Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The US website of the Metro newspaper (metro.us), which serves an estimated 1 million visitors every month, has been compromised and abused to distribute a malware via the RIG exploit kit.
SMS-based two-factor authentication (2FA) mechanisms used by banks to secure their customers' accounts have been bypassed by cybercriminals using a combination of malware, mobile apps, rogue DNS servers, and phishing sites, according to a report from Trend Micro.
A new file-encrypting piece of ransomware advertised on underground forums since mid-June is increasingly used by cybercriminals, a security expert reported.
The Neverquest banking Trojan has been enhanced with new features that make it an efficient tool for cybercriminals that are after sensitive information.
Security researchers have conducted an in-depth analysis of both the client side and the command and control (C&C) servers of the malware dubbed "Mayhem."
A new variant of the PushDo malware has already infected tens of thousands of computers across the globe, researchers from Bitdefender reported.
Solutionary found that Amazon Web Services (AWS) continues to be responsible for hosting most malware.
Malware developers have recently started advertising a new banking Trojan called "Kronos" on a Russian cybercrime forum.
The source code for a version of the Tinba malware was published last week on a private underground forum, Denmark-based CSIS Security Group reported on Thursday.
Cybercriminals have developed a new Trojan largely based on Gameover Zeus in an effort to revive the botnet that was recently disrupted by international authorities.

FEATURES, INSIGHTS // Malware

rss icon

Wade Williamson's picture
The most important aspect for us as security professionals is to realize that the man-in-the-browser is not going away, and to understand what exactly has made it so successful.
Wade Williamson's picture
In the same way we have watched APT techniques trickle down from nation-state actors to more opportunistic criminals, we should expect MitB to expand from financial services to all types of applications.
Michael Callahan's picture
While attackers are constantly improving their evasion tactics to extend the lifetime of their malware, users can also leverage these types of evasion tactics to help prevent malware infection in the first place.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Danelle Au's picture
Trying to defend against modern, advanced attacks with one-off point solutions is like playing a whack-a-mole game, always one step behind the attacker and trying to play catch up with the alerts as they’re received.
Marc Solomon's picture
Mosquitoes are quite similar to malware. There are thousands of species and numerous ways to try to protect against them but each method has its limitations.
Aviv Raff's picture
Without the elements of prevention, detection, and protection all working together, threat actors will always have the advantage, and will find a way to carry out their illicit economic, political or social agendas.
Aviv Raff's picture
A combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.
Mark Hatton's picture
One of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.