Threats and vulnerabilities

Zero-day Telegram vulnerability exploited for cryptomining

Kaspersky Lab disclosed a zero-day vulnerability in Telegram that the security vendor says was abused by Russian cybercriminals in a cryptomining malware campaign. Continue Reading

What can enterprises do to prevent an IoT botnet attack?

An IoT botnet attack on Huawei home routers showed similarities to the Mirai malware. Expert Judith Myerson explains the threat and how enterprises can protect themselves. Continue Reading

What enterprises need to know about ransomware attacks

Ransomware attacks on enterprises are often the result of a company's poor IT hygiene. Expert Joe Granneman looks at attacks like those by WannaCry and SamSam ransomware. Continue Reading

Mobile security issues require a unified approach

Security gaps in mobile devices can be many and varied, but they must be addressed immediately. Unified endpoint management is the next-gen way to close the gaps. Continue Reading

Counter mobile device security threats with unified tools

Attacks on enterprise mobile endpoints are more lethal than ever. To help infosec pros fight back, enterprise mobile management has unified to fortify defenses. Continue Reading

Risk & Repeat: Cryptomining malware on the rise

In this week's Risk & Repeat podcast, SearchSecurity editors discuss how the threat of cryptomining malware is evolving and what it means for enterprises and infosec vendors. Continue Reading

Cryptojacking malware using EternalBlue to build botnets

Proofpoint researchers discovered a large Monero mining botnet that uses EternalBlue to spread, and it isn't the first time the Windows flaw has been used for cryptojacking. Continue Reading

Hackers use ATM jackpotting technique to steal $1M in US

News roundup: Hackers used ATM jackpotting attacks to steal over $1M in the U.S. Plus, a fitness tracking app accidentally exposed the locations of military bases, and more. Continue Reading

NotPetya malware: How does it detect security products?

Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the malware's tricks work. Continue Reading

Meltdown and Spectre malware discovered in the wild

Nearly 140 samples of malware that exploit the Meltdown and Spectre vulnerabilities have been discovered by AV-TEST, but most samples are based on existing proof-of-concept code. Continue Reading

RSA-1024 keys: How does a Libgcrypt vulnerability expose them?

A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific parts of the algorithm work. Continue Reading

CopyCat malware: How does this Android threat operate?

Check Point researchers discovered new Android malware named CopyCat, which has infected 14 million devices. Learn how this malware works and how it spread from expert Nick Lewis. Continue Reading

How does credential stuffing enable account takeover attacks?

Credential stuffing activity is outpacing the growth of other cyberattacks and enabling account takeover attacks. Akamai Technologies' Patrick Sullivan explains the threat. Continue Reading

Containing ransomware outbreaks now a top infosec priority

Prepping for and dealing with an outbreak of ransomware is the IT version of the flu shot. Learn how company systems and data from these potentially deadline infections. Continue Reading

Trisis ICS malware was publicly available after attack

The Trisis ICS malware used in a cyberattack on an oil and gas company in Saudi Arabia in December has been publicly available for weeks after being copied by unknown actors. Continue Reading

The strange case of the 'HP backdoor' in Lenovo switches

Lenovo's discovery of an authentication bypass, literally titled "HP backdoor," within its networking switches brings unsettling implications for the IT industry. Continue Reading

AMD backtracks on Spectre vulnerabilities, plans microcode updates

AMD initially believed the Spectre vulnerabilities posed "near zero risk" to its chip, but the company this week reversed course and is planning microcode updates for its products. Continue Reading

Fancy Bears hackers target International Olympic Committee

News roundup: The hacking group called Fancy Bears claims to have hacked the Olympics again. Plus, a former NSA contractor pleads guilty to stealing government data, and more. Continue Reading

What went wrong with the Dirty COW vulnerability patch?

A patch was issued for the Dirty COW vulnerability, but researchers later discovered problems with the patch. Expert Judith Myerson explains what went wrong. Continue Reading

Risk & Repeat: Meltdown and Spectre vulnerabilities shake industry

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the discovery of the Meltdown and Spectre vulnerabilities and their effect on information security. Continue Reading

Intel keynote misses the mark on Meltdown and Spectre vulnerabilities

With CEO Brian Krzanich's keynote at the 2018 Consumer Electronics Show, Intel missed an opportunity for the Meltdown and Spectre vulnerabilities. Continue Reading

Intel CPU flaw gets third-party patch but no details

Release of a third-party patch for a mysterious Intel CPU flaw led to many questions but few answers, and details on the issue may not be imminent. Continue Reading

North Korea's Lazarus Group sets sights on cryptocurrency

Researchers believe North Korean nation-state hackers from the Lazarus Group are targeting cryptocurrency exchanges and owners in a wave of financially motivated attacks. Continue Reading

Cryptocurrency exchanges increasingly targeted by cyberattacks

News roundup: Cryptocurrency exchanges are folding because of targeted cyberattacks. Plus, five hackers were arrested in connection with international ransomware attacks, and more. Continue Reading

Risk & Repeat: Cryptojacking looms amid the bitcoin boom

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the rising threat of cryptojacking and how hackers can steal computing power from unsuspecting users. Continue Reading

Brutal Kangaroo: How does it hop to air-gapped computers?

