Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

According to Bromium, attackers planted malicious code on a United States-based company's website in an effort to infect the computers of its visitors, an attack known as a watering hole attack.
JPMorgan Chase, one of the largest banks in the United States, has confirmed that its systems were breached this summer.
Middle Eastern petrochemical organizations have been targeted in cyberattacks leveraging the notorious Citadel Trojan, according to researchers at IBM-owned Trusteer.
Cybercriminals have been serving malicious advertisements on several high-profile websites in an effort to push shady software onto the computers of their visitors, regardless if they are Windows or OS X users, Cisco reported on Monday.
The official website of an important Israeli think tank has been compromised and abused to distribute a piece of malware, the security firm Cyphort reported on Friday.
A Windows backdoor used in numerous attacks by a certain threat group has been ported to Mac OS X and fitted with new features, researchers at FireEye reported.
Cybercriminals managed to breach one of the servers used for HealthCare.gov, the official website of the United States' health insurance marketplace, federal officials reported on Thursday.
In recent attacks that used the Angler exploit kit, malicious code was injected directly into running processes instead of being written to the disk.
A new variant of the Bifrose backdoor has been used in a cyberattack aimed at an unnamed device manufacturer, Trend Micro reported.
A new variant of BlackPOS (Kaptoxa), a piece of RAM scraping malware designed to target point-of-sale (PoS) systems, has been spotted in the wild by researchers at Trend Micro.

FEATURES, INSIGHTS // Malware

rss icon

Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Wade Williamson's picture
The most important aspect for us as security professionals is to realize that the man-in-the-browser is not going away, and to understand what exactly has made it so successful.
Wade Williamson's picture
In the same way we have watched APT techniques trickle down from nation-state actors to more opportunistic criminals, we should expect MitB to expand from financial services to all types of applications.
Michael Callahan's picture
While attackers are constantly improving their evasion tactics to extend the lifetime of their malware, users can also leverage these types of evasion tactics to help prevent malware infection in the first place.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Danelle Au's picture
Trying to defend against modern, advanced attacks with one-off point solutions is like playing a whack-a-mole game, always one step behind the attacker and trying to play catch up with the alerts as they’re received.
Marc Solomon's picture
Mosquitoes are quite similar to malware. There are thousands of species and numerous ways to try to protect against them but each method has its limitations.
Aviv Raff's picture
Without the elements of prevention, detection, and protection all working together, threat actors will always have the advantage, and will find a way to carry out their illicit economic, political or social agendas.
Aviv Raff's picture
A combination of new threat actors, new attack approaches, and new masking tactics demand that enterprises redefine malware, and make all necessary investments in people, technology and systems to stay one step ahead.
Mark Hatton's picture
One of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.