Malware


NEWS 
  • InterContinental Hotel Chain Breach Expands

    April 17, 2017

    In December 2016, KrebsOnSecurity broke the news that fraud experts at various banks were seeing a pattern suggesting a widespread credit card breach across some 5,000 hotels worldwide owned by InterContinental Hotels Group (IHG). In February, IHG acknowledged a breach but said it appeared to involve only a dozen properties. Now, IHG has released data showing that ...

  • Callisto Group hackers targeted Foreign Office data

    April 13, 2017

    The UK’s Foreign Office was targeted by highly motivated and well-resourced hackers over several months in 2016. The BBC understands the government has investigated the previously unreported attack that began in April last year. The UK’s National Cyber Security Centre would not say whether data was stolen. But a source told the BBC that the most sensitive Foreign ...

  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day

    April 10, 2017

    This weekend saw multiple reports of a new zero-day vulnerability that affected all versions of Microsoft Word. Today, Proofpoint researchers observed the document exploit being used in a large email campaign distributing the Dridex banking Trojan. This campaign was sent to millions of recipients across numerous organizations primarily in Australia. This represents a significant level of ...

  • Symantec Links Espionage Group to CIA via Tools Exposed by WikiLeaks

    April 10, 2017

    Symantec announced that it had connected at least 40 attacks across 16 countries where tools obtained and exposed by WikiLeaks via the Vault 7 revelations about CIA’s espionage tactics were used. In a lengthy report, Symantec talks about a highly organized group they named Longhorn and which they linked to all these attacks. While stopping short ...

  • New Mirai Variant Carries Out 54-Hour DDoS Attacks

    March 30, 2017

    A variant of the Mirai malware pummeled a U.S. college last month with a marathon 54-hour long attack. Researchers say this latest Mirai variant is a more potent version of the notorious Mirai malware that made headlines in October, targeting DNS provider Dyn and the Krebs on Security website. The IoT botnet behind the DDoS attacks ...

  • Espionage Group Turla Tweaks Carbon Backdoor Malware with New Variants

    March 30, 2017

    Russian espionage group Turla has been working on various tools for years, including several new versions of Carbon, a second stage backdoor malware.  The discovery was made by researchers from ESET who claim that this malware is still under active development. Since the group is well known for changing its tools once they are exposed, it’s ...

  • Banking Malware Source Code Leaked by Author to Gain Credibility Among Hackers

    March 29, 2017

    The source code for a new Trojan called Nuclear Bot has been leaked online, which may spark a rise in attacks against banking services. As it happens almost every time the source code for a malicious program lands online, it is quite likely to see more unskilled cybercriminals launching malware attacks against users. Nuclear Bot first landed ...

  • New Clues Surface on Shamoon 2’s Destructive Behavior

    March 27, 2017

    Researchers on Monday reported progress in piecing together some of the missing pieces of the Shamoon 2 puzzle that have been eluding them when it comes to lateral network movement and execution of the Disttrack malware component used in past campaigns. Shamoon 2 uses a combination of legitimate tools, such as the open source utility PAExec, and ...

  • Apple Pressured to Pay Ransom by Hackers Threatening to Remotely Wipe iPhones

    March 22, 2017

    Apple is currently under pressure to pay a ransom to a group of hackers who are threatening to remotely wipe iPhones. It seems the hackers are identifying themselves as “Turkish Crime Family.” Taking into account just how big Apple is and how deep its pockets go, the hackers only demanded $75,000 in Bitcoin or Ethereum, another ...

  • Personalized spam campaign targets Germany

    March 20, 2017

    A spam campaign Symantec observed in January 2017 targeting people who live in Germany appears to be, once again, using detailed, real personal information to enhance the believability of the messages. Victims who open the message attachments are likely to have their Windows computers infected with malware that steals banking information. First seen in the UK Symantec ...

  • Government Cybersecurity Contractor Hit in W-2 Phishing Scam

    March 17, 2017

    Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that ...

  • Malware infecting Androids somewhere in the supply chain

    March 12, 2017

    Smartphones from Samsung, LG, Xiaomi, ZTE, Oppo, Vivo, Asus and Lenovo have been spotted sporting malware they apparently carried when they were shipped. The malware discovered by Check Point Software Technologies included info-stealers, ransomware like Slocker; Loki, which shows “illegitimate advertisements” to generate revenue while stealing device information; and information stealers. Check Point says it found infections ...

  • Undetectable Mac Malware Proton for Sale on the Dark Web for 40 BTC

    March 6, 2017

    Hackers are now selling malware for Mac devices straight out on the dark web. They claim the malware is undetectable and provides hackers with the ability to take full control over MacOS devices by evading antivirus software. Proton, as it has been named, the malware is a Remote Administration Tool that is currently being sold over ...

  • This hard drive will self destruct. Data-wiping malware targets Europe

    March 6, 2017

    Shamoon—the mysterious disk wiper that popped up out nowhere in 2012 and took out more than 35,000 computers in a Saudi Arabian-owned gas company before disappearing—is back. Its new, meaner design has been unleashed three time since November. What’s more, a new wiper developed in the same style as Shamoon has been discovered targeting a ...

  • New Fileless Malware Uses DNS Queries To Receive PowerShell Commands

    March 5, 2017

    It is no secret that cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine techniques that involve the exploitation of standard system tools and protocols, which are not always monitored. The latest example of such ...

  • Dridex Banking Trojan Gains ‘AtomBombing’ Code Injection Ability to Evade Detection

    March 1, 2017

    Security researchers have discovered a new variant of Dridex – one of the most nefarious banking Trojans actively targeting financial sector – with a new, sophisticated code injection technique and evasive capabilities called “AtomBombing.” On Tuesday, Magal Baz, security researcher at Trusteer IBM disclosed new research, exposing the new Dridex version 4, which is the latest ...

  • Google Discloses Another ‘High Severity’ Microsoft Bug

    February 27, 2017

    Google Project Zero disclosed Monday a “high severity” vulnerability it found in Microsoft’s Edge and Internet Explorer browsers that could allow remote attackers to execute arbitrary code. The revelation adds yet another vulnerability to a growing list of known bugs Microsoft has been warned about, but is leaving unpatched, this month as it grapples with ...

  • Security researchers announce “first practical” SHA-1 collision attack

    February 23, 2017

    Security researchers at the CWI institute in Amsterdam working with a team from Google Research say they have found a faster way to compromise the SHA-1 hash algorithm — announcing what they describe as “the first practical technique for generating a SHA-1 collision” in a blog post today. A ‘collision’ here refers to being able to ...

  • Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare

    February 22, 2017

    A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of ...

  • Malware Attack on Polish Banks Uses Russian as False Flag, Linked to Lazarus

    February 21, 2017

    Hackers involved in the attack on Polish banks seem to have faked some of the code lines, making it seem as if they were Russians. The truth is, however, the lines don’t make sense to native speakers and an online translator may have been used. A recent sophisticated attack campaign targeted financial organizations from many countries, ...