The CIA Vault 7 cache exposed the Brutal Kangaroo USB malware, which can be spread to computers without an internet connection. Learn how this is possible with expert Nick Lewis. Continue Reading

Get the best botnet protection with the right array of tools

Enterprise anti-botnet defenses, to be effective, must be added in multiple layers. No single security product will do the trick, but the right combo of tools can. Continue Reading

Triton framework used in industrial control attacks

Security researchers discovered new ICS attacks using the Triton framework that may have been nation-state-sponsored and intended to cause real-world damage. Continue Reading

How can a local file inclusion attack be stopped?

A botnet-based local file inclusion attack targeted IBM X-Force customers. Expert Judith Myerson explains how these attacks work and how enterprises can defend against them. Continue Reading

How does port swapping work to bypass two-factor authentication?

With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the attacks work and how to stop them. Continue Reading

BlueBorne vulnerabilities: Are your Bluetooth devices safe?

Armis Labs discovered a series of vulnerabilities that enables remote connection to Bluetooth devices. Learn more about the BlueBorne vulnerabilities with expert Matt Pascucci. Continue Reading

PGP keys: Can accidental exposures be mitigated?

The accidental publication of an Adobe private key could have put the company in jeopardy. Matt Pascucci explains how it happened and how to better protect PGP keys. Continue Reading

Yahoo data breach hacker pleads guilty to cybercrime charges

One of the Yahoo data breach hackers pleaded guilty to his involvement in the attack. Plus, the FBI failed to notify U.S. officials that they were targets of Fancy Bear, and more. Continue Reading

Cyberthreats, cyber vulnerabilities, and how to fight back

The key to countering cyberthreats today is to first understand your biggest vulnerabilities and then research the most effective countermeasures available to minimize them. Continue Reading

How can Intel AMT be used to bypass the Windows firewall?

Software developed by the hacking group Platinum takes advantage of Intel AMT to bypass the built-in Windows firewall. Expert Michael Cobb explains how it works. Continue Reading

Scarab ransomware joins with Necurs botnet for faster spread

The Scarab ransomware received an upgrade, and researchers have seen it being spread via the Necurs botnet, meaning the malware can spread to millions in a handful of hours. Continue Reading

Uber breach affected 57 million users, covered up for a year

A 2016 Uber breach affecting data for 57 million users was covered up by the company, including a $100,000 payment to the attackers to keep the incident quiet. Continue Reading

Ransomware recovery methods: What does the NIST suggest?

Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST recommends for enterprises. Continue Reading

Kaspersky sheds more light on Equation Group malware detection

A lengthy Kaspersky report offers more insight into how the antivirus company discovered Equation Group malware and came to possess classified U.S. government data. Continue Reading

AVGater abuses antivirus software for local system takeover

A new proof-of-concept exploit, called AVGater, has found a way to abuse antivirus quarantines to attack systems and gain full control. Continue Reading

Email security issues: How to root out and solve them

Effectively tackling email security issues requires infosec pros to address a broad range of areas, including cloud, endpoints, user training and more. Continue Reading

WireX botnet: How did it use infected Android apps?

To avoid a mobile device catastrophe, several large tech organizations came together to stop the WireX botnet. Learn how this Android botnet with 300 infected apps was stopped. Continue Reading

The Equation Group malware mystery: Kaspersky offers an explanation

Kaspersky Lab finally explained how it came to possess Equation Group malware, but does the company's latest statement answer enough questions about the ongoing drama? Continue Reading

The Basics of Cyber Safety

In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security. Continue Reading

Bad Rabbit ransomware data recovery may be possible

Security researchers found a way to recover data locked by the Bad Rabbit ransomware without paying, and others said money might not have been the driver of the attacks. Continue Reading

DUHK attack puts random number generators at risk

News roundup: Researchers find DUHK attacks can get around encrypted communications. Plus, FBI Director Wray criticizes mobile device encryption, and more. Continue Reading

EternalRocks malware: What exploits are in it?

