Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

An attack group, dubbed “Desert Falcons” by Kaspersky Lab, appears to be the first known Arabic cyber-espionage group to develop and run full-scale cyber-espionage operations.
The Vawtrak banking malware now leverages macros and the Windows PowerShell scripting tool to infect computers, Trend Micro reported on Monday.
A multinational gang of cybercriminals infiltrated more than 100 banks across 30 countries and made off with up to one billion dollars over a period of roughly two years, Kaspersky Lab said on Saturday.
An individual claiming to be one of the developers of the RIG exploit kit has leaked the source code for what appears to be a fairly recent version of the exploit kit.
The developers of the Simplocker Android ransomware are trying to make it more difficult to recover encrypted files without paying up.
XOR.DDoS is a piece of malware that's used by Chinese threat actors to launch DDoS attacks from Linux and other types of systems.
iOS spyware used by the Pawn Storm cyber espionage group to steal valuable information from targets.
Adobe Flash Player vulnerabilities, malvertising and file-less infections are the key ingredients in a campaign dubbed by researchers "Fessleak"
Facebook malware infected at least 260,000 users. The Trojan is designed to like posts, subscribe to profiles and follow people on Twitter.
A new variant of the Dyre Trojan targets 355 banks. The malware leverages a worm for distribution, and SSL, I2P and DGA for evasion.

FEATURES, INSIGHTS // Malware

rss icon

Aviv Raff's picture
A combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.
Mark Hatton's picture
One of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Aviv Raff's picture
Just as offices need to detect break-ins to keep criminals from committing industrial espionage, enterprises need to put more focus on detecting APTs and other advanced threats to keep adversaries from their network.
Aviv Raff's picture
There are four key reasons why cloud-based sandboxes are qualitatively more effective than on-premise appliances...
Jeff Hudson's picture
Organizations need to consider more than just the malware itself if they are to defend against it; the first step in defending against malicious code infections is ensuring that a strong trust infrastructure is in place and well secured.
Wade Williamson's picture
By shortening the scope of an attack, it’s far less likely that response teams will get the chance to analyze such attacks in situ, so to speak.
Wade Williamson's picture
Security in the era of APTs is everyone’s problem, and to truly adapt means each team in an enterprise has to push itself out of its traditional comfort zone. Let’s look at some of these challenges.
Shaun Donaldson's picture
What is it about public cloud that breaks traditional endpoint security? First, let’s consider how traditional endpoint anti-malware ended-up where it is today.
Marc Solomon's picture
To detect, understand and stop advanced threats you need new tools and techniques that enable you to always watch, never forget and take action should a file be determined to be malicious at a later time. In effect, you need to be able to turn back time.