Security Experts:

long dotted


Pearson VUE says attackers used a piece of malware to access user data from its PCM certification management system
The Angler, Magnitude, Neutrino, and Nuclear exploit kits accounted for 96 percent of the category’s activity in the third quarter of 2015.
A new variant of the Dyre banking Trojan includes support for Windows 10 and the Microsoft Edge browser.
Roughly 2,600 websites have been infected with the recently discovered Linux encryption ransomware Linux.Encoder1.
A new PoS malware dubbed “AbaddonPOS” has been distributed via weaponized documents and the Angler exploit kit.
Cherry Picker, a point-of-sale (PoS) malware that went largely undetected for the past several years, removes itself from the system after stealing payment card data.
A new Trojan spotted in attacks against targets in Thailand abuses legitimate components of Microsoft of Kaspersky security products during installation.
NIST has published guidelines for application whitelisting, saying that automation can help companies prevent malicious software from breaching their networks.
Predictable encryption keys allow victims of Linux.Encoder1 ransomware to recover files held for ransom. Bitdefender releases recovery tool.
Cybercriminals intensified the distribution of malware on Fridays during the third quarter of 2015, the latest CYREN Cyber Threat Report reveals.


rss icon

Wade Williamson's picture
Although ransomware is commonly targeted at consumers, recent versions have targeted the enterprise with a vengeance. This has shifted ransomware from a nuisance to a potentially debilitating attack that can freeze critical assets and intellectual property.
Simon Crosby's picture
While data breaches aren’t going away anytime soon, every company has a choice of how they prepare for them. By focusing on the endpoint, businesses can better secure themselves with less cost and less time expended by the IT team.
Marc Solomon's picture
Given the continuous innovation by attackers, it’s likely that your malware analysis needs have exceeded the capabilities of traditional sandboxing technologies.
Wade Williamson's picture
By building security controls that identify and correlate the malicious behaviors of an attack, we can begin to the tip the scales back in our favor.
Wade Williamson's picture
Like most modern malware, Carbanak is not some autonomous bit of code running on its own, but rather a vehicle for a remote human attacker to watch, learn and remotely drive the attack.
Pat Calhoun's picture
Cybercriminals are getting increasingly sophisticated in their efforts to outsmart security defenses such as sandboxing. Here is a quick look at techniques used by attackers to evade sandbox detection.
Marc Solomon's picture
Malvertising underscores the need for an approach to security that addresses the full attack continuum. With ongoing visibility and control, and intelligent and continuous updates, security professionals can take action to stop the inevitable outbreak.
Wade Williamson's picture
The most important aspect for us as security professionals is to realize that the man-in-the-browser is not going away, and to understand what exactly has made it so successful.
Wade Williamson's picture
In the same way we have watched APT techniques trickle down from nation-state actors to more opportunistic criminals, we should expect MitB to expand from financial services to all types of applications.
Michael Callahan's picture
While attackers are constantly improving their evasion tactics to extend the lifetime of their malware, users can also leverage these types of evasion tactics to help prevent malware infection in the first place.