Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
Two years after Mirai botnets first appeared, security researchers say telnet-targeting botnets are attempting to compromise internet of things devices by pummeling them with 1,065 different username/password combinations. Some of these attacks are designed to install Linux DDoS malware.
Malware continues to increase in sophistication and routinely evades organizations' cyber defenses. It lurks inside networks waiting to execute attacks that can cause significant damage. Automated Static Analysis of binary files enables security teams to unlock an array of new threat intelligence, hunting, analysis,...
A decade ago sandboxing (dynamic analysis) was introduced as the first automated way to understand the actions of potential malware. Now widely deployed, it offers real value in understanding and identifying unknown malware.
However, there are limitations; it is unable to keep up with the large volume of malware...
The lack of visibility into and understanding of the millions of objects that move into an organization's network means threat hunters cannot adequately identify undetected malware they are hunting for.
Local Threat Intelligence combined with advanced malware hunting tools gives threat hunters a precise way to hunt...
The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.
A notorious group of payment card-stealing gangs called Magecart has been tied to another series of online attacks, this time against Shopper Approved, an e-commerce service used by thousands of sites to gather reviews from customers.
This survey report reveals that for many organizations, threat hunting is still new and poorly defined from a process and organizational standpoint. Most are still reacting to alerts and incidents instead of proactively seeking out the threats.
While the act of threat hunting cannot be fully automated, it heavily...
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
Organizations should be on guard for attacks involving an apparent variant of Hermes ransomware - dubbed Ryuk - that attempts to encrypt network resources. It has already victimized several global organizations in the U.S. and elsewhere, according to a federal alert, which offers mitigation advice.
This quarter's finds uncover some very interesting cyber security trends and examples of malware developers, leveraging agile development, IoT devices used for cryptojacking, and vulnerability exploitation.
Learn more about the threat intelligence behind this report and how you can prevent cyberattacks in your...
Ransomware creators, having already created "themes" for their crypto-locking malware ranging from Pokemon and horror movies to princesses and Donald Trump, have now debuted "Barack Obama" ransomware. In a sign of the times, the ransomware doubles as a monero cryptocurrency miner.
One of the biggest challenges in stopping data breaches lies in sifting through vast amounts of data to find the proverbial "needle in the haystack" - the subtle clues that indicate an attack is imminent or underway in your organization. As modern computer systems generate billions of events daily, the amount of data...
Kaspersky Lab has discovered a new form of malware it calls Dark Tequila that has been targeting users in Mexico and stealing bank credentials and other personal and corporate data. The malware can move laterally through a computer while it's offline, says Dmitry Bestuzhev, a Kasperksy researcher.