Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A series of cyber-attacks have been using an encrypted downloader to deliver a Metasploit backdoor, AlienVault reports. [Read More]
Network attacks exploiting a recently patched Drupal vulnerability are attempting to drop Monero mining malware onto vulnerable systems, Trend Micro reports. [Read More]
The Red Alert 2.0 Android Trojan first detailed in September last year is currently available for rent on underground forums at $500 per month, Trustwave reports. [Read More]
The author of a newly discovered malware downloader allows interested parties to set up a botshop and build a malware distribution network, Netscout Arbor reveals. [Read More]
China-linked cyber espionage group tracked by Symantec since 2013 as Thrip has targeted satellite operators, telecommunications companies and defense contractors [Read More]
Olympic Destroyer, the malware used in a campaign targeting the recent Olympic Winter Games, has now been used in attacks aimed at bio-chemical threat research organizations in Germany, France, the Netherlands, Switzerland and Ukraine [Read More]
The Betabot Trojan is being spread in a multi-stage attack that starts with malicious Office documents attempting to exploit a 17-year old vulnerability. [Read More]
DHS and FBI publish another report describing a piece of malware allegedly used by the North Korean government. The malware is tracked as 'Typeframe' [Read More]
Chinese threat actor known as APT15, Ke3chang, Mirage, Vixen Panda and Playful Dragon creates new MirageFox malware, and researchers have found similarities to the first malware used by the group [Read More]
Trend Micro analyzes new campaign that appears to be linked to MuddyWater espionage [Read More]
FEATURES, INSIGHTS // Malware
In the cat-and-mouse game between security providers and malware authors, cybercriminals keep innovating and experimenting – a dynamic seen in the recent resurgence of the Locky ransomware.
While devastating to the victims, the recent rash of ransomware has been helpful in putting an objective and quantifiable face on modern threats associated in cybersecurity.
To reduce exposure to malware, security teams need to learn the DevOps techniques that are being adopted across the rest of the IT organization.
The early indicators of the WannaCry attack were evident, but it spread too quickly for human security teams to react before it spread across the world like wildfire.
If the WannaCry incident taught us anything, it’s that global, widespread ransomware can and will impact organizations without any notice. The time to prepare is now.
Investigating nefarious actors online can be dangerous, as the places hunters go are likely to be full of malware and people actively monitoring for outsiders.
When implemented in series, common malware analysis environments allow security teams to handle the vast majority of threats automatically, freeing up team resources to actively hunt more advanced threats.
When implemented as part of a natively-engineered security platform, these malware identification and prevention practices can reduce the operational burden put on security teams.
Identifying malicious software by recognizing that it just damaged the system or exfiltrated some amount of information is no longer defense, but detection.
While malicious actors demanding ransoms is not new, the surge of organizations being targeted with fake extortion demands and empty threats is. Let’s look at how extortion campaigns are carried out through the “avenue of approach” lens.
SecurityWeek Daily Briefing
- Robocalling Firm Exposes U.S. Voter Records
- Industry Reactions to U.S. Indicting 12 Russians for DNC Hack
- Ransomware Attack Hits Health Firm LabCorp
- Okta Acquires Access Control Startup ScaleFT
- Financial Industry Insiders Put the Keys to the Kingdom at Risk
- ABB to Patch Code Execution Flaw in HMI Tool
- Cisco Finds Serious Flaws in Policy Suite, SD-WAN Products
- Vulnerability or Not? Pen Tester Quarrels With Software Maker
- NIST to Withdraw 11 Outdated Cybersecurity Publications
- Data Privacy Automation Provider Integris Software Raises $10 Million
Copyright © 2018 Wired Business Media. All Rights Reserved. Privacy Policy