What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-06-23 10:41:15 | Processing Quote Tweets With Twitter API (lien direct) | I’ve been writing scripts to process Twitter streaming data via the Twitter API. One of those scripts looks for patterns in metadata and associations between accounts, as streaming data arrives. The script processes retweets, and I decided to add functionality to also process quote Tweets. Retweets “echo” the original by embedding a copy of the […] |
|||
|
2017-06-22 11:00:21 | Super Awesome Fuzzing, Part One (lien direct) | An informative guide on using AFL and libFuzzer. Posted on behalf of Atte Kettunen (Software Security Expert) & Eero Kurimo (Lead Software Engineer) – Security Research and Technologies. The point of security software is to make a system more secure. When developing software, one definitely doesn’t want to introduce new points of failure, or to […] |
Guideline | ||
|
2017-06-13 10:58:10 | TrickBot Goes Nordic… Once In A While (lien direct) | We’ve been monitoring the banking trojan TrickBot since its appearance last summer. During the past few months, the malware underwent several internal changes and improvements, such as more generic info-stealing, support for Microsoft Edge, and encryption/randomization techniques to make analysis and detection more difficult. Unlike the very fast expansion of banks targeted during the first […] |
|||
|
2017-06-09 06:09:02 | OSINT For Fun And Profit: Hung Parliament Edition (lien direct) | The 2017 UK general election just concluded, with the Conservatives gaining the most votes out of all political parties. But they didn’t win enough seats to secure a majority. The result is a hung parliament. Both the Labour and Conservative parties gained voters compared to the previous general election. Some of those wins came from […] |
|||
|
2017-06-02 13:22:41 | Why Is Somebody Creating An Army Of Twitter Bots? (lien direct) | There’s been some speculation this week regarding Donald Trump’s Twitter account. Why? Because its follower count “dramatically” increased (according to reports) due to a bunch of bots. Since Twitter analytics are my thing at the moment, I decided to do some digging. Sean examined some of Trump’s new followers and found they had something in […] |
|||
|
2017-05-31 12:47:55 | Now Hiring: Developers, Researchers, Data Scientists (lien direct) | We’re hiring right now, and if you check out our careers page, you’ll find over 30 new positions ranging from marketing (meh) to malware analysis (woot!). A select number of these new positions are in F-Secure Labs. If you’re on the lookout for a job in cyber security, you might find one of these jobs […] |
|||
|
2017-05-15 12:59:04 | WannaCry, Party Like It\'s 2003 (lien direct) | Let’s take a moment to collect what we know about WannaCry (W32/WCry) and what we can learn from it. When looked at from a technical perspective, WCry (in its two binary components) has the following properties. Comprised of two Windows binaries. mssecsvc.exe: a worm that handles spreading and drops the payload. tasksche.exe: a ransomware trojan […] |
Wannacry | ||
|
2017-05-13 10:09:08 | WCry: Knowns And Unknowns (lien direct) | WCry, WannaCry, Wana Decrypt0r. I’m sure at this point you’ve heard something about what the industry has dubbed the largest crypto ransomware outbreak in history. Following its debut yesterday afternoon, a lot of facts have been flying around. Here’s what we know, and don’t know. WCry has currently made a measly $25,000 They now made […] |
Wannacry | ||
|
2017-05-11 14:20:58 | OSINT For Fun And Profit: #Presidentielle2017 Edition (lien direct) | As I mentioned in a previous post, I’m writing scripts designed to analyze patterns in Twitter streams. One of the goals of my research is to follow Twitter activity around a newsworthy event, such as an election. For example, last weekend France went to the polls to vote for a new president. And so I […] |
|||
|
2017-04-26 11:28:51 | Unicode Phishing Domains Rediscovered (lien direct) | There is a variant of phishing attack that nowadays is receiving much attention in the security community. It’s called IDN homograph attack and it takes advantage of the fact that many different Unicode characters look alike. The use of Unicode in domain names makes it easier to spoof websites as the visual representation of an […] |
