Threats and vulnerabilities

How is Pegasus malware different on Android than on iOS?

Pegasus malware used to only target iOS devices, but a variant called Chrysaor now goes after Android devices, too. Expert Michael Cobb explains what users need to know about it. Continue Reading

Six new vulnerabilities in Android bootloaders uncovered

News roundup: Researchers used the new BootStomp tool to uncover six vulnerabilities in Android bootloaders. Plus, a new wave of AWS S3 bucket data leaks strikes and more. Continue Reading

Dragonfly 2.0 hacker group seen targeting U.S. power grid

Security researchers claim to be tracking a threat group called Dragonfly 2.0 hacker group that has been attacking critical infrastructure and setting up persistent infections on ICS networks. Continue Reading

Why WannaCry and other computer worms may inherit the earth

A vast majority of APT attacks and malware delivery happens via spear phishing. But worms have always had a place in the toolkit when the delivery method fit the mission. Continue Reading

Interception threatens TLS security; now what?

As global cyberattacks have exploded in recent months, the speed of infection is causing damage, not only to targeted industries and nation states, but to corporate valuations. In June, FedEx warned that the Petya cyberattack, which disrupted operations at its TNT Express subsidiary, may have "material impact" on the company's 2017 financial performance. Merck & Co. Inc., another victim of the cyberattack, issued a similar warning. A Trojan that morphed into a worm, Petya -- sometimes called NotPetya -- brought increased attention to the lack of security fundamentals practiced at major companies.

The majority of these threats enter networks through malware delivered via the internet. However, as the growth of HTTPS deployment continues, some companies are increasingly using Transport Layer Security (TLS) interception by middleboxes to maintain visibility into TLS security and malicious software. Researchers from top universities and technology companies, including Google, Mozilla and Cloudflare, published an HTTPS interception study in April that offered startling statistics on TLS security.

In this issue of Information Security magazine, we look at how worms play a role in advanced persistent threats and the ongoing issues related to HTTPS inspection and TLS security.

 Continue Reading

Spambot email leak compromises 711M records

An email leak containing 711 million records was found in a breach of a spambot list stored in the Netherlands and included both addresses and passwords used to access email accounts. Continue Reading

How NotPetya ransomware used legitimate tools to move laterally

WannaCry and NotPetya ransomware woke enterprises up to an expanded threat landscape. Expert Michael Cobb explains these threats and what enterprises can do to stop them. Continue Reading

Why WannaCry and other computer worms may inherit the earth

 Continue Reading

ATMitch malware: Can fileless ATM malware be stopped?

How was the ATMitch malware able to loot cash machines, then delete itself? Expert Nick Lewis explains how the fileless malware works and how it spreads. Continue Reading

DoubleAgent malware could turn antivirus tools into attack vector

DoubleAgent malware is a proof of concept for a zero-day vulnerability that can turn antivirus tools into attack vectors. Expert Nick Lewis explains how to contain the threat. Continue Reading

Risk & Repeat: Was the DNC hack an inside job?

In this week's Risk & Repeat podcast, SearchSecurity editors examine claims from intelligence veterans that the DNC hack was an inside job, and not the work of Russian hackers. Continue Reading

Destruction of service: How ransomware attacks have changed

New ransomware variants have introduced another threat to enterprises. Rob Shapland explains what destruction of service attacks are and how organizations should prepare for them. Continue Reading

How does the MajikPOS malware evade detection?

A new POS malware downloads a RAM scraper to avoid detection. Expert Nick Lewis explains the tricks MajikPOS uses to target retail terminals and how to defend against it. Continue Reading

How does CrashOverride malware threaten industrial control systems?

CrashOverride malware targets industrial control systems and can wreak havoc. Expert Judith Myerson explains the capabilities of the malware and what to do to stop it. Continue Reading

Risk & Repeat: MalwareTech indictment raises questions

In this week's Risk & Repeat podcast, SearchSecurity editors explore the FBI's case against security researcher Marcus Hutchins, better known as MalwareTech. Continue Reading

How can VMware vulnerabilities in vSphere expose credentials?