When NSA cyberweapons went public, attackers bundled them into the EternalRocks malware. Nick Lewis takes a closer look at this new threat and explains what's lurking inside. Continue Reading

Bad Rabbit ransomware attacks planned long ago

The new Bad Rabbit ransomware spread through Russia and Ukraine, drawing comparisons to NotPetya, and researchers say the attacks were planned for a long time. Continue Reading

DHS' Dragonfly ICS campaign alert isn't enough, experts say

The Department of Homeland Security released an alert confirming the Dragonfly ICS cyberattack campaign, but experts said more action is needed to protect critical infrastructure. Continue Reading

HP keylogger: How did it get there and how can it be removed?

A keylogging flaw found its way into dozens of Hewlett Packard laptops. Nick Lewis explains how the HP keylogger works and what can be done about it. Continue Reading

Latest Kaspersky controversy brings new questions, few answers

The Kaspersky controversy continued this week as the antivirus company responded to several explosive news stories about its relationship with the Russian government. Continue Reading

Risk & Repeat: Kaspersky antivirus scans implicated in NSA breach

In this week's Risk & Repeat podcast, SearchSecurity editors discuss reports implicating Kaspersky antivirus scans in the recently disclosed breach at the National Security Agency. Continue Reading

How does Google Play Protect aim to improve Android security?

Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works. Continue Reading

How are Windows shortcut files vulnerable to attacks?

A Windows vulnerability targets shortcut files and enables hackers to automatically execute code. Expert Judith Myerson explains the flaw and how to stop it. Continue Reading

How does the Ursnif Trojan variant exploit mouse movements?

A new version of the Ursnif Trojan uses mouse movements to bypass security efforts by beating sandbox detection. Expert Matthew Pascucci explains how this technique works. Continue Reading

Proof-of-concept iOS exploit released by Google's Project Zero

Google's Project Zero released a proof-of-concept iOS exploit similar to the Broadpwn Wi-Fi flaw that could allow an attacker to run code or implant a backdoor. Continue Reading

New WordPress malware: What to do about WP-Base-SEO

A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to avoid it. Continue Reading

Ransomware attackers using more sophisticated techniques

At the (ISC)2 Security Congress, infosec professionals warned of sophisticated ransomware attackers that are using more advanced techniques to encrypt entire networks. Continue Reading

PINLogger: How does this exploit steal PINs?

The proof-of-concept PINLogger attack exploits mobile device sensors to steal PINs. Nick Lewis explains how the attack works and offers advice on how to stop it. Continue Reading

Hajime IoT worm: Is it pure malware or vigilante malware?

The Hajime IoT worm aims to help users tighten up security, whether they want to or not, but it's probably not a good security strategy. Expert Nick Lewis explains the risks. Continue Reading

DerbyCon cybersecurity conference is unique and troubling

Walking up to DerbyCon 7.0 cybersecurity conference it immediately has a very different feel from the "major" infosec conferences. Attendees would never be caught loitering outside of the Black Hat ... Continue Reading

Users plagued by iOS app security issues, according to new research

News roundup: Researchers uncovered a large number of iOS app security risks. Plus, Viacom exposed its critical data through a misconfigured AWS S3 bucket, and more. Continue Reading

Undocumented Word feature could lead to system information theft

An undocumented Word feature found by Kaspersky Lab could lead to system information theft and affects users on both PCs and mobile devices. Continue Reading

How does BrickerBot threaten enterprise IoT devices?

BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it. Continue Reading

CCleaner malware spread via supply chain attack

CCleaner malware was spread to users via an infected software update for close to one month, highlighting the dangers of supply chain attacks and the need for code signing. Continue Reading

BlueBorne Bluetooth vulnerabilities affect billions of devices

A set of eight Bluetooth vulnerabilities, branded together as BlueBorne, affect billions of devices and could be one of the most dangerous issues, according to experts. Continue Reading

How can memory corruption attacks threaten smartphones?

Smartphone users could be at risk of memory corruption attacks because of a baseband vulnerability. Expert Michael Cobb explains the attack and how concerned users should be. Continue Reading

How do code-reuse attacks bypass Windows 10 security features?

Certain Windows 10 security features can be bypassed with code-reuse attacks. Expert Michael Cobb explains how that works and what can be done to prevent it. Continue Reading

How is Pegasus malware different on Android than on iOS?

Pegasus malware used to only target iOS devices, but a variant called Chrysaor now goes after Android devices, too. Expert Michael Cobb explains what users need to know about it. Continue Reading

Six new vulnerabilities in Android bootloaders uncovered

News roundup: Researchers used the new BootStomp tool to uncover six vulnerabilities in Android bootloaders. Plus, a new wave of AWS S3 bucket data leaks strikes and more. Continue Reading

Dragonfly 2.0 hacker group seen targeting U.S. power grid

Security researchers claim to be tracking a threat group called Dragonfly 2.0 hacker group that has been attacking critical infrastructure and setting up persistent infections on ICS networks. Continue Reading

Why WannaCry and other computer worms may inherit the earth

A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission. Continue Reading

Interception threatens TLS security; now what?

