Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2018-03-27 15:00:00 |
Encryption 101: Decryptor\'s thought process (lien direct) |
Read more...)
|
|
|
|
|
2018-03-26 17:00:00 |
(Déjà vu) A week in security (March 19 – March 25) (lien direct) |
A roundup of notable security news from March 19 to 25, including data theft, ransomware, phone addiction, and more.
Categories:
Security world
Week in security
Tags: bug bountymalwarephishingransomwareroundupStephen Hawking scamweek in security
(Read more...)
|
|
|
|
|
2018-03-26 16:00:00 |
What Facebook\'s Cambridge Analytica problem means for your data (lien direct) |
|
|
|
|
|
2018-03-26 15:00:00 |
Malicious cryptomining and the blacklist conundrum (lien direct) |
When threat actors take to free and disposable cloud services, the battle against malicious cryptomining becomes a lot more difficult.
Categories:
Cryptomining
Threat analysis
Tags: adblockersblacklistcoinhivecryptominerscryptominingGitHub
(Read more...)
|
|
|
|
|
2018-03-23 15:51:00 |
“Celebrating Stephen Hawking” with a 419 scam (lien direct) |
Scammers are using the good name of the recently deceased scientist Stephen Hawking to lure potential victims into a 419 scam, complete with a quiz and large cash prize for the winner.
Categories:
Cybercrime
Social engineering
Tags: 419fakemailquizscamspamStephen HawkingStephen Hawking scam
(Read more...)
|
|
|
|
|
2018-03-22 15:49:05 |
DDoS attacks are growing: What can businesses do? (lien direct) |
How do DDoS attacks work? And how do we protect our organizations from the growing size and number of attacks?
Categories:
Business
Technology
Tags: attackddosDDos attackIoTmemcachedPieter Arntzprotection
(Read more...)
|
|
|
|
|
2018-03-21 17:42:01 |
CyberByte steals Malwarebytes\' intellectual property (lien direct) |
|
|
|
|
|
2018-03-20 15:00:00 |
The digital entropy of death: link rot (lien direct) |
We take a look at how link rot risks turning every website into an unreachable island-locking crucial information away behind a plethora of broken links-and some of the security concerns that may arise as a result.
Categories:
101
FYI
Tags: 404entropylinklink rotrotshortening service
(Read more...)
|
|
|
|
|
2018-03-19 17:30:00 |
Investors concerned about smartphone addiction; Apple responds with new webpage (lien direct) |
Apple adds a new page to their website, aiming to address the growing trend of smartphone addiction in children and its harmful effects on users.
Categories:
101
FYI
Tags: Appleparental controlssecurity 101smartphone addictionteen security
(Read more...)
|
|
|
|
|
2018-03-19 16:53:02 |
(Déjà vu) A week in security (March 12 – March 18) (lien direct) |
A roundup of notable security news from March 12 to 18, including data theft, mobile malware, compromised clients, and more.
Categories:
Security world
Week in security
Tags: AndroidcybercrimemalwareMeltdownSpectrevpn
(Read more...)
|
|
|
|
|
2018-03-16 16:52:04 |
A cure for the common cold call: freeze them out (lien direct) |
Cold calls are a modern day nuisance becoming ever-more persistent. In this article, we show you how to limit the number of cold calls you receive and prevent potential damage they may inflict.
Categories:
101
Technology
Tags: cold callshow to handlePieter Arntzpreventionsolutions
(Read more...)
|
|
|
|
|
2018-03-15 13:00:00 |
GrayKey iPhone unlocker poses serious security concerns (lien direct) |
GrayKey, an iPhone unlocker, is secretly being marketed to law enforcement. Thanks to an anonymous source, we now know how the device works-and the danger it presents to security.
Categories:
Privacy
Security world
Tags: graykeygrayshiftiOSiPhoneiphone unlockerprivacy
(Read more...)
|
|
|
|
|
2018-03-14 17:59:03 |
Hermes ransomware distributed to South Koreans via recent Flash zero-day (lien direct) |
An uncommon exploit kit adds a fresh Flash Player exploit to distribute the Hermes ransomware in South Korea.
Categories:
Exploits
Threat analysis
Tags: CVE-2018-4878EKexploit kitFashHermesransomware
(Read more...)
|
|
|
|
|
2018-03-13 16:00:00 |
(Déjà vu) Hancitor: fileless attack with a DLL copy trick (lien direct) |
Evading detection when distributing payloads is a key part of an effective malware campaign. Hancitor shows that it has yet another trick up its sleeve for that.
Categories:
Malware
Threat analysis
Tags: filelessHancitormacromalwarepayloads
(Read more...)
|
|
|
|
|
2018-03-13 16:00:00 |
Hancitor: fileless attack with a kernel trick (lien direct) |
Evading detection when distributing payloads is a key part of an effective malware campaign. Hancitor shows that it has yet another trick up its sleeve for that.
