Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers have created custom malware samples in an effort to test the effectiveness of some top advanced persistent threat (APT) attack detection appliances.
The creators of the Android remote administration tool (RAT) called DroidJack started off as legitimate application developers, but when they realized that their products were not as successful as they had hoped, they turned to developing a crimeware tool.
A sophisticated cybersespionage tool has been stealing information from governments and businesses since 2008, researchers said Monday, and one report linked it to US and British intelligence.
Google's Macintosh Operations Team announced last week the availability of the source code for "Santa," a tool designed for whitelisting and blacklisting binaries on Apple's Mac OS X operating systems.
Symantec has released details of an extremely sophisticated cyber espionage tool that the company says has been used in “systematic spying campaigns” against a range of international targets since at least 2008.
The Rovnix Trojan has started leveraging macros embedded in innocent-looking Microsoft Word documents to infect computers, researchers at Trend Micro reported.
A new variant of the Citadel Trojan is designed to capture keystrokes in an effort to obtain the passwords that protect access to authentications solutions and password managers.
A new paper takes a look at the prices for cyber-criminal services in the Brazilian underground.
A new variant of the Matsnu Trojan uses a Domain Generation Algorithm that generates 24-character domain names based on a combination of nouns and verbs (noun-verb-noun-verb).
Security experts are warning Steam users about a piece of malware that is being distributed by cybercriminals via the entertainment platform's chat feature.

FEATURES, INSIGHTS // Malware

rss icon

Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Aviv Raff's picture
Just as offices need to detect break-ins to keep criminals from committing industrial espionage, enterprises need to put more focus on detecting APTs and other advanced threats to keep adversaries from their network.
Aviv Raff's picture
There are four key reasons why cloud-based sandboxes are qualitatively more effective than on-premise appliances...
Jeff Hudson's picture
Organizations need to consider more than just the malware itself if they are to defend against it; the first step in defending against malicious code infections is ensuring that a strong trust infrastructure is in place and well secured.
Wade Williamson's picture
By shortening the scope of an attack, it’s far less likely that response teams will get the chance to analyze such attacks in situ, so to speak.
Wade Williamson's picture
Security in the era of APTs is everyone’s problem, and to truly adapt means each team in an enterprise has to push itself out of its traditional comfort zone. Let’s look at some of these challenges.
Shaun Donaldson's picture
What is it about public cloud that breaks traditional endpoint security? First, let’s consider how traditional endpoint anti-malware ended-up where it is today.
Marc Solomon's picture
To detect, understand and stop advanced threats you need new tools and techniques that enable you to always watch, never forget and take action should a file be determined to be malicious at a later time. In effect, you need to be able to turn back time.
Marc Solomon's picture
Defenders need a new threat-centric approach to security to address the full attack continuum – before, during and after an attack – with continuous visibility into indicators of compromise and retrospective security to quickly contain and stop the damage.
Wade Williamson's picture
It’s important we remember that IT security is essentially an asymmetric struggle. If we don’t adapt, we simply play into the hands of those who want to attack us.