Pawn Storm C&C Redirects to Trend Micro IP Address
Our monitoring of Operation Pawn Storm has led us to an interesting finding: the domain we previously reported hosting the Java 0-day used in the latest Pawn Storm campaign was modified to now lead to a Trend Micro IP address. Our investigations have shown that our systems have not been attacked or compromised. The attackers have […] more…Adobe patches zero-day Flash Player flaw used in targeted attacks
Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group. Over the past several weeks, a hacker group identified as APT3 by security firm FireEye has used the vulnerability to attack organizations from the aerospace, defense, construction, engineering, technology, telecommunications […] more…Hacking With Pictures; New Stegosploit Tool Hides Malware Inside Internet Images For Instant Drive-by Pwning
Go online for five minutes. Visit a few webpages. How many pictures do you see? With the media rich nature of the web, chances are your answer is in the hundreds. It is in this space the future of malicious cyber attacks could be embedded. In a presentation at Hack In The Box in Amsterdam, […] more…Apache Cordova fixes flaw that could cause apps to crash
A fix has been released for a vulnerability in a widely used piece of code in Android devices, which could cause apps to crash or display unwanted dialog boxes. The flaw lies in Apache Cordova, which is a set of APIs (application programming interfaces) that let developers access functions such as a camera or accelerometer […] more…Former virus writer open-sources his DIY combination lock-picking robot
Back in 2005, a youngster called Samy Kamkar wrote a JavaScript virus for MySpace. This time, he’s made a DIY lock-picking robot – and you can make one too, if you like. more…How to mitigate 85% of threats with only four strategies
The Australian Signals Directorate Top35 list of mitigation strategies shows us that at least 85% of intrusions could have been mitigated by following the top four mitigation strategies together. These are: application whitelisting, updating applications, updating operating systems and restricting administrative privileges. Kaspersky Lab has technological solutions to cover the first three of these (i.e. […] more…Ad Network Compromised, Users Victimized by Nuclear Exploit Kit
MadAdsMedia, a US-based web advertising network, was compromised by cybercriminals to lead the visitors of sites that use their advertising platform to Adobe Flash exploits delivered by the Nuclear Exploit Kit. Up to 12,500 users per day may have been affected by this threat; three countries account for more than half of the hits: Japan, the United States, […] more…IT threat evolution in Q1 2015
Q1 in figures According to KSN data, Kaspersky Lab products detected and neutralized a total of 2,205,858,791 malicious attacks on computers and mobile devices in the first quarter of 2015. Kaspersky Lab solutions repelled 469,220,213 attacks launched from online resources located all over the world. Kaspersky Lab’s web antivirus detected 28,483,783 unique malicious objects: scripts, […] more…TROJ_WERDLOD: New Banking Trojan Targets Japan
A new online banking malware with the same technique used in Operation Emmental has been hitting users in Japan. Detected as TROJ_WERDLOD, this new malware has been causing problems in the country since December 2014 with more than 400 confirmed victims. This threat changes two settings that allows information theft at the network level (i.e., […] more…WordPress Vulnerability Puts Millions of Sites at Risk; Trend Micro Solutions Available
Millions of sites running the popular WordPress blogging platform are at risk from recently discovered zero-day vulnerabilities. These vulnerabilities were discovered by Finland-based security researcher Jouko Pynnönen, and could allow an attacker to execute JavaScript code in the website administrator’s browser window, and can further perform malicious tasks using administrator’s privileges. The attacker can even […] more…Facebook login system blocked by Great Firewall of China causing DDoS panic
China’s Great Firewall has been intercepting the Javascript module from Facebook Login, redirecting users to an unexpected pair of websites. more…Poor WordPress documentation trips developers, yields plug-ins with XSS flaw
Ambiguous WordPress documentation led many plug-in and theme developers to make an error that exposed websites to cross-site scripting (XSS) attacks. Such attacks involve tricking a site’s users into clicking on specially crafted URLs that execute rogue JavaScript code in their browsers in the context of that website. The impact depends on the user’s role […] more…Without a Trace: Fileless Malware Spotted in the Wild
Improvements in security file scanners are causing malware authors to deviate from the traditional malware installation routine. It’s no longer enough for malware to rely on dropping copies of themselves to a location specified in the malware code and using persistence tactics like setting up an autostart feature to ensure that they continue to run. […] more…Simda’s Hide and Seek: Grown-up Games
On 9 April, 2015 Kaspersky Lab was involved in the synchronized Simda botnet takedown operation coordinated by INTERPOL Global Complex for Innovation. In this case the investigation was initially started by Microsoft and expanded to involve a larger circle of participants including TrendMicro, the Cyber Defense Institute, officers from the Dutch National High Tech Crime […] more…Wider use of HTTPS could have prevented attack against GitHub
The unique attack method used to disrupt the code-sharing site GitHub over the last week could have been prevented if more websites enabled encryption, the Electronic Frontier Foundation (EFF) said Wednesday. The attack against GitHub was enabled by someone tampering with regular website traffic to unrelated Chinese websites, all of which used a JavaScript analytics […] more…NewPosThings Has New PoS Things
Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher. The 64-bit version is out Similar to the previous 32-bit version reported last year, the 64-bit sample is […] more…More information
- PoC Published for Fortinet Vulnerability as Mass Exploitation Attempts Begin
- Microsoft Visual Basic for Applications DLL Loading Arbitrary Code Execution Vulnerability
- A Safer Internet for You, Your Family, and Others Too
- Apple hits Flashback trojan with second Java update
- Twitch.TV to broadcast Ultra Music Festival this weekend. Just change your password before then.
- Netcraft Raises $100M, Hires New CEO for Global Expansion
- Exploit for Recently Patched Flash Flaw Added to Magnitude EK
- Judge hints at jail time for porn troll Prenda Law over identity theft
- Microsoft .NET Framework CVE-2012-4777 Remote Privilege Escalation Vulnerability
- Nintendo Switch hackers show hacking for mischief is alive and well