Structure of leaked files, other factors suggest someone inside “air gap” snuck them out.
While ransomware is a global threat, every now and then we see a variant that targets one specific region. For example, the Coinvault malware had many infections in the Netherlands, because the authors posted malicious software on Usenet and Dutch people are particular fond of downloading things over Usenet. Another example is the recent Shade […]
Download PDF Introduction The telecommunications industry keeps the world connected. Telecoms providers build, operate and manage the complex network infrastructures used for voice and data transmission – and they communicate and store vast amounts of sensitive data. This makes them a top target for cyber-attack. According to PwC’s Global State of Information Security, 2016, IT […]
Exploit against Cisco’s PIX line of firewalls remotely extracted crypto keys.
You are tasked with ensuring that critical applications soon to hit production are secure. As an application owner, you meticulously configure a dynamic scan with features you wish to enable for your scan, crawl scripts, login scripts, whitelisting and blacklisting of specific sites, and you kick off a scan. The scan runs for a few […]
Crooks are always creating new ways to improve the malware they use to target bank accounts, and now Brazilian bad guys have made an important addition to their arsenal: the use of PowerShell. Brazil is the most infected country worldwide when it comes to banking Trojans, according to our Q1 2016 report, and the quality […]
In my earlier post, I gave my thoughts on what the trends were so far part way through the set of conferences last week (BSidesLV, Blackhat, and DefCon24). In this post, I wrap up my thoughts for the week’s conferences. There were several great talks I missed at BSides this year. Two in particular were ones […]
Crowdsourcing security holes—aka bug bounties—has become an increasingly-popular tech firm tactic, bordering on Silicon Valley standard-operating-procedure. But as tempting as such an approach is, it’s not without serious drawbacks. What we’re talking about is encouraging and incentivizing anyone and everyone to dig into your app/OS and beat up on it to try and find any […]
Download the full report (PDF) Spam: quarterly highlights The year of ransomware in spam Although the second quarter of 2016 has only just finished, it’s safe to say that this is already the year of ransomware Trojans. By the end of Q2 there was still a large number of emails with malicious attachments, most of […]