|||
|
2017-04-25 09:07:20 | F-Secure XFENCE (Little Flocker) (lien direct) | I use Macs both at home and at work, and as a nerd, I enjoy using interesting stand-alone tools and apps to keep my environment secure. Some of my favorites are knockknock, ransomwhere?, and taskexplorer, from the objective-see website. I’ve also been recently playing around with (and enjoying) Â Monitor.app from FireEye. When I heard that […] |
|||
|
2017-04-18 13:10:36 | Ransomware Timeline: 2010 – 2017 (lien direct) | I’ve seen numerous compliments for this graphic by Micke, so… here’s a high-res version. Enjoy! Source: State of Cyber Security 2017 Tagged: Ransomware, Th3 Cyb3r, Threat Report |
|||
|
2017-04-13 12:01:57 | The Callisto Group (lien direct) | We’ve published a White Paper today titled: The Callisto Group. And who/what is the Callisto Group? A good question, here’s the paper’s summary. Heavy use of spear phishing, and malicious attachments sent via legitimate, but compromised, email accounts. Don’t click “OK”. Tagged: APT, Callisto Group, Th3 Cyb3r, White Paper |
|||
|
2017-04-10 12:30:43 | OSINT For Fun & Profit: @realDonaldTrump Edition (lien direct) | I’ve just started experimenting with Tweepy to write a series of scripts attempting to identify Twitter bots and sockpuppet rings. It’s been a while since I last played around with this kind of stuff, so I decided to start by writing a couple of small test scripts. In order to properly test it, I needed to point […] |
|||
|
2017-04-05 13:12:58 | “Cloud Hopper†Example Of Upstream Attack (lien direct) | There’s news today of a BAE/PWC report detailing a Chinese-based hacking group campaign dubbed “Operation Cloud Hopper”. Chinese Group Is Hacking Cloud Providers to Reach Into Secure Enterprise Networks https://t.co/Le4E4Se2Hc pic.twitter.com/adpDyWYa6C — News from the Lab (@FSLabs) April 5, 2017 This operation is what’s known as an upstream attack, a method of compromise that we […] |
|||
|
2017-03-31 13:04:00 | Massive Dridex Spam Runs, Targeting UK (lien direct) | Yesterday, between 9:00 and midnight GMT, we observed three massive malware spam runs. The magnitude clearly stood out the average daily amount of spam with attachments. The campaigns were largely sent to accounts with email address in the co.uk TLD. The first run, with subject lines such as “Your Booking 938721” (numbers vary) started at […] |
|||
|
2017-03-23 13:33:22 | Real-Time Location Sharing Redux (lien direct) | Google announced on Wednesday that it will soon add real-time location sharing to Google Maps. The feature set appears to be very reminiscent of Google Latitude, which was introduced (way back) in 2009. Location sharing will undoubtedly be a popular option for many, but, it may come with OPSEC considerations for others. Here’s what I wrote about […] |
|||
|
2017-03-22 14:19:18 | It\'s Not New To Us (lien direct) | A Turkish hacking group is reportedly attempting to extort Apple over a compromised cache of iCloud account data. This activity is on the heels of last week’s Turkish related Twitter account hacks via a service called Twitter Counter. And that brings to mind this article (by Andy)… OVER THE PAST FEW YEARS, you’ve probably heard […] |
|||
|
2017-03-09 13:05:37 | FAQ Related To CIA WikiLeaks Docs (lien direct) | We’ve been asked numerous questions about WikiLeaks’ March 7th CIA document dump. Did the news surprise you? No. Spies spy. And that spies use hacking tools… is expected. (“Q” does cyber these days.) Does this mean that the CIA will have to start over and rebuild a completely new set of tools? Does it need […] |
|||
|
2017-03-09 11:11:42 | Apple, Google, And The CIA (lien direct) | Apple and Google have issued statements to the media regarding WikiLeaks’ March 7th publication of CIA documents. Here’s Apple’s statement via BuzzFeed News. According to Apple, its “products and software are designed to quickly get security updates” to its customers. So, just how well does that statement hold up to what we see in-the-wild? Well, […] |
|||
|
2017-03-03 11:00:04 | Taking Poika Out On The Town: 2017 (lien direct) | AV-Test has awarded F-Secure Client Security with Best Protection 2016! And as tradition dictates, we took it on a tour of Helsinki. As a reminder, AV-Test’s Best Protection award is based on continuous real-world testing, over the entire year, against the most reliable and well-trusted endpoint protection vendors on the market. We’re proud to have, once […] |
