Security I Trust, Information Security, IT Security

Antivirus Evasion with Python

July 18, 2019 admin 0 Comments AV

When deploying defense in depth security controls for your organization, you are likely to include antiviruses as part of the

Hacking attack Info

Russian Bears Need Less Than 20 Minutes To Hack Your Data

February 22, 2019 admin 0 Comments

Russian bears lead the way when it comes to gaining enough of a foothold in your networks to perform a

IT Security News

Microsoft: Russia’s Fancy Bear Working to Influence EU Elections

February 22, 2019 admin 0 Comments

As hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and

Info IT Security News

Password Manager Firms Blast Back at ‘Leaky Password’ Revelations

February 22, 2019February 22, 2019 admin 0 Comments

1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory. Secure

Info IT Security News

AV-TEST Awards 2018 go to TrendMicro

February 22, 2019February 22, 2019 admin 0 Comments

Only the best IT protection solutions are contenders for the internationally recognized AV-TEST Awards. After all, with this award, the

IT Security News News

Cryptocurrency Exchange loses access to €130m in funds

February 5, 2019February 5, 2019 admin 0 Comments

Where is the safest place to store cryptocurrency has always been a debated issue, some say offline, others say online,

Info

Cryptomining Malware Uninstalls Cloud Security Products

January 23, 2019January 23, 2019 admin 0 Comments

New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products. Researchers say they have discovered a unique

Info

Google Fined $57M in Largest GDPR Slap Yet

January 23, 2019January 23, 2019 admin 0 Comments

The French Data Protection Authority (DPA) found a lack of transparency when it comes to how Google harvests and uses

Info

Hackers can play with cranes like toys

January 18, 2019January 18, 2019 admin 0 Comments

Why does everyone leave security until the last minute. These risk would not happen if we build system to be

IT Security News News

Bleedingbit

November 2, 2018 admin 0 Comments Bleedingbit, vulnerability

Researchers from the firm Armis identified two bugs, which impact Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki,

← Previous

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings October 10, 2019
In September, security researchers discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution […]
FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops October 10, 2019
We discovered that the online credit card skimming attack known as Magecart or E-Skimming was actively operating on 3,126 online shops. The post FIN6 Compromised E-commerce Platform via Magecart to Inject Credit Card Skimmers Into Thousands of Online Shops appeared first on .
Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches October 9, 2019
October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a […]
New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign October 1, 2019
We found a new modular fileless botnet malware, which we named “Novter,” (also reported and known as “Nodersok” and “Divergent”) that the KovCoreG campaign has been distributing since March. We’ve been actively monitoring this threat since its emergence and early development, and saw it being frequently updated. KovCoreG, active since 2011, is a long-running campaign […]
Gambling Apps Sneak into Top 100: How Hundreds of Fake Apps Spread on iOS App Store and Google Play September 26, 2019
We found hundreds of the fake apps on iOS App Store and Google Play, with descriptions that are inconsistent with their content. While the apps’ descriptions varied, they share the same suspicious behavior: They could transform into gambling apps that may get banned for violating local government regulations and app store policies. The post Gambling […]
Mac Malware that Spoofs Trading App Steals User Information, Uploads it to Website September 20, 2019
We recently found and analyzed a malicious malware variant that disguised itself as a legitimate Mac-based trading app called Stockfolio. We found two variants of the malware family. The first one contains a pair of shell scripts and connects to a remote site to decrypt its encrypted codes while the second sample, despite using a simpler […]
Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads September 19, 2019
By Carl Maverick Pascual (Threats Analyst) Cybercriminals continue to use cryptocurrency-mining malware to abuse computing resources for profit. As early as 2017, we have also observed how they have applied fileless techniques to make detection and monitoring more difficult. On August 2, we observed a fileless cryptocurrency-mining malware, dubbed GhostMiner, that weaponizes Windows management instrumentation... […]
Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites September 18, 2019
We discovered a series of incidents where the credit card skimming attack Magecart was used to hit the booking websites of chain-brand hotels — the second time we’ve seen a Magecart threat actor directly hit ecommerce service providers instead of going for individual stores or third-party supply chains. The post Magecart Skimming Attack Targets Mobile […]
When PSD2 Opens More Doors: The Risks of Open Banking September 17, 2019
We looked into the security implications of the changing banking paradigm with PSD2 in place. Our research highlights the current and new risks that the financial industry will have to defend against, and predict how cybercriminals will abuse and attack Open Banking. The post When PSD2 Opens More Doors: The Risks of Open Banking appeared […]
Skidmap Linux Malware Uses Rootkit Capabilities to Hide Cryptocurrency-Mining Payload September 16, 2019
Skidmap, a Linux malware that we recently stumbled upon, demonstrates the increasing complexity of recent cryptocurrency-mining threats. This malware is notable because of the way it loads malicious kernel modules to keep its cryptocurrency mining operations under the radar. These kernel-mode rootkits are not only more difficult to detect compared to its user-mode counterparts — […]