Two VMware vulnerabilities in vSphere Data Protection were recently patched. Expert Judith Myerson explains how the flaws work and how to defend against them. Continue Reading

Libpurple flaw: How does it affect connected IM clients?

The libpurple library contains a code execution vulnerability that affects the IM clients that were developed using it. Expert Michael Cobb explains how the flaw works. Continue Reading

Ransomware recovery goes beyond data loss for enterprises

Enterprises may see paying up as a quick path to ransomware recovery, but experts said there are many issues to consider when making that choice. Continue Reading

Risk & Repeat: Black Hat 2017 highlights

In this week's Risk & Repeat podcast, SearchSecurity editors recap Black Hat 2017 and discuss some of the big news from the event, including the Broadpwn remote exploit. Continue Reading

Who are the Shadow Brokers? Signs point to an intelligence insider

At Black Hat 2017, security researcher Matt Suiche analyzed the Shadow Brokers dumps, postings and behavior to get to the bottom of one of the infosec industry's biggest questions. Continue Reading

Poison Ivy RAT: What new delivery techniques are attackers using?

A revamped Poison Ivy RAT campaign has been using new evasion and distribution techniques. Expert Nick Lewis explains the new attack methods that enterprises should look out for. Continue Reading

Phishing research shows troubling trends for enterprise users

Karla Burnett of Stripe presented sobering results of phishing research from her company at Black Hat 2017, suggesting phishing training is ineffective against today's threats. Continue Reading

Industroyer malware a turning point for ICS security

Security researchers at Black Hat 2017 analyzed the Industroyer malware, the attack on Ukraine's power grid and what it means for industrial control system security in the U.S. Continue Reading

What tools were used to hide fileless malware in server memory?

Fileless malware hidden in server memory led to attacks on many companies worldwide. Expert Nick Lewis explains how these attacks fit in with the wider fileless malware trend. Continue Reading

At Black Hat 2017, an industry hits a milestone and finds new directions

Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes. Continue Reading

Advanced Persistent Security

In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations. Continue Reading

How do the malware implants RedLeaves and PlugX work?

Malware implants RedLeaves and PlugX infected networked systems in multiple industries and leveraged stolen administrator credentials. Expert Judith Myerson explains how it works. Continue Reading

How can users protect themselves from the DocuSign phishing email?

A DocuSign phishing email with a link to a malicious Word document recently targeted the company's users. Expert Judith Myerson outlines six ways to avoid this type of attack. Continue Reading

Petya malware behavior may change based on AV installed

Researchers found changes in malware behavior when Petya detected certain security products, but experts are unsure why these features might exist. Continue Reading

Tax software backdoor allowed NotPetya ransomware attacks

Researchers analyze the software backdoor used to deliver NotPetya ransomware to Ukraine targets, while the threat actors behind the attacks ask for more money. Continue Reading

How WannaCry malware affects enterprises' ICS networks

WannaCry malware has been plaguing organizations across the world. Expert Ernie Hayden explains how this ransomware threatens ICS networks and their security. Continue Reading

Risk & Repeat: NotPetya ransomware raises the stakes

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks. Continue Reading

How does the Antbleed backdoor vulnerability work?

Antbleed, a backdoor vulnerability, was discovered in bitcoin mining equipment. Expert Matthew Pascucci explains how the Bitmain flaw works and how it can be prevented. Continue Reading

The ELSA project enables hackers to track and store geolocation data

News roundup: The ELSA project -- one of the released CIA hacking tools -- can track device locations. Plus, Senators move to ban Kaspersky Lab products from the military, and more. Continue Reading

NotPetya ransomware trend moving toward sophistication

NotPetya represented advanced malware compared to its cousin WannaCry, but also showed sophistication that experts worry may be a ransomware trend. Continue Reading

Petya ransomware scam: Lost files can't be restored

Researchers discovered the rash of Petya-like attacks are nothing more than a ransomware scam, and list files are impossible to restore. Continue Reading

Petya-like global ransomware attack can be mitigated

A new global ransomware attack has been spreading quickly using the same exploits as WannaCry, but researchers have already found ways to protect users from the damage. Continue Reading

Fruitfly Mac malware: How does its decades-old code work?