|||
|
2017-02-23 12:37:04 | Reflash Flash Research Framework (lien direct) | Jarkko Turkulainen, a Senior Researcher on our Threat Intelligence team, has (today!) publicly released a research tool called Reflash. It’s a proof-of-concept framework for analyzing Adobe Flash files. It produces an SQL database of Flash VM stack trace by injecting dynamically generated instrumentation to Flash files. The SQL database can later be analyzed with various […] |
|||
|
2017-02-22 16:02:03 | Bitcoin Friction Is Ransomware\'s Only Constraint (lien direct) | In January 2017, I began tracking the “customer portal” of an innovative new family of crypto-ransomware called Spora. Among its innovations are a dedicated domain (spora.biz, spora.bz, et cetera) running a Tor web proxy, HTTPS support, an initially lower extortion demand, and tiered pricing with options to unencrypt individual files (up to 25Mb in size) […] |
|||
|
2017-02-15 08:32:31 | F-Secure Does Cyber Security (lien direct) | For more than 10 years, we’ve released an annual report/summary featuring observations, research, and malware trends. And in past years, this publication has included the word “threat” in its title. But no more! There are rather significant changes this year in our… State of Cyber Security. The new title reflects a change in the type […] |
|||
|
2017-02-08 12:40:10 | “F-Secure does red teaming?†(lien direct) | On June 2nd 2015, F-Secure announced via a press release its acquisition of the Danish Cyber Security firm, nSense. That press release contained the following snippet: “the combined portfolio will allow F-Secure to provide top-tier incident response and forensic expertise, comprehensive vulnerability assessment, and threat intelligence and security management services to enterprises and businesses with […] |
|||
|
2017-02-01 17:16:27 | Noun: Confirmation Bias (lien direct) | Confirmation bias, according to Google, is “the tendency to interpret new evidence as confirmation of one’s existing beliefs or theories.” Technology… potentially opens up a vast new realm of evidence, and that, if not very carefully analyzed, risks feeding confirmation bias. Last Friday, Journal News reported that a man from Middletown, Ohio was charged with […] |
|||
|
2017-01-16 16:10:31 | Noun: Sockpuppet (lien direct) | An Internet sockpuppet, according to Google, is “a false online identity, typically created by a person or group in order to promote their own opinions or views.” Sockpuppets are nothing particularly new… they go back as far as USENET. But it feels that recently, sockpuppetry has reached new heights. Twitter is an easy place to […] |
|||
|
2017-01-10 10:38:55 | F-Secure Vulnerability Reward Program Update (lien direct) | A message from Calvin, a security vulnerability expert and member of our Anti-Malware Unit. The AMU team has a customer care/support focus. Happy New Year to all you readers out there! A year has passed since we launched our F-Secure Vulnerability Reward Program (bug bounty) and time really flies. Here’s a snapshot of what we’ve […] |
|||
|
2016-12-21 11:17:34 | What\'s The Deal With Digital Forensics, Incident Response, And Attribution? (lien direct) | After several high-profile cyber attacks made big news headlines this year, it’s become evident to me, through online commentary, that there’s some confusion in the public space about how incident response services are utilized, how attribution is performed, and how law enforcement’s role fits into cyber crime investigations. I’m hoping this article helps to clear […] |
|||
|
2016-12-07 12:39:47 | On Botting, Cheating, And DDoSers (lien direct) | On November 10th 2016 Blizzard enacted a “ban wave” on thousands of World of Warcraft accounts for “botting”, a term widely used to describe using third party programs to automate gameplay. Technically it wasn’t a “ban wave” – the accounts in question received between 6 and 24 month suspensions based on how often they’d been […] |
|||
|
