the content and within a few weeks […] more…US satellite may have located Ukraine missile launch
The United States believes the Malaysian jet that was destroyed over Ukraine yesterday, killing all 298 people on board, was almost certainly downed by a missile launched by pro-Russian rebels, rather than the Ukrainian Air Force. So say President Barack Obama and Samantha Power, the US Ambassador to the UN, who told a special session […] more…Shylock/Caphaw malware Trojan: the overview
Recently Kaspersky Lab has contributed to an alliance of law enforcement and industry organizations, to undertake measures against the internet domains and servers that form the core of an advanced cybercriminal infrastructure that uses the Shylock Trojan to attack online banking systems around the globe. Shylock is a banking Trojan that was first discovered in […] more…Cloud Services: Holes in Corporate Network Security
The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc. When cloud-based data storage service Dropbox announced a patched vulnerability in its link generator, it once again sparked online discussions about how […] more…When Adware Goes Bad: The Installbrain and Sefnit Connection
Figure 1. Motto taken from the InstallBrain website (http://www.installbrain.com) on July 3, 2014” “Monetize On Non-buyers” is the bold motto of InstallBrain—adware that turns out to have been developed by an Israeli company called iBario Ltd. This motto clearly summarizes the potential risks adware companies can introduce to users, especially when they install stuff on […] more…DOWNAD Tops Malware Spam Source in Q2 2014
DOWNAD , also known as Conficker remains to be one of the top 3 malware that affects enterprises and small and medium businesses. This is attributed to the fact that a number of companies are still using Windows XP, susceptible to this threat. It can infect an entire network via a malicious URL, spam email, and […] more…Taiwan Hit With Micropayment Fraud via Android Malware
In our 1Q Threat roundup report, we noted that the number of mobile malware and high-risk applications reached the two-million mark and is rapidly growing. In our monitoring of the mobile threat landscape, we have recently discovered an Android malware that is spreading fast in Taiwan, detected as ANDROIDOS_RUSMS.A. Mobile users fall victim via SMS spam attack. Users receive […] more…Finding evil in Flash files
Adobe Flash is present on nearly every PC, thus, malware authors have been increasingly targeting it over the last years, following the principle of return on investment, i.e. they will focus on popular technologies to exploit as that will eventually mean a larger base of compromised machines. The rich ActionScript features that are available in […] more…Banking Trojan Trend Hits Japan Hard
In its recent report, National Police Agency mentioned that the current estimated total cost of unauthorized transactions suffered by Japanese users reached 1.417 billion yen during the period of January-May 2014. In comparison the estimated total damage cost from these kinds of threats was 1.406 billion yen in 2013. Data released by Japanese Bankers Association also gives […] more…Scrape FAST, Find’em Cards EASY!
While researching POS RAM scraper malware, I came across an interesting sample: a RAR archive that contained a development version of a POS RAM Scraper malware and a cracked copy of Ground Labs’ Card Recon software. Card Recon is a commercial Data Leakage Prevention (DLP) product used by merchants for PCI compliance. (The contents of […] more…More information
- Convicted child predator arrested for allegedly playing Pokémon GO with kids
- Adobe Warns of Critical Flaws in Magento, Connect
- Cloud Data Security Play Sentra Raises $50 Million Series B
- Microsoft Internet Explorer CVE-2019-0753 Remote Memory Corruption Vulnerability
- Resolved: VoIP Server LAN Maintenance Work
- VMware patches severe XSS flaws in vRealize software
- Google warns Myanmar reporters of ‘state-sponsored’ attack of Gmail accounts
- Microsoft Office CVE-2016-0122 Memory Corruption Vulnerability
- Common security mistakes in collaboration tools
- CISA Releases Final IPv6 Security Guidance for Federal Agencies