The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis explains how it works. Continue Reading

What are HummingWhale malware's new ad fraud features?

A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the malware's new features. Continue Reading

Valerie Plame warns of increased nation-state cyberattacks

At the 2017 Cloud Identity Summit, former covert CIA officer Valerie Plame discussed the increasing risks of nation-state cyberattacks focused on geopolitical influence. Continue Reading

Risk & Repeat: Comey warns of more election hacking

In this week's Risk & Repeat podcast, SearchSecurity editors discuss former FBI Director James Comey's testimony on election hacking and election interference from Russia. Continue Reading

How can Bosch's diagnostic dongle be leveraged by hackers?

Hacks on a car's diagnostic dongle can completely take over the vehicle and even shut off the engine. Expert Judith Myerson explains how this works and how to prevent it from happening. Continue Reading

CrashOverride ICS attack targets vulnerable electrical grid

Researchers discovered new details of a Kiev ICS attack from December using CrashOverride malware that could be used to disrupt an insecure electrical grid. Continue Reading

Q&A: Cyber attribution matters, RSA GM Peter Tran says

RSA's GM Peter Tran sheds light on the value of cyber attribution, explains why the 'how' and 'why' of an attack may be more important than finding who did it. Continue Reading

How do attackers use Microsoft Application Verifier for hijacking?

Attackers found a way to use Microsoft Application Verifier to hijack security products, like antivirus tools. Expert Judith Myerson explains how it's done and what to do to stop it. Continue Reading

Risk & Repeat: Shadow Brokers launch zero-day exploit service

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the Shadow Brokers' monthly service for zero-day exploits and how it may affect enterprise security efforts. Continue Reading

Embedded malware: How OLE objects can harbor threats

Nation-states have been carrying out attacks using RTF files with embedded malware. Expert Nick Lewis explains how OLE technology is used and how to protect your enterprise. Continue Reading

The Apple Notify flaw: How does it allow malicious script injection?

Flaws in the Apple Notify function and iTunes can enable attackers to inject malicious script into the application side. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading

Election cyberattack proves people are still the biggest flaw

A new NSA leak allegedly shows Russian agents engaged in election cyberattacks against local U.S. governments and proves people are still the hardest cybersecurity risk to mitigate. Continue Reading

Shadow Brokers dump crowdfunding raises ethical questions

The prospect of monthly NSA cyberweapons leaks in new Shadow Brokers dump raises questions about the ethics of paying criminals for stolen goods. Continue Reading

Voting machine hacking to be taken on at DEFCON 2017

Possible voting machine hacking has been a topic of conversation since before the 2016 election and at DEFCON 2017; professional pentesters will find out what damage can be done. Continue Reading

How can customer service staff spot social engineering email attacks?

Social engineering emails targeted at customer service staff have led to the spread of the August malware. Expert Nick Lewis explains how to identify and mitigate these attacks. Continue Reading

How does Gooligan malware compromise Google accounts?

Android apps infected with Gooligan malware enable attackers to compromise the security of Google accounts. Expert Nick Lewis explains how users can protect themselves. Continue Reading

Seven NSA cyberweapons used in EternalRocks exploit

Following the worldwide impact of WannaCry, EternalRocks arrived abusing seven NSA cyberweapons but holding back on its malicious intent. Continue Reading

WannaCry ransomware decryptor brings hope to victims

Security researchers uncovered more info on how WannaCry spread, and a ransomware decryptor emerged to save files for those affected. Continue Reading

Switcher Android Trojan: How does it attack wireless routers?

The Switcher Trojan spreads to Android devices through the wireless router to which they are connected. Expert Nick Lewis explains how this attack is carried out. Continue Reading

What is the SS7 protocol and what are its security implications?