2016-11-24 13:52:34 | A Joint Centre To Combat Hybrid Warfare Threats (lien direct) | Helsinki will host a new centre focused on curbing the growing threat of hybrid warfare according to recent reports. Disinformation and fake news is considered “hybrid warfare” in this context. The proposed annual budget is reportedly estimated at two million euros. I think… they’re gonna need a bigger boat. Fighting against hybrid warfare disinformation will […] |
|||
|
2016-11-17 14:27:13 | Yahoo! Voice Call 2FA Fail (lien direct) | Netflix recently fixed an account takeover vulnerability involving automated phone calls and caller ID spoofing. The issue? An attacker could use Netflix’s “forgot email/password” feature to reset an account’s password by directing the reset code to a voice call. In order to force the code to voice mail, the attacker would need to call the […] |
Yahoo | ||
|
2016-11-16 12:21:01 | What\'s The Deal With “Next Genâ€? (lien direct) | We’re frequently asked about “Next Gen” antivirus companies, which is not surprising. They’ve been making a lot of noise and bold claims during the last couple of years (so, basically, since they were founded). So let’s take a look at what they’re all about. Coopetition in the AV industry But before getting into what “Next […] |
|||
|
2016-11-10 14:51:59 | A RAT for the US Presidential Elections (lien direct) | A day before the controversial United States Presidential elections, an email was distributed to inform the recipients of a possible attack during election day as mentioned in a manifesto, allegedly from the ISIS terrorist group, entitled “The Murtadd Vote”. The email was supposedly sent by the head of a US-based terrorist monitoring group. The message […] |
|||
|
2016-10-31 10:49:09 | How To Vet URL Shorteners #2016CampaignEdition (lien direct) | John Podesta, the Chairman of Hillary Clinton’s 2016 presidential campaign, allowed his Gmail account to be compromised in March 2016. And as a consequence, his correspondence has been in the news throughout the month of October. Recently, the March 2016 phishing message itself was published. Do you notice anything odd about the message? The very […] |
|||
|
2016-10-27 07:35:52 | CSS Disclosure: tar Extract Pathname Bypass (lien direct) | T2’16 Infosec Conference kicked off this morning in Helsinki. And to celebrate this, F-Secure CSS security consultant Harry Sintonen has a vulnerability disclosure to publish. See below for more info. tar Extract Pathname Bypass | tar Discussion Pointers Full Disclosure: POINTYFEATHER / tar Extract Pathname Bypass (CVE-2016-6321) Tagged: CSS, Disclosure, Kyb3r, tar, Vulnerability |
|||
|
2016-10-26 13:40:48 | Hacking An Election Is Hard. Why Not Pwn The Messenger Instead? (lien direct) | Election day USA, November 8th, is nigh. US elections (during a presidential election year) are a massive affair comprising federal, state, and local candidates for all sorts of elected positions: president, governors, senators, representatives, judges, state and county commissioners, et cetera. They are organized and run at the county level. There are 3,144 counties and […] |
|||
|
2016-10-21 11:22:14 | Fun With Internet Metadata (AKA The Deep Web) (lien direct) | Our Cyber Security Services (CSS) division spend a fair amount of time working with companies on threat assessments. They’ve been doing this stuff for several years, and during that time, they developed some useful tools to make their jobs easier. One of those tools is Riddler. It’s a web crawler that makes Internet metadata available via […] |
|||
|
2016-10-17 09:32:20 | What\'s The Deal With Non-Signature-Based Anti-Malware Solutions? (lien direct) | Gartner recently published an insightful report entitled “The Real Value of a Non-Signature-Based Anti-Malware Solution to Your Organization”. In this report, it discusses the ways in which non-signature technologies can be used to augment an organization’s endpoint protection strategy. Let’s take a look at how Gartner has defined non-signature malware detection solutions. Here’s a clip directly […] |
|||
|
2016-09-20 13:09:00 | Definitely Not Cerber (lien direct) | At the beginning of last week we noticed a spam campaign delivering a double zipped JScript file. The campaign started on September 8th. The email had the subject line of “RE: [name of recipient]” with an empty body, and an attached zip file named “[recipient name][a-z]{4}.zip”. The characteristics of the mail, naming of the attached item, […] |
|||
|