Categories:
Malware
Threat analysis
Tags: filelessHancitormacromalwarepayloads
(Read more...)
|
|
|
|
|
2018-03-12 17:36:01 |
A week in security (March 05 – March 11) (lien direct) |
A roundup of notable security news from March 5 to 11, including another takedown of GeekHelp tech support scammers, a lame Android app, AI and ML in cybersecurity, Mac malware, and more.
Categories:
Security world
Week in security
Tags: Androidartificial intelligenceencryptioninternational women's daymachine learningrecapweekly blog roundupwomen in tech
(Read more...)
|
General Information
|
|
|
|
2018-03-12 15:00:00 |
The digital entropy of death: what happens to your online accounts when you die (lien direct) |
What happens to online accounts when we die? Not a cheerful subject by any stretch of the imagination, but the good news is there are options available-some, a little more sensible than others.
Categories:
101
Tags: after we diedeathdigital real estateinheritance
(Read more...)
|
Studies
|
|
|
|
2018-03-09 20:08:02 |
Tech support scammers GeeksHelp caught again, two years later (lien direct) |
Almost two years after exposing a group of tech support scammers, we stumbled upon them again, this time under the moniker GeeksHelp.
Categories:
Social engineering
Threat analysis
Tags: AmericaGeeksGeeksFranceGeeksHelptech support scammers
(Read more...)
|
|
|
|
|
2018-03-09 17:06:02 |
How artificial intelligence and machine learning will impact cybersecurity (lien direct) |
Both artificial intelligence and machine learning are being adopted in cybersecurity. But before they achieve mainstream traction, it's important to discuss their impact to the industry.
Categories:
Security world
Technology
Tags: adversarialAIartificial intelligencecybersecuritymachine learningML
(Read more...)
|
|
|
|
|
2018-03-08 17:00:00 |
International Women\'s Day: Women in tech share their stories (lien direct) |
|
|
|
|
|
2018-03-08 13:01:00 |
The state of Mac malware (lien direct) |
Mac users are often told that there are no Mac viruses. In reality, Mac malware does exist, as we'll see in this summary of 2018 Mac threats.
Categories:
101
Mac
Tags: Applemacmac malwaremacOSosxThomas Reed
(Read more...)
|
|
|
|
|
2018-03-07 17:00:03 |
Building an incident response program: creating the framework (lien direct) |
An incident response plan does not need to be overly complicated. However, having a solid and tested framework for the program is key in the ability of an organization to respond to and survive a security incident.
Categories:
101
Business
Tags: gdprGeneral Data Protection RegulationIncident Responseincident response frameworkincident response program
(Read more...)
|
Patching
|
|
★★★
|
|
2018-03-06 19:10:03 |
Encryption 101: How to break encryption (lien direct) |
Continuing on in our Encryption 101 series, we now look at what it takes to break encryption. In order for something as powerful as encryption to break, there needs to be some kind of weakness to exploit. That weakness is often a result of an error in implementation.
Categories:
Malware
Threat analysis
Tags: break encryptionencryptionencryption functionalityrandom number generator
(Read more...)
|
|
|
|
|
2018-03-05 18:00:00 |
Mobile Menace Monday: Olympics app has more ads than games (lien direct) |
An app claiming to live stream the 2018 Winter Olympics had a short run on Google Play before being flagged for adware.
Categories:
Cybercrime
Mobile
Tags: adwareAndroidmobile adsolympicstriple m
(Read more...)
|
|
|
|
|
2018-03-05 17:00:00 |
Week in security (February 26 – March 4) (lien direct) |
Last week in infosec, cryptomining kept chugging along, exploits were spotted in the wild, and a massive DDoS attack targeted GitHub.
Categories:
Security world
Week in security
Tags: filelessgerman governmentmalicious cryptominingtorrentweekly blog roundup
(Read more...)
|
|
|
|
|
2018-03-02 19:26:04 |
Massive DDoS attack washes over GitHub (lien direct) |
We take a look at the colossal DDoS attack on GitHub, the largest-ever on record. How did threat actors do it, and what can companies do to protect against it?
Categories:
Criminals
Threat analysis
Tags: ddosDDos attackGitHubmemcachedmemcrashedmemcrashing
(Read more...)
|
|
|
|
|
2018-03-02 18:30:04 |
Explained: SQL injection (lien direct) |
SQL injection is one of the most common attacks against businesses, with a high rate of success. So what can you do to prevent them?