The SS7 protocol has been a source of controversy lately because of its security vulnerabilities. Expert Judith Myerson explains what the protocol is and what its issues are. Continue Reading

Microsoft slams NSA over cyberweapon in WannaCry ransomware

Microsoft blames the U.S. government for cyberweapon stockpiling as WannaCry ransomware infections continue to spread, though some experts say Microsoft shares responsibility. Continue Reading

WannaCry ransomware prompts legacy MS17-010 patch

Microsoft responds to WannaCry ransomware with an MS17-010 patch for legacy systems as new ransomware variants spread to more countries around the globe. Continue Reading

Android clickjacking attacks possible from Google Play apps

Google implemented clickjacking attack mitigations in Android but left a potential avenue for malicious actors that won't be fixed until Android O is released. Continue Reading

New types of ransomware innovate to find opportunity

There is no shortage of new types of ransomware, many with unique features, and experts say it's an exercise in innovation and finding revenue opportunity. Continue Reading

Why did the PHPMailer library vulnerability have to be patched twice?

After a remote code execution flaw in PHPMailer was patched, the problem persisted, and had to be repatched. Expert Michael Cobb explains how the critical vulnerability works. Continue Reading

Google Docs phishing attack grants attacker full Gmail access

A Google Docs phishing attack abused OAuth to give malicious actors full access to a victim's Gmail account and contacts, but Google claims to have blocked the attacks. Continue Reading

Panasonic Avionics IFE systems: How serious are the vulnerabilities?

Panasonic Avionics' in-flight entertainment system vulnerabilities allow attackers to tamper with passenger seat displays. Expert Michael Cobb explains the impact of these flaws. Continue Reading

Risk & Repeat: More Equation Group cyberweapons leaked

In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of Equation Group cyberweapons and how Microsoft patched them. Continue Reading

Handbook of System Safety and Security

In this excerpt from chapter 10 of Handbook of System Safety and Security, editor Edward Griffor discusses cloud and mobile cloud architecture and security. Continue Reading

How does the boot mode vulnerability in Android work?

A boot mode vulnerability allowed attackers to eavesdrop on calls made on certain Android devices. Expert Judith Myerson explains how the complex exploit works. Continue Reading

NSA spyware found infecting tens of thousands worldwide

A new security tool will let users scan their systems for the presence of NSA spyware found in the latest Equation Group leak, and tens of thousands are already infected. Continue Reading

Hajime worm fights the forces of evil IoT malware, maybe

News roundup: The Hajime worm is the nicer, sneakier brother of Mirai malware. Plus, the FBI and CIA hunt for the Vault 7 whistleblower, Symantec adds to Zscaler lawsuit, and more. Continue Reading

How does Exaspy spyware disguise itself on Android devices?

Exaspy spyware, which can access messages, video chats and more, was found on Android devices owned by executives. Expert Nick Lewis explains how Exaspy is able to avoid detection. Continue Reading

Shadow Brokers' Windows exploits target unsupported systems

A new release of NSA cyberweapons falls flat, as Windows exploits from the Shadow Brokers have mostly been patched. But unsupported systems are still at risk. Continue Reading

Shadow Brokers release SWIFT banking and Windows exploits

The Shadow Brokers released another cache of cyberweapons linked to the Equation Group, including Windows exploits and attack details for the SWIFT banking system. Continue Reading

U.S. election hacking not an act of cyberwarfare, experts say

The government needs a better definition for an act of cyberwarfare, says ex-CIA Director Michael Hayden, because he doesn't think the U.S. election hacking applies. Continue Reading

CIA Vault 7 tools attributed to hacking group for years

Security researchers said the CIA Vault 7 tools and techniques are linked to cyberattacks over the past six years targeting various foreign entities. Continue Reading

Pegasus malware expands from iOS to Android

One of the more malicious iOS threats -- Pegasus malware -- has made its way to Android devices and it has some dangerous new tricks in its arsenal. Continue Reading

Five criteria for purchasing from threat intelligence providers

Expert Ed Tittel explores key criteria for evaluating threat intelligence providers to determine the best service for an enterprise's needs. Continue Reading

Politics of cyber attribution pose risk for private industry

Why nation-state attribution plays a major role in the U.S. government's willingness to share cyberthreat intelligence with private-sector companies. Continue Reading

How did firmware create an Android backdoor in budget devices?