2016-09-15 08:57:51 | Seriously, Put Away The Foil (lien direct) | I was scanning the headlines this morning, as I do, and came across this article by YLE Uutiset (News). - “Finnish police: Keep your car keys in the fridge” From YLE’s article: “These so-called smart keys work by emitting a signal when the driver touches the door handle. The lock opens when it recognises the […] |
|||
|
2016-09-07 11:24:14 | 0ld 5ch00l MBR Malware (lien direct) | I recently installed Audacity, an open source audio editor… And while verifying the current version to download, I came across an interesting security notification. Before I read the details, I fully expected to discover yet another case of some crypto-ransomware group hijacking and trojanizing an application installer. But not so! Audacity’s download partner was infiltrated […] |
|||
|
2016-08-26 15:14:22 | What\'s The Deal With Machine Learning? (lien direct) | We’ve recently received quite a few questions regarding the use of machine learning techniques in cyber security. I figured it was time for a blog post. Interestingly, while I was writing this post, we got asked even more questions, so the timing couldn’t be better. It seems that there are quite a few companies out […] |
|||
|
2016-08-19 14:23:48 | Coming Soon: iOS 10 (lien direct) | I’ve been testing iOS 10 Beta for several weeks (on a secondary iPad mini 2 of mine) and so far, so good. I’m enjoying Swift Playgrounds and looking forward to the final release. Most of the changes I’ve noticed have been surface (i.e., UI) changes. But today I read an interesting blog post by @nabla_c0d3, […] |
★★★★★ | ||
|
2016-08-10 13:20:24 | Got Ransomware? Negotiate (lien direct) | ICYMI: we recently published a customer service study of various crypto-ransomware families. Communication being a crucial element of ransomware schemes, we decided to put it to a comparative test. The biggest takeaway? If you find yourself compromised – negotiate. You have little to lose, the majority of extortionists appear to be willing work with their […] |
|||
|
2016-08-04 11:56:14 | NanHaiShu: RATing the South China Sea (lien direct) | Since last year, we have been following a threat that we refer to as NanHaiShu, which is a Remote Access Trojan. The threat actors behind this malware target government and private-sector organizations that were directly or indirectly involved in the international territorial dispute centering on the South China Sea. Hence, the name nán hǎi shǔ […] |
|||
|
2016-07-25 13:16:24 | Bye Bye Flash! Part 2.5. Microsoft Edge Is Going “Click To Flash” (lien direct) | After last Thursday’s article on how Firefox will start reducing support for Flash, I received some comments pointing me to an announcement from Microsoft, back in April, where they stated that their Edge browser would also move towards a “Click to Flash” approach. The announcement notes that Flash plugins not central to the web page will […] |
|||
|
2016-07-21 13:17:55 | Bye Bye Flash! Part 2 – Firefox Plans To “Reduce” Support For Flash (lien direct) | Earlier this year, in our 2015 Threat Report, our own Sean Sullivan predicted that Chrome, Firefox, and Microsoft would announce an iterative shift away from supporting Flash in the browser by 2017. Last month, we covered the announcement made by Google. As predicted, just yesterday, the Firefox developers made a similar announcement on their blog. […] |
|||
|
2016-07-19 10:41:23 | Malware History: Code Red (lien direct) | Fifteen years (5479 days) ago… Code Red hit its peak. An infamous computer worm, Code Red exploited a vulnerability in Microsoft Internet Information Server (IIS) to propagate. Infected servers displayed the following message. See @mikko‘s Tweet below for a visualization. @FSLabs @FSecure @5ean5ullivan pic.twitter.com/7c0yTc66ix — Mikko Hypponen (@mikko) July 18, 2016 Tagged: Code Red, Historical, […] |
|||
|
2016-07-13 09:45:05 | A New High For Locky (lien direct) | After seeing a drop during first weeks of June, the spam campaigns distributing Locky crypto-ransomware has returned as aggressive as ever. Normally we have seen around 4000-10,000 spam hits a day during spam campaigns. Last week from Wednesday to Friday we observed a notable increase in amount of spam distributing Locky. At most we saw […] |
To see everything:
Our RSS (filtrered)
