La virtualización empieza a ser insuficiente considerando que nos enfrentamos a malware cada vez más “consciente” de técnicas de sandboxing. Una de las charlas Virus Bulletin esta semana estuvo relacionada con las principales estrategias utilizadas en los códigos maliciosos para detectar los sandbox y las consecuencias en los resultados de los análisis.
This week, a serious software vulnerability, which rapidly became known as the ‘Bash Bug’ or ‘Shellshock’ dominated the headlines, as two other faked news stories showed that hoaxes can fool the world very easily these days.
State organizations and private businesses from various sectors in Ukraine and Poland have been targeted with new versions of BlackEnergy, a malware that’s evolved into a sophisticated threat with a modular architecture.
This week offered a lesson in how cybercriminals follow the news, and time their attacks to dupe the unwary – with several different attacks aimed at iPhone fans, in the week where Apple unveiled its iPhone 6.
Online criminals are spamming out messages claiming that invoices are overdue. But attached to the emails are .ARJ files containing a malicious payload – don’t allow your computer to become infected.
This week, American chain Home Depot admitted its systems had been breached, Gmail users got a fright, and a series of videos showed leaks in Android chat apps. Meanwhile, Facebook freaked out the world…. again.
A strain of malware which previously targeted banks has turned its attention to users of the popular Customer Relationship Management (CRM) software Salesforce, used by 100,000 organizations worldwide.
Anyone who has visited popular domains such as YouTube.com, Amazon.com or Ads.Yahoo.com could be a victim of a new, mutating malware attack distributed through the adverts displayed on the sites.
Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While
Shoppers at Home Depot stores may have had their credit card details leaked online, after a massive batch of card information went on sale on a criminal internet site this week – and veteran security reporter Brian Krebs warns it may be the biggest leak yet.
As many as 18 top cybercrime experts from around the world will form a new Joint Cybercrime Action Task Force based in the Hague, which will target “top-level criminals”.
Gamers and cellphone users were targeted by criminal groups around the world this week – while retailers continued to suffer at the hands of POS malware, and a phishing campaign highlighted just how hot Bitcoin is right now.
More than a thousand U.S. businesses have been affected by point-of-sale malware – malicious software written specifically for online fraud, to steal information such as credit card details from businesses and their customers.
One of the most important pieces of advice we give Android users is to refrain from downloading applications from dubious sources and to stick to the official Google Play store, where malware does show up from time to time but is much better controlled, thanks to the Google Bouncer, than on alternative app stores.
Cybercriminals are waging a game of ‘cat and mouse’ with corporations, well-armed with malware protection AV software but facing adversaries who scan constantly for weak points, according to the first quarterly report released by the UK’s new Computer Emergency Response Team.
The risks of using government use of malicious code in cyber conflict are examined in this paper by Andrew Lee and Stephen Cobb: Malware is called malicious for a reason: the risks of weaponizing code.
New malware targeting point of sale (PoS) systems, detected by ESET as Win32/Spy.Agent.OKG is described in a warning and analysis distributed by US-CERT, a reminder to increase security around PoS access.