As global cyberattacks have exploded in recent months, the speed of infection is causing damage, not only to targeted industries and nation states, but to corporate valuations. In June, FedEx warned that the Petya cyberattack, which disrupted operations at its TNT Express subsidiary, may have "material impact" on the company's 2017 financial performance. Merck & Co. Inc., another victim of the cyberattack, issued a similar warning. A Trojan that morphed into a worm, Petya -- sometimes called NotPetya -- brought increased attention to the lack of security fundamentals practiced at major companies.

The majority of these threats enter networks through malware delivered via the internet. However, as the growth of HTTPS deployment continues, some companies are increasingly using Transport Layer Security (TLS) interception by middleboxes to maintain visibility into TLS security and malicious software. Researchers from top universities and technology companies, including Google, Mozilla and Cloudflare, published an HTTPS interception study in April that offered startling statistics on TLS security.

In this issue of Information Security magazine, we look at how worms play a role in advanced persistent threats and the ongoing issues related to HTTPS inspection and TLS security.

 Continue Reading

Spambot email leak compromises 711M records

An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts. Continue Reading

How NotPetya ransomware used legitimate tools to move laterally

WannaCry and NotPetya ransomware woke enterprises up to an expanded threat landscape. Expert Michael Cobb explains these threats and what enterprises can do to stop them. Continue Reading

Why WannaCry and other computer worms may inherit the earth

 Continue Reading

ATMitch malware: Can fileless ATM malware be stopped?

How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it spreads. Continue Reading

DoubleAgent malware could turn antivirus tools into attack vector

DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains how to contain the threat. Continue Reading

Risk & Repeat: Was the DNC hack an inside job?

In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers. Continue Reading

Destruction of service: How ransomware attacks have changed

New ransomware variants have introduced another threat to enterprises. Rob Shapland explains what destruction of service attacks are and how organizations should prepare for them. Continue Reading

How does the MajikPOS malware evade detection?

A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it. Continue Reading

How does CrashOverride malware threaten industrial control systems?

CrashOverride malware targets industrial control systems and can wreak havoc. Expert Judith Myerson explains the capabilities of the malware and what to do to stop it. Continue Reading

Risk & Repeat: MalwareTech indictment raises questions

In this week's Risk & Repeat podcast, SearchSecurity editors explore the FBI's case against security researcher Marcus Hutchins, better known as MalwareTech. Continue Reading

How can VMware vulnerabilities in vSphere expose credentials?

Two VMware vulnerabilities in vSphere Data Protection were recently patched. Expert Judith Myerson explains how the flaws work and how to defend against them. Continue Reading

Libpurple flaw: How does it affect connected IM clients?

The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works. Continue Reading

Ransomware recovery goes beyond data loss for enterprises

Enterprises may see paying up as a quick path to ransomware recovery, but experts said there are many issues to consider when making that choice. Continue Reading

Risk & Repeat: Black Hat 2017 highlights

In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit. Continue Reading

Who are the Shadow Brokers? Signs point to an intelligence insider

At Black Hat 2017, security researcher Matt Suiche analyzed the Shadow Brokers dumps, postings and behavior to get to the bottom of one of the infosec industry's biggest questions. Continue Reading

Poison Ivy RAT: What new delivery techniques are attackers using?

A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for. Continue Reading

Phishing research shows troubling trends for enterprise users

Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats. Continue Reading

Industroyer malware a turning point for ICS security

Security researchers at Black Hat 2017 analyzed the Industroyer malware, the attack on Ukraine's power grid and what it means for industrial control system security in the U.S. Continue Reading

What tools were used to hide fileless malware in server memory?

Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend. Continue Reading

At Black Hat 2017, an industry hits a milestone and finds new directions

Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes. Continue Reading

Advanced Persistent Security

In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations. Continue Reading

How do the malware implants RedLeaves and PlugX work?

Malware implants RedLeaves and PlugX infected networked systems in multiple industries and leveraged stolen administrator credentials. Expert Judith Myerson explains how it works. Continue Reading

How can users protect themselves from the DocuSign phishing email?

A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack. Continue Reading

Petya malware behavior may change based on AV installed

Researchers found changes in malware behavior when Petya detected certain security products, but experts are unsure why these features might exist. Continue Reading

Tax software backdoor allowed NotPetya ransomware attacks

Researchers analyze the software backdoor used to deliver NotPetya ransomware to Ukraine targets, while the threat actors behind the attacks ask for more money. Continue Reading

How WannaCry malware affects enterprises' ICS networks

WannaCry malware has been plaguing organizations across the world. Expert Ernie Hayden explains how this ransomware threatens ICS networks and their security. Continue Reading

Risk & Repeat: NotPetya ransomware raises the stakes

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks. Continue Reading