New AndroRAT Exploits Dated Permanent Rooting Vulnerability, Allows Privilege Escalation
by Veo Zhang, Jason Gu, and Seven Shen Trend Micro detected a new variant of Android Remote Access Tool (AndroRAT) (identified as ANDROIDOS_ANDRORAT.HRXC) that has the ability to inject root exploits to perform malicious tasks such as silent installation, shell command execution, WiFi password collection, and screen capture. This AndroRAT targets CVE-2015-1805, a publicly disclosed […] more…Hacking Group Spies on Android Users in India Using PoriewSpy
by Ecular Xu and Grey Guo We have been seeing attacks that spy on and steal data from specific targets on the mobile platform since late 2017. We discovered the malicious apps victimizing Android users in India, and believe a hacking group—one previously known for victimizing government officials—carried out the attacks. We identified these malicious […] more…5 Ways to Be Proactive When Protecting Your Personal Data
WannaCry, Equifax and Uber—in the wake of a data emergency, I often find myself hyperconscious of my online security measures: I immediately change my passwords, I’m careful about what emails I open, and what links I click. However, once the news cycle passes, I admit I fall back into my old habits, which aren’t always […] more…North Korean Defectors and Journalists Targeted Using Social Networks and KakaoTalk
Recently, South Korean media wrote about North Korean refugees and journalists being targeted by unknown actors using KakaoTalk (a popular chat app in South Korea) and other social network services (such as Facebook) to send links to install malware on victims’ devices. This method shows that attackers are always looking for different ways to deliver […] more…First Kotlin-Developed Malicious App Signs Users Up for Premium SMS Services
By Lorin Wu We spotted a malicious app (detected by Trend Micro as ANDROIDOS_BKOTKLIND.HRX) that appears to be the first developed using Kotlin—an open-source programming language for modern multiplatform applications. The samples we found on Google Play posed as Swift Cleaner, a utility tool that cleans and optimizes Android devices. The malicious app, which has […] more…Digmine Cryptocurrency Miner Spreading via Facebook Messenger
by Lenart Bermejo and Hsiao-Yu Shih We found a new cryptocurrency-mining bot spreading through Facebook Messenger, which we first observed in South Korea. We named this Digmine based on the moniker (비트코인 채굴기 bot) it was referred to in a report of recent related incidents in South Korea. We’ve also seen Digmine spreading in other […] more…How the IoT supports the world’s largest industries
The Internet of Things (IoT) has already helped to connect our world in so many ways, bringing huge improvements and convenience to our lives, homes and health. But we’re often guilty of taking it for granted and failing to celebrate the many ways in which being connected supports some of the world’s largest industries, such […] more…When the threats get weird, the security solutions get weirder
The world of security is getting super weird. And the solutions may be even weirder than the threats. I told you last week that some of the biggest companies in technology have been caught deliberately introducing potential vulnerabilities into mobile operating systems and making no effort to inform users. One of those was introduced into […] more…Android Malware Appears Linked to Lazarus Cybercrime Group
The McAfee Mobile Research team recently examined a new threat, Android malware that contains a backdoor file in the executable and linkable format (ELF). The ELF file is similar to several executables that have been reported to belong to the Lazarus cybercrime group. (For more on Lazarus, read this post from our Advanced Threat Research […] more…Physical Theft Meets Cybercrime: The Illicit Business of Selling Stolen Apple Devices
by Fernando Mercês and Mayra Rosario Fuentes Online scams and physical crimes are known to intersect. In an incident last May, we uncovered a modus operandi and the tools they can use to break open iCloud accounts to unlock stolen iPhones. Further research into their crossover revealed how deep it runs. There’s actually a sizeable […] more…How KRACK Threatens Wi-Fi’s Security Underpinnings and What It Means for You
If you grew up before, or even during the 90s, you were familiar with a world of cords. A cord for the telephone, a cord for the CD player and a cord — of course — for the internet. But around the late 80s and early 90s, things started to change. Cashier systems gained a […] more…A Closer Look at North Korea’s Internet
By Vladimir Kropotov, Philippe Z Lin, Fyodor Yarochkin and Feike Hacquebord Introduction North Korea’s presence on the internet is commonly perceived as something that only goes one way: hackers go out, nothing gets in. Incidents like the Sony Pictures hack in 2014 and a couple of global bank heists were reported to be the work of North […] more…5 Tips for Avoiding Android Malware
The ubiquity of mobile phones has created a unique opportunity for cybercriminals. They now have a way of accessing both our money and personal information without us realizing it by distributing risky apps that we often willingly download. Many of the most dangerous apps target Android devices, and there are a few good reasons why. […] more…Staying Anonymous on the Blockchain: Concerns and Techniques
With Bitcoin at one point valued at more than $5,000 per unit, cryptocurrencies have excited a lot of interest from individuals, businesses, and hackers. One of the selling points of Bitcoin and others of its type is anonymity. Yet there are concerns that online currency transactions may not be as anonymous as many wish. In […] more…Dnsmasq: A Reality Check and Remediation Practices
Dnsmasq is the de-facto tool for meeting the DNS/DHCP requirements of small servers and embedded devices. Recently, Google Security researchers identified seven vulnerabilities that can allow a remote attacker to execute code on, leak information from, or crash a device running a Dnsmasq version earlier than 2.78, if configured with certain options. Based on Censys and Shodan data, […] more…The Future of Cyber Safety: Could Artificial Intelligence Be The Silver Bullet?
Stay Safe Online Week 2017 Cyber safety: outsourcing to experts makes such sense! Like most multi-tasking millennium mums, I’m a BIG fan of outsourcing: ironing, cleaning and gardening – it just makes such sense! Why not get an expert involved so you can focus on the things you love? Smart, I say! But did you […] more…More information
- ST07: Protecting IP in Healthcare with Andrew Lancashire and Sumit Sehgal
- DEF CON 22 Turns up the Heat on Devices
- Russia-Linked Attacks on Political Organizations Continue
- PeopleSoft Vulnerabilities Elevate ERP Security Issues
- Enlisting Employees to Fight Cyber Threats
- Cisco Patches Critical Vulnerability in Firewall Management Platform
- App Stores that Formerly Coddled ZNIU Found Distributing a New iXintpwn/YJSNPI Variant
- What’s In Your Water Now? Hackers
- Microsoft Loop cheat sheet
- Hadoop Buyer’s Guide