Dissecting Geost: Exposing the Anatomy of the Android Trojan Targeting Russian Banks
The Android banking trojan Geost was first revealed in a research by Sebastian García, Maria Jose Erquiaga and Anna Shirokova from the Stratosphere Laboratory. They detected the trojan by monitoring HtBot malicious proxy network. The botnet targets Russian banks, with the victim count at over 800,000 users at the time the study was published in […] more…Malicious Optimizer and Utility Android Apps on Google Play Communicate with Trojans that Install Malware, Perform Mobile Ad Fraud
By Lorin Wu (Mobile Threats Analyst) We recently discovered several malicious optimizer, booster, and utility apps (detected by Trend Micro as AndroidOS_BadBooster.HRX) on Google Play that are capable of accessing remote ad configuration servers that can be used for malicious purposes, perform mobile ad fraud, and download as many as 3,000 malware variants or malicious […] more…Looking into Attacks and Techniques Used Against WordPress Sites
By David Fiser (Senior Cyber Threat Researcher) WordPress is a well-known open-source content management system (CMS) used for creating websites and personal blogs. The CMS is estimated to be used by 35% of all websites today, which makes it an ideal target for threat actors. A weak point in the platform is all it takes […] more…Cyberthreats to financial institutions 2020: Overview and predictions
Kaspersky Security Bulletin 2019. Advanced threat predictions for 2020 Cybersecurity of connected healthcare 2020: Overview and predictions 5G technology predictions 2020 Corporate security prediction 2020 Key events 2019 Large-scale anti-fraud bypass: Genesis digital fingerprints market uncovered Multi-factor authentication (MFA) and biometric challenges Targeted attack groups specializing in financial institutions: splitting and globalization ATM malware becomes […] more…The cybercrime ecosystem: attacking blogs
Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat landscape to provide a more realistic understanding of why this […] more…Latest Trickbot Campaign Delivered via Highly Obfuscated JS File
by Noel Anthony Llimos and Michael Jhon Ofiaza (Threats Analysts) We have been tracking Trickbot banking trojan activity and recently discovered a variant of the malware (detected by Trend Micro as TrojanSpy.Win32.TRICKBOT.TIGOCDC) from distributed spam emails that contain a Microsoft Word document with enabled macro. Once the document is clicked, it drops a heavily obfuscated […] more…Jet Database Engine Flaw May Lead to Exploitation: Analyzing CVE-2018-8423
In September 2018, the Zero Day Initiative published a proof of concept for a vulnerability in Microsoft’s Jet Database Engine. Microsoft released a patch in October 2018. We investigated this flaw at that time to protect our customers. We were able to find some issues with the patch and reported that to Microsoft, which resulted […] more…‘Twas the night before
Recently, the United States Cyber Command (USCYBERCOM Malware Alert @CNMF_VirusAlert) highlighted several VirusTotal uploads of theirs – and the executable objects relating to 2016 – 2017 NewsBeef/APT33 activity are interesting for a variety of reasons. Before continuing, it’s important to restate yet again that we defend customers, and research malware and intrusions, regardless of their source. […] more…MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
By Daniel Lunghi and Jaromir Horejsi We found new campaigns that appear to wear the badge of MuddyWater. Analysis of these campaigns revealed the use of new tools and payloads, which indicates that the well-known threat actor group is continuously developing their schemes. We also unearthed and detailed our other findings on MuddyWater, such as […] more…Mr. Coffee with WeMo: Double Roast
McAfee Advanced Threat Research recently released a blog detailing a vulnerability in the Mr. Coffee Coffee Maker with WeMo. Please refer to the earlier blog to catch up with the processes and techniques I used to investigate and ultimately compromise this smart coffee maker. While researching the device, there was always one attack vector that […] more…Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info
By: Ranga Duraisamy and Kassiane Westell (Vulnerability Researchers) A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability to steal confidential information or exfiltrate local files from the victim’s machine. Page tested the vulnerability […] more…Kaspersky Security Bulletin 2018. Top security stories
Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of […] more…Shedding Skin – Turla’s Fresh Faces
Turla, also known as Venomous Bear, Waterbug, and Uroboros, may be best known for what was at the time an “ultra complex” snake rootkit focused on NATO-related targets, but their malware set and activity is much broader. Our current focus is on more recent and upcoming activity from this APT, which brings an interesting mix […] more…More information
- Vulnerabilities Found in RTUs Used by European Energy Firms
- Digital Wallets: Safety tips from an industry leader
- Code Execution Flaws Found in WECON Industrial Products
- Maintenance of Internet 2 connectivity
- Preventing cyber security attacks lies in strategic, third-party investments
- Multiple F5 BIG-IP Products CVE-2019-6673 Denial of Service Vulnerability
- EU accuses Google of abusing search dominance, opens Android investigation
- Teacher’s sex tape stolen from hacked Dropbox, posted on school site
- VirusTotal’s Mission Continues: Sharing Knowledge, Protecting Together
- LulzSec hacking suspect Ryan Cleary now faces charges in the USA