Research

With RATs at their disposal, 419 scammers target businesses

With RATs at their disposal, 419 scammers target businesses

By

A new report reveals how Nigeria's 419 scammers are spreading malware to pocket business funds.

Wall Street Journal website vulnerable to SQL injection, gets hacked

By

The Wall Street Journal confirmed on Tuesday that an outside party exploited a vulnerability and hacked into its new graphics systems.

DDoS attacks remain up, stronger in Q2, report says

DDoS attacks remain up, stronger in Q2, report says

By

Prolexic's second quarter DDoS report noted the proliferation of shorter attacks that ate up more bandwidth.

Angler Exploit Kit delivers Tor-using Critroni ransomware

By

The command-and-control for a new ransomware identified by Microsoft as Critroni is hidden on the Tor network.

Op Emmental spoofs bank sites, uses Android malware to maintain account access

Op Emmental spoofs bank sites, uses Android malware to maintain account access

By

On Tuesday, Trend Micro released a report detailing Operation Emmental, which targets victims in Austria, Switzerland, Sweden and Japan.

Breaches driving organizational security strategy, survey indicates

Breaches driving organizational security strategy, survey indicates

By

CyberArk interviewed 373 IT security executives and other senior management in North America, Europe and the Asia-Pacific as part of its eighth annual Global Advanced Threat Landscape survey.

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

Diluting data profiles with obfuscation, a hot topic at HOPE X hacker conference

By

Daniel Howe spoke about obfuscation and presented a couple of tools that he helped create at hacker conference HOPE X.

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

Report: Old bugs in Microsoft XML still haunt users, program 'most exposed'

By

A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.

'Neverquest' banking trojan evolves as U.S. attacks continue

By

On Wednesday, Symantec released details on the malware's developed features.

Russian espionage malware adapted for ransomware scams

Russian espionage malware adapted for ransomware scams

By

Sentinel Labs dubbed the repurposed malware "Gyges."

Certificates associated with malware added to SSL Blacklist

By

As of Wednesday afternoon, 127 SSL certificates associated with malware and botnet activities have been blacklisted.

Compromised Japanese porn websites distribute banking trojan

Compromised Japanese porn websites distribute banking trojan

By

Popular Japanese adult websites have been compromised to distribute the Aibatook banking trojan, a threat that could make its way to the U.S.

Pushdo botnet gets DGA update, over 6,000 machines host new variant

Pushdo botnet gets DGA update, over 6,000 machines host new variant

By

In less than a day, over 6,000 infected machines were updated with the new Pushdo variant.

Google creates 'Project Zero' team to protect the internet

By

Google has hired a team of researchers who will be dedicated to digging up vulnerabilities, malware and other threats to internet users.

Active Directory flaw opens enterprise services to unauthorized access

Active Directory flaw opens enterprise services to unauthorized access

By

Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

Survey: 77 percent of IT staffers have incorrectly reported the cause of a security incident

By

An Emulex survey revealed that 77 percent of IT staffers have incorrectly reported the root cause of a security incident to their executive team.

Fraudsters market new malware Kronos on underground

Fraudsters market new malware Kronos on underground

By

Trusteer warns that the financial malware was first advertised last week on a major underground forum.

Zberp evolves, spreads through phishing campaign

By

Zberp malware was developed from the source code of Zeus and financial malware Carberp.

A possible attempt to revive the Gameover Zeus botnet

By

The Gameover variant of the nefarious Zeus trojan was disrupted in early June, but researchers with Malcovery are observing a return.

After takedown efforts, Cryptolocker fate still "undetermined," firm says

By

BitDefender, the firm that discovered the ransomware, detailed Cryptolocker's chances of making a comeback.

NightHunter campaign dates back to 2009, targets credentials and other data

NightHunter campaign dates back to 2009, targets credentials and other data

By

Using phishing emails, attackers are targeting various industries with unique keylogger malware as part of an ongoing campaign, NightHunter, that dates back to 2009.

Study: Security not prioritized in critical infrastructure, though most admit compromise

Study: Security not prioritized in critical infrastructure, though most admit compromise

By

Nearly 70 percent of critical infrastructure organizations said they experienced a security compromise in the last year.

Two new Boleto malware families discovered

Two new Boleto malware families discovered

By

Trusteer, an IBM company, revealed details on the bolware variants, which employ new tactics to manipulate web pages used for Boletos transactions.

Kaspersky quickly addresses XSS flaw impacting company website

By

A cross-site scripting flaw impacting a Kaspersky website was quickly addressed by the security software company.

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

Gmail iOS app vulnerable to MitM attack, emails and credentials at risk

By

Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.

Facebook disrupts cryptocurrency-mining botnet Lecpetex

Facebook disrupts cryptocurrency-mining botnet Lecpetex

By

Lecpetex attackers may have infected up to 250,000 computers, Facebook revealed.

Attackers brute-force POS systems utilizing RDP in global botnet operation

Attackers brute-force POS systems utilizing RDP in global botnet operation

By

Thousands of infected computers around the world are being used to brute-force point-of-sale systems utilizing remote desktop protocols.

Study: AV, anti-malware most used controls for APT defense

Study: AV, anti-malware most used controls for APT defense

By

Ninety-six percent of security pros employed AV and anti-malware solutions to protect data from APT attacks, while protections for mobile entry points fell at the bottom of the list.

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

Nude pics, other data, recovered from 'wiped' Android phones purchased on eBay

By

After purchasing 20 "wiped" Android smartphones on eBay, AVAST researchers were able to restore photos and other personal information.

Advanced attack group Deep Panda uses PowerShell to breach think tanks

Advanced attack group Deep Panda uses PowerShell to breach think tanks

By

CrowdStrike revealed that the attack group is now targeting sensitive data about political affairs in Iraq.

Sign up to our newsletters

POLL