An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices. Expert Michael Cobb explains how to prevent attacks on affected devices. Continue Reading

How did vulnerabilities in AirWatch Agent and Inbox work?

Flaws in AirWatch Agent and AirWatch Inbox allowed rooted devices to bypass the software's security measures. Expert Matthew Pascucci explains how these vulnerabilities worked. Continue Reading

Politics of cyber attribution pose risk for private industry

 Continue Reading

Cisco issues fix for Vault 7 vulnerability without help from WikiLeaks

News roundup: Cisco fixes a Vault 7 flaw unaided, despite WikiLeaks' pledge to work with vendors. Plus, LastPass flaws leak user data; Apple held hostage by hackers; and more. Continue Reading

How does the Locky ransomware file type affect enterprise protection?

Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust protections for this shift. Continue Reading

Hajime malware: How does it differ from the Mirai worm?

Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime differs from Mirai. Continue Reading

How does the Drammer attack exploit ARM-based mobile devices?

Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ARM processors. Continue Reading

How can attackers turn Instagram into C&C infrastructure?

An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how this works. Continue Reading

Patched Apache Struts vulnerability exploited in the wild

News roundup: An Apache Struts vulnerability is still being exploited, despite being patched. Plus, WhatsApp and Telegram release patches; Assange contacts Microsoft; and more. Continue Reading

Is the antivirus industry dead? Experts weigh in

RSAC 2017: With malware-detecting software increasingly coming under fire for vulnerabilities, find out what the experts had to say about the future of the antivirus industry. Continue Reading

How can the Dirty COW vulnerability be used to attack Android devices?

A copy-on-write vulnerability known as 'Dirty COW' was found in the Linux kernel of Android devices. Expert Michael Cobb explains the risks of this attack. Continue Reading

What's the best corporate email security policy for erroneous emails?

If an employee receives invalidated emails, should the corporate email security policy handle it? Expert Matthew Pascucci discusses the rights of the enterprise. Continue Reading

What to consider about signatureless malware detection

Endpoint security is changing into signatureless malware detection and protection. Expert Matthew Pascucci discusses the transition away from signatures. Continue Reading

Ransomware costs not limited to ransoms, research shows

The financial fallout from ransomware involves more than bitcoins, one study found. Targeted companies invest in security technology and fear loss of reputation and customers. Continue Reading

Doxware: New ransomware threat, or just extortionware rebranded?

 Continue Reading

Ransomware costs not limited to ransoms, research shows

 Continue Reading

IoT malware: How can internet-connected devices be secured?

IoT botnet DDoS attacks have been growing in volume and impact. Expert Nick Lewis explains how you can ensure your internet-connected devices are secure from IoT malware. Continue Reading

How can obfuscated macro malware be located and removed?

A new type of macro malware has the ability to evade the detection of virtual machines and sandbox environments. Expert Nick Lewis explains how to find and remove this malware. Continue Reading

How can open FTP servers be protected from Miner-C malware?

Enterprises with open FTP servers are being targeted by Miner-C malware for crypto coin mining activities. Expert Nick Lewis explains how enterprises can protect their servers. Continue Reading

Connected medical devices spark debate at RSA Conference session

An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading

Christopher Young: Don't sleep on the Mirai botnet

RSA Conference 2017 was full of talk about future IoT attacks, but Intel Security's Christopher Young said the Mirai botnet is still an enormous threat and demonstrated why that is. Continue Reading

Microsoft: Nation-state cyberattacks have changed the security game

Microsoft's Brad Smith spoke at RSA Conference 2017 about the effects of nation-state cyberattacks and what businesses and governments can do about them. Continue Reading

Ransomware threat continues to evolve, defense needs to catch up

With the rapid expansion of the ransomware threat landscape, defenders are scrambling to find ways to fight back. RSAC 2017 dedicated a full day for a ransomware seminar. Continue Reading