Categories:
Business
Security world
Tags: breachcodedrop tableinjectionphp. aspquerysqlSQL injection
(Read more...)
|
|
|
|
|
2018-03-01 16:00:00 |
Blast from the past: stowaway Virut delivered with Chinese DDoS bot (lien direct) |
A recent Chinese drive-by attack dropped Virut, an ancient virus that's been out of commission since 2013. So what was it doing in this modern attack?
Categories:
Malware
Threat analysis
Tags: avzhanAvzhan DDoS botChinese drive-by attackDDoS botvirusvirut
(Read more...)
|
|
|
|
|
2018-02-28 16:45:01 |
New RIG malvertising campaign uses cryptocurrency theme as decoy (lien direct) |
This malvertising campaign uses a popular cryptocurrency theme to redirect users to the RIG exploit kit.
Categories:
Exploits
Threat analysis
Tags: cryptocurrenciesmalvertisingRIGRIGEK
(Read more...)
|
|
|
|
|
2018-02-28 16:00:00 |
Encryption 101: ShiOne ransomware case study (lien direct) |
In this case study on ShiOne ransomware, part of our Encryption 101 series, we will be reviewing the encryption process line by line and showing the different methods ransomware can use to encrypt files.
Categories:
Malware
Threat analysis
Tags: encryptionencryption functionalityencryption methodsmalwareransomwareShiOneShiOne ransomware
(Read more...)
|
|
|
|
|
2018-02-27 18:56:04 |
Human Factor Podcast: Jenny Radcliffe and Chris Boyd (lien direct) |
Hear Lead Malware Intelligence Analyst Chris Boyd talk about 10 years of experience in security and research on the Human Factor podcast hosted by Jenny Radcliffe.
Categories:
101
FYI
Tags: human factor podcastjenny radcliffemany hats clubpodcastrecording
(Read more...)
|
Guideline
|
|
|
|
2018-02-27 17:30:00 |
How to protect your computer from malicious cryptomining (lien direct) |
When you experience a slow computer due to malicious cryptomining, how can you troubleshoot it and prevent it from happening again?
Categories:
101
How-tos
Tags: Chrome Task managercrypto-jackinghigh cpupreventslow computertroubleshoot
(Read more...)
|
|
|
|
|
2018-02-26 17:36:00 |
A week in security (February 19 – February 25) (lien direct) |
A roundup of notable news stories from February 19–25, including drive-by download attacks on Chinese websites, Deepfakes programs being paired with cryptominers, and a review of GDPR guidelines.
Categories:
Security world
Week in security
Tags: avzhanddosdeepfakesfraudgdprimpersonationKrebsOnSecurityrecapsecuityweekly blog roundup
(Read more...)
|
|
|
|
|
2018-02-26 16:08:00 |
The state of malicious cryptomining (lien direct) |
From malware coin miners to drive-by mining, we review the state of malicious cryptomining in the past few months by looking at the most notable incidents and our own telemetry stats.
Categories:
Cybercrime
Tags: coin minerscoin-haveCoinbasecoinhivecrypto-lootcryptocurrencycryptominingdrive-bymalvertisingmalwaremonero
(Read more...)
|
|
|
|
|
2018-02-23 18:00:00 |
Avzhan DDoS bot dropped by Chinese drive-by attack (lien direct) |
The Avzhan DDoS bot is back in the wild again, this time being dropped by a Chinese drive-by attack. In this post, we'll take a deep dive into its functionality and compare the sample we captured with the one described in the past.
Categories:
Malware
Threat analysis
Tags: avzhanBotbotnetddosdrive-by attackexploit kitmalware
(Read more...)
|
|
|
|
|
2018-02-23 17:20:00 |
Deepfakes FakeApp tool (briefly) includes cryptominer (lien direct) |
We take a look at what happens when one of the most popular DIY Deepfakes programs decides to monetise with a spot of coin mining. Surprise: it doesn't end well.
Categories:
Security world
Technology
Tags: coin miningcoinhivecryptodeepfakedeepfakesfakefakeappminermining
(Read more...)
|
|
|
|
|
2018-02-22 16:00:00 |
Drive-by download campaign targets Chinese websites, experiments with exploits (lien direct) |
This custom made drive-by download attack targets some Chinese websites and their visitors while experimenting with exploits.
Categories:
Threat analysis
Tags: Chinesecoinhivedrive-byEKexploit kitexploitsFlash PlayerInternet Explorersvchost.exe
(Read more...)
|
|
|
|
|
2018-02-21 09:00:00 |
How to build an incident response program: GDPR guidelines (lien direct) |
With the General Data Protection Regulation (GDPR) going into effect this May, many organizations need to have a robust incident response program to ensure the safety of their customers' and employees' data. Here's part one of our guidelines.
