More Details Regarding the Gizmodo Brazil Compromise
At the tail end of July, we wrote about Gizmodo Brazil being compromised by cybercriminals in order to lead visitors into downloading backdoor malware into their machine. This is of course a very big deal, since it is a rather large and noteworthy website being hacked into – but it’s par for the course for […] more…22 Jump Street, Transformers Are Top Movie Lures for Summer
Summertime has become synonymous with blockbuster movies. Unfortunately, these movies have become a go-to social engineering lure used by cybercriminals. Just like in previous years, Trend Micro engineers searched for possible threats related to movies released during the summer. This year, 22 Jump Street was the top movie used for social engineering. Transformers: Age of […] more…Diving Deep into Mayhem
Malware targeting Linux servers has been increasingly hitting the headlines over the past year. In this post we will present research on an advanced and highly versatile malware operation targeting Linux and FreeBSD servers. We have named the malware family at the heart of this operation GalacticMayhem, as a reference to some of the C&C […] more…Brazilians in the Russian Underground
Monitoring the cybercriminal underground sometimes leads us down some interesting paths. We recently encountered a cybercriminal posting in a Russian underground forum which led to the discovery of more than 136,000 stolen credit card credentials. Help in all the wrong places The trail started with the following post on a Russian underground forum. Figure 1. Post […] more…Crypto certificates impersonating Google and Yahoo pose threat to Windows users
People using Internet Explorer and possibly other Windows applications could be at risk of attacks that abuse counterfeit encryption certificates recently discovered masquerading as legitimate credentials for Google, Yahoo and possibly an unlimited number of other Internet properties. Tags: Yahoo Google Security more…Cloud Services: Holes in Corporate Network Security
The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc. When cloud-based data storage service Dropbox announced a patched vulnerability in its link generator, it once again sparked online discussions about how […] more…Mobile health device market to grow 8X to $42B
Driven by adoption of vital-signs monitoring and in-vitro diagnostic (IVD) devices, the mobile health (mHealth) market will grow eight-fold from $5.1 billion in 2013 to $41.8 billion in 2023, according to a new report. The report, from Lux Research, notes that after a slow start due to regulatory constraints and integration with physician workflows, clinical […] more…Resolved: NFS PASS Gateway (nfs.pass.psu.edu) Service Degradation
Around 3:20 p.m. one of the nfs.pass.psu.edu backend servers stopped working properly. The problem server was restarted and available at 3:30 p.m. Existing and new clients may have received errors during the 10 minute partial failure. Customers using the sftp.personal.psu.edu service may have also been affected. Some users may need to remount PASS if errors […] more…New Banking Malware Uses Network Sniffing for Data Theft
With online banking becoming routine for most users, it comes as no surprise that we are seeing more banking malware enter the threat landscape. In fact, 2013 saw almost a million new banking malware variants—double the volume of the previous year. The rise of banking malware continued into this year, with new malware and even […] more…PlugX RAT With “Time Bomb” Abuses Dropbox for Command-and-Control Settings
Monitoring network traffic is one of the means for IT administrators to determine if there is an ongoing targeted attack in the network. Remote access tools or RATs, commonly seen in targeted attack campaigns, are employed to establish command-and-control (C&C) communications. Although the network traffic of these RATs, such as Gh0st, PoisonIvy, Hupigon, and PlugX, among […] more…The Smartification of the Home, Part 1
Over the past few years, there has been proliferation of intelligent connected devices introduced into homes across the globe. These devices can range from the familiar – such as tablets, smart phones, and smart TVs – to the less familiar, such as utility meters, locks, smoke and carbon monoxide detectors, motion detectors and scales. Other devices, like wearable […] more…Windows Security Feature Abused, Blocks Security Software
We recently discussed the latest attacks affecting users in Japan that were the works of the BKDR_VAWTRAK malware. This malware family combines backdoor and infostealer behaviors and had just added the banking credentials theft to its repertoire. It was also mentioned that this malware tries to downgrade the privileges of security software, including Trend Micro […] more…The five most popular end-user Linux distributions
Sure, on the desktop, Windows still rules. According to Stat Counter’s’ April 2014 data, Windows has about a 90 percent market share. Out of an approximate base of 1.5 billion PCs, that’s about 1.36 billion Windows PCs. So, guess what’s the number two end-user operating system in the world? I’ll give you a minute. <Cue […] more…Ransomware Now Uses Windows PowerShell
We highlighted in our quarterly threat roundup how various ransomware variants and other similar threats like CryptoLocker that now perform additional routines such as using different languages in their warning and stealing funds from cryptocurrency wallets. The addition of mobile ransomware highlights how these threats are continuously improved over time. We recently encountered another variant that used the […] more…Black Magic: Windows PowerShell Used Again in New Attack
The Windows PowerShell® command line is a valuable Windows administration tool designed especially for system administration. It combines the speed of the command line with the flexibility of a scripting language, making it helpful for IT professionals to automate administration of the Windows OS and its applications. Unfortunately, threat actors have recently taken advantage of […] more…Scammer of a Lonely Heart
It’s time for a risqué subject: looking for love on the internet. With a myriad services promising chemistry-driven matches, dating game contestants have flocked to web services and apps. Despite this proliferation of new avenues, those in a particular rush to find company (in the form of ‘No Strings Attached’ encounters) have turned to a […] more…More information
- Help! I Think My Phone’s Been Hacked
- Advent tip #22: Got a new gadget for Christmas? Stop. Think. Connect.
- WarGames for real: How one 1983 exercise nearly triggered WWIII
- Windows bug fixed after 18 years
- Guten-Morgen-Grüße: Whatsapp-Sprüche mit Emojis zum Verschicken
- Microsoft Patches Azure Cross-Tenant Data Access Flaw
- Cybersecurity M&A Roundup for April 12-18, 2021
- Sleep Deprivation Slowly Kills Your Brain
- Microsoft’s reaction to Flame shows seriousness of ‘Holy Grail’ hack
- Security Researchers Discover New Mini ATM Skimmers