Malware

Reducing cyber risk in industrial control systems with advanced network segmentation

The ISA99/IEC 62443 portfolio of standards has emerged as a leading framework for cybersecurity in ICS and SCADA and was referenced in the recent Presidential Framework.

Beazley: employee errors root of most data breaches, but malware incidents cost more

By

Insurance firm Beazley analyzed more than 1,500 data breaches it serviced between 2013 and 2014.

Malvertising campaign targets Israeli news outlets

By

The recently discovered campaign is using The Times of Israel and The Jerusalem Post to expose users to the Zemot Trojan.

Two Russian cybercriminals nabbed in Android malware scheme

By

Two men were arrested for stealing money from victims' bank accounts after sending malicious emails offering a romantic gift.

TorrentLocker developers patch error

By

Victims had been able to restore encrypted files without paying a ransom.

Home Depot: breach risks 56M payment cards, 'unique' malware used

By

Home Depot confirmed that approximately 56 million payment cards may have been compromised as result of a malware attack.

Watering hole attack targets website visitors of oil and gas start-up

Watering hole attack targets website visitors of oil and gas start-up

By

Malware capable of avoiding detection targets a narrow audience but may see an improved success rate.

Windseeker app spies on chats using injection, hooking techniques

Windseeker app spies on chats using injection, hooking techniques

By

The Android app targets Chinese users, but its malicious techniques could become more widespread in the mobile arena, a security firm warns.

VBA malware on rise, templates make it easier to write code

VBA malware on rise, templates make it easier to write code

By

Researchers at SophosLabs found an uptick in VBA samples in July.

Analysts spot 'Critolock,' ransomware claims to be CryptoLocker

By

Trend Micro noted several differences between Critolock and CryptoLocker, however.

Citadel used in APT attacks against petrochemical firms

Citadel used in APT attacks against petrochemical firms

By

In an interesting twist, financial malware Citadel was used to infect firms outside of the finance sector via APT attacks, Trusteer found.

How to use crowd-sourced threat intelligence to stop malware in its tracks

Threat sharing networks have been around for a long time, however they have typically been "invitation-only", available to only large companies, or those within a particular industry.

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

By

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

'Moafee' and 'DragonOK' APT groups leverage similar attack tools, techniques

By

FireEye investigated the "production line" approach taken up by various APT groups infiltrating organizations.

The art of the test: Is your network security ready for the real world?

Often, the best way to make sure something works is to try it out. When it comes to network security, trying it out before an attacker does is an excellent idea.

Researchers analyze phishing campaign spreading 'vawtrak' malware

By

Experts have discovered a phishing campaign that targets users with a phony PDF attachment that leads to the vawtrak malware.

Salesforce warns of Dyre malware possibly targeting users

Salesforce warns of Dyre malware possibly targeting users

By

Salesforce posted a notification that its users are possibly being targeted by Dyre malware and offered some recommendations to avoid the threat.

BlackPOS malware that struck Target also linked to Home Depot breach, report says

BlackPOS malware that struck Target also linked to Home Depot breach, report says

By

The same malware that reportedly struck Target also hit Home Depot's POS systems, a new report from Brian Krebs reveals.

Social engineering campaign leads to malicious Chrome extension

By

Security experts have discovered a social engineering ruse that installs a malicious Google Chrome extension to lure victims in a click fraud campaign.

APT group adapts Windows backdoor to target Mac computers

APT group adapts Windows backdoor to target Mac computers

By

The backdoor, called "XSLCmd," was detected in earlier attacks on Windows systems, FireEye found.

CMS says no consumer data exposed in Healthcare.gov test server hack

By

A server used to test new code was hacked in July to drop malware intended for DDoS attacks.

Goodwill announces breach, more than 800K payment cards compromised

Goodwill announces breach, more than 800K payment cards compromised

By

Goodwill confirmed that payment card data was accessed following a malware attack on a third-party vendor used in about 10 percent of its stores.

'KorBanker' steals SMS messages, takes authentication codes in the process

'KorBanker' steals SMS messages, takes authentication codes in the process

By

Android devices in Korea have primarily been impacted by the malware.

Researchers observe more than a hundred connections to 'Backoff' sinkhole

By

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

News briefs: The latest on Sony, Android, Backoff malware and more.

News briefs: The latest on Sony, Android, Backoff malware and more.

By

This month's news briefs cover a preliminary settlement Sony will bear for the exposure of 77 million customers, and more.

Threat of the month: SVPENG

Threat of the month: SVPENG

We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.

Protecting email both ways

Protecting email both ways

By

Protecting your organization from attacks brought into the system by email is an ongoing challenge, says Peter Stephenson, technology editor.

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

By

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm RAT

By

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.

Experts discover variant of BIFROSE backdoor in targeted attack

By

A variant of the BIFROSE backdoor which is more evasive than its predecessor has been discovered by experts.

Sign up to our newsletters

POLL