Categories:
101
Business
Tags: breach notificationbreach remediationbreach responseData Subject RightsgdprGeneral Data Protection RegulationIncident Responseincident response program
(Read more...)
|
|
|
|
|
2018-02-20 21:53:01 |
Encryption 101: a malware analyst\'s primer (lien direct) |
Read more...)
|
|
|
|
|
2018-02-19 16:55:04 |
A week in security (February 12 – February 18) (lien direct) |
A roundup of notable news stories from February 12–18, including Android cryptomining, phishing on a massive scale, Apple scams, and bug bounties.
Categories:
Security world
Week in security
Tags: Androidcryptomininghealthcareinfosecsecurityvalentine's dayweekly roundup
(Read more...)
|
|
|
|
|
2018-02-15 16:00:00 |
Physician, protect thyself: healthcare cybersecurity circling the drain (lien direct) |
Study after study reveals that healthcare cybersecurity breaches are on the uptick. In this blog series, we'll look into the reasons why healthcare cybercrime is trending, understand the motivations of threat actors behind it, and discuss what the healthcare industry can do to care for itself and the people they swore to protect.
Categories:
101
Business
Tags: byodcybersecurityEHRelectronic health recordhealth appshealth carehealthcarehealthcare cybersecurityHIPPAmHealthsecurity training
(Read more...)
|
|
|
|
|
2018-02-14 17:07:01 |
Online security tips for Valentine\'s Day: how to beat the cheats (lien direct) |
Read more...)
|
|
|
|
|
2018-02-13 18:31:01 |
Panic attack: Apple scams apply pressure (lien direct) |
We take a look at some of the many vaguely threatening/panic-inducing attempts by Apple scams to phish potential victims. Featuring emails, texts, and...Edward Snowden?!
Categories:
Cybercrime
Social engineering
Tags: AppleApple ScamsApple Supportipoditunesphishphishingscam
(Read more...)
|
|
|
|
|
2018-02-13 16:00:00 |
Kotlin-based malicious apps penetrate Google market (lien direct) |
New malicious apps appear in Google Play abusing Kotlin, the "safest" official programming language for the Android.
Categories:
Cybercrime
Malware
Mobile
Tags: AndroidGoogle Playkotlinmalware
(Read more...)
|
|
|
|
|
2018-02-12 17:00:01 |
A week in security (February 5 – February 11) (lien direct) |
We bring you an overview of what happened in cybersecurity during the last week, including new developments in drive-by cryptomining, including Mac and Android miners, and yet another abusing the fact that Deepfakes content was banned from most major networks.
Categories:
Security world
Week in security
Tags: a week in securityandroid cryptominingcryptominingdeepfakesmac cryptominingsafer internet day
(Read more...)
|
|
|
|
|
2018-02-12 14:00:02 |
Drive-by cryptomining campaign targets millions of Android users (lien direct) |
Android users have been exposed to drive-by cryptomining in one of the largest campaigns that we have detected so far.
Categories:
Malware
Threat analysis
Tags: AndroidBotCAPTCHAcoinhivecrypto miningcryptominingdrive-by
(Read more...)
|
|
|
|
|
2018-02-09 19:57:07 |
Bank robbers 2.0: digital thievery and stolen cryptocoins (lien direct) |
A new generation of thieves, bank robbers 2.0, seek to steal huge amounts of money as anonymously as they can. So they've developed a multitude of ways to pilfer cryptocurrency.
Categories:
Cybercrime
Technology
Tags: bakcoinhivecrypto-currencyjackpottingmalleabilityMt GoxNicehashPieter Arntzrobber
(Read more...)
|
|
|
|
|
2018-02-08 19:23:40 |
New Deepfakes forum goes mining with Coinhive (lien direct) |
With the collapse of the main Deepfakes hubs on Reddit, users have moved away to other forums. Problem is, at least one of them is mining for cryptocurrency. Can your PC handle it?
Categories:
Cybercrime
Privacy
Tags: bitcoinbitcoinscryptocurrencycryptominingdeepfakesminingscripts
(Read more...)
|
|
|
|
|
2018-02-07 19:30:00 |
Bogus hack apps hack users back for cryptocash (lien direct) |
Recently, we discovered a gold mine of fake hack apps that mine for Monero cryptocurrency and serve up annoying adware.
Categories:
Cybercrime
Mobile
Tags: adwareAndroidcoin hivecoin minershackhack appMobiletrojan
(Read more...)
|
|
|
|
|
2018-02-07 18:35:53 |
New Mac cryptominer has 23 older variants (lien direct) |
The new Mac cryptominer, OSX.CreativeUpdate, turns out to be older than we thought, with 23 variants found dating back to October 2017.
Categories:
Mac
Threat analysis
Tags: macMac cryptominermac malwaremacOS
(Read more...)
|
|
|
|