A newly observed version of the TrickBot banking Trojan includes a worm-like malware propagation module that allows it to spread locally via Server Message Block (SMB), Flashpoint security researchers warn. Built by the Dyre gang, TrickBot emerged last summer when it was still under development, but quickly became a fully-operational threat. By the end of […]
A vulnerability dubbed by researchers “Devil’s Ivy,” which exists in an open source library present in the products of many companies, could affect millions of security cameras and other Internet of Things (IoT) devices. The flaw, a stack-based buffer overflow, was discovered by IoT security startup Senrio in a camera from Axis Communications, one of […]
Google is taking another step to better protect users from malicious third-party web applications: it is now warning users of newly created web apps and Apps Scripts that are pending verification. The move follows a series of similar protective measures the Internet giant announced earlier this year, after many of its users were hit by […]
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was […]
When a ransomware outbreak exploded from Ukraine across Europe yesterday, disrupting companies, government agencies, and critical infrastructure, it at first appeared to be just another profit-focused cybercriminal scheme—albeit a particularly vicious and damaging one. But its origins in Ukraine raised deeper questions. After all, shadowy hackers have waged a cyberwar there for years, likely at […]
Industrial companies from around the world have been targeted in phishing attacks believed to have been launched by cybercriminals located in Nigeria, Kaspersky Lab reported on Thursday. In October 2016, Kaspersky’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) noticed a significant increase in malware infection attempts aimed at industrial organizations in the metallurgy, […]
Security researchers have discovered a new vulnerability caught leaking vast swathes of personal information from legitimate mobile applications found on both Apple and Google marketplaces, with fears rising the compromised data could be used to fuel future cyberattacks. Experts from Appthority, a security firm, found 43 terabytes-worth of exposed data and more than 1,000 applications […]
News Overview Thanks to IoT botnets, DDoS attacks have finally turned from something of a novelty into an everyday occurrence. According to the A10 Networks survey, this year the ‘DDoS of Things’ (DoT) has reached critical mass – in each attack, hundreds of thousands of devices connected to the Internet are being leveraged. The fight […]
A bug in the Twitter social network allowed an attacker to post tweets as a different user without having access to the victim’s account. Discovered by a security researcher going by the name of kedrisec, the issue was reported to Twitter on February 26 and was resolved two days later. The vulnerability was assessed High […]
You may be already aware that on May 12, 2017 many of Microsoft’s customers around the world and the critical systems they depend on were victims of malicious “WannaCrypt” software. Seeing businesses and individuals affected by cyber attacks, such as the ones reported today, was painful. Microsoft worked throughout the weekend to ensure they understood […]
