The recent series of IT acquisitions and IPOs highlight a simple economic fact: companies that fail to keep up with the fast-paced innovation of technology can easily become targets for acquisition. Mark Twain put it this way: History doesn’t repeat itself, but it rhymes. As a former Gartner analyst, I find it irresistible to comment… Continue reading Innovate or Die?
Month: August 2019
Adware Posing as 85 Photography and Gaming Apps on Google Play Installed Over 8 Million Times
The mobile platform is ubiquitous — enabling users to make online transactions, run their everyday lives, or even use it in the workplace. It’s no surprise that fraudsters and cybercriminals would want to cash in on it. Delivering adware, for example, enables them to monetize affected devices while attempting to be innocuous. And while they… Continue reading Adware Posing as 85 Photography and Gaming Apps on Google Play Installed Over 8 Million Times
Analysis: New Remcos RAT Arrives Via Phishing Email
By Aliakbar Zahravi (Malware Researcher) In July, we came across a phishing email purporting to be a new order notification, which contains a malicious attachment that leads to the remote access tool Remcos RAT (detected by Trend Micro as BKDR_SOCMER.SM). This attack delivers Remcos using an AutoIt wrapper that incorporates various obfuscation and anti-debugging techniques… Continue reading Analysis: New Remcos RAT Arrives Via Phishing Email
August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default
Microsoft released updates to patch 93 CVEs, along with two advisories, in this month’s Patch Tuesday. The bulletin patches issues in Azure DevOps Server, Internet Explorer, Microsoft Office, Microsoft Windows, Visual Studio, to name a few. The patches address 29 vulnerabilities rated Critical and 64 that were rated Important. A total of 21 CVEs were… Continue reading August Patch Tuesday: Update Fixes ‘Wormable’ Flaws in Remote Desktop Services, VBScript Gets Disabled by Default
Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
By Augusto Remillano II and Jakub Urbanec Within a span of three weeks, our telemetry uncovered three notable malware variants of Neko, Mirai, and Bashlite. On July 22, 2019, we saw and started analyzing a Neko botnet sample, then observed another sample with additional exploits the following week. A Mirai variant that calls itself “Asher”… Continue reading Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
Customer Perspective: Catching the thief lurking in the shadows with EDR and MDR
A guest blog by Ian Loe, Senior Vice President, Cybersecurity, NTUC Enterprise Co-operative Limited News flash: aided by time, persistence and smarts, advanced cybersecurity felons are leapfrogging traditional security systems to compromise confidential data. Realising this, we at NTUC Enterprise have been looking into new security technologies that help address these rising concerns. One of… Continue reading Customer Perspective: Catching the thief lurking in the shadows with EDR and MDR
Why XDR Is A Big Deal, and Is Different from SIEM and Platforms
In Jon Clay’s post, he does a great job of explaining the evolution from EDR to XDR. In short, he explained that Endpoint Detection and Response (EDR) is great, but that having sources of information beyond endpoint is better. The ‘X’ in XDR is essentially ‘many’ or whatever we can add to provide a broader,… Continue reading Why XDR Is A Big Deal, and Is Different from SIEM and Platforms
LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script
by Lilang Wu and Moony Li The bug hunting space has grown significantly smaller now that most mobile operating systems feature built-in threat mitigation tools and techniques. Android 9’s control flow integrity (CFI) or pointer authentication codes (PAC) based on iOS 12 hardware are some examples of such features. Industry-standard fuzzers like Americal fuzzy lop… Continue reading LLDBFuzzer: Debugging and Fuzzing the Apple Kernel with LLDB Script
XDR Needs Network Data and Here’s Why
As we’ve discussed in previous blogs, XDR is a better way to detect attacks within a network since it is able to coordinate and collaborate threat intelligence and data across multiple threat vectors, including endpoint (including mobile and IIoT), server, network, messaging, web, and cloud. In this blog I want to discuss an area of… Continue reading XDR Needs Network Data and Here’s Why
LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks
by Miguel Ang, Erika Mendoza and Jay Yaneza First advertised as an information stealer and keylogger when it first appeared in underground forums, LokiBot has added various capabilities over the years. Recent activity has seen the malware family abusing Windows Installer for its installation and introducing a new delivery method that involves spam mails containing… Continue reading LokiBot Gains New Persistence Mechanism, Uses Steganography to Hide Its Tracks