Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Vulnerabilities affecting a popular WordPress plugin are being abused by cybercriminals to hijack websites and redirect their visitors to a page set up to serve malware, researchers at Sucuri reported on Monday.
Researchers at Trend Micro have observed a spike in the number of Ursnif infections. The most affected countries are the United States and the United Kingdom.
Nearly two years after the Red October cyber espionage operation was exposed, researchers have spotted a new advanced persistent threat (APT) campaign that appears to represent the return of the Red October group.
A digital certificate stolen from Sony Pictures under the recent cyber attack have been used to sign malware, according to a report from Kaspersky Lab.
Researchers at Kaspersky Lab have uncovered a new malware sample designed to target Linux operating systems, that has been used by the notorious advanced persistent threat (APT) group called "Turla" (also known as Snake and Uroburos).
Cybercriminals have been using a new variant of the Neverquest malware to target the customers of financial institutions, researchers at IBM Trusteer reported.
North Korea denied Sunday involvement in a brazen cyber attack on Sony Pictures, but praised it as a "righteous deed" potentially orchestrated by supporters furious over a Hollywood comedy depicting a fictional CIA plot to assassinate leader Kim Jong-Un.
Researchers from Trend Micro say have identified the piece of malware that appears to have been used in the recent cyberattack targeting the corporate network of Sony Pictures.
A sample of a new piece of malware designed to target point-of-sale (PoS) systems was submitted to VirusTotal a few days ago, according to researchers who analyzed the malware.
Researchers have sinkholed the command and control (C&C) domains used by the CryptoPHP malware and determined that tens of thousands of websites have been affected.

FEATURES, INSIGHTS // Malware

rss icon

Mark Hatton's picture
One of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Aviv Raff's picture
Just as offices need to detect break-ins to keep criminals from committing industrial espionage, enterprises need to put more focus on detecting APTs and other advanced threats to keep adversaries from their network.
Aviv Raff's picture
There are four key reasons why cloud-based sandboxes are qualitatively more effective than on-premise appliances...
Jeff Hudson's picture
Organizations need to consider more than just the malware itself if they are to defend against it; the first step in defending against malicious code infections is ensuring that a strong trust infrastructure is in place and well secured.
Wade Williamson's picture
By shortening the scope of an attack, it’s far less likely that response teams will get the chance to analyze such attacks in situ, so to speak.
Wade Williamson's picture
Security in the era of APTs is everyone’s problem, and to truly adapt means each team in an enterprise has to push itself out of its traditional comfort zone. Let’s look at some of these challenges.
Shaun Donaldson's picture
What is it about public cloud that breaks traditional endpoint security? First, let’s consider how traditional endpoint anti-malware ended-up where it is today.
Marc Solomon's picture
To detect, understand and stop advanced threats you need new tools and techniques that enable you to always watch, never forget and take action should a file be determined to be malicious at a later time. In effect, you need to be able to turn back time.
Marc Solomon's picture
Defenders need a new threat-centric approach to security to address the full attack continuum – before, during and after an attack – with continuous visibility into indicators of compromise and retrospective security to quickly contain and stop the damage.