Month: September 2019

By Stephen Hilt, Vladimir Kropotov, Fernando Mercês, Mayra Rosario, and David Sancho In our paper “The Internet of Things in the Cybercrime Underground,” we looked into IoT-related discussions from several cybercrime underground communities. We found discussions ranging from tutorials to actual monetization schemes for IoT-related attacks. Unsurprisingly, exposed devices and vulnerabilities were of great interest… Continue reading IoT Attack Opportunities Seen in the Cybercrime Underground

By Johnlery Triunfante (Threat Analyst) Exploit kits may no longer be as prolific as it was back when their activities were detected in the millions, but their recurring activities in the first half of 2019 indicate that they won’t be going away any time soon. The Rig exploit kit, for instance, is known for delivering… Continue reading ‘Purple Fox’ Fileless Malware with Rookit Component Delivered by Rig Exploit Kit Now Abuses PowerShell

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how music festival goers need to be on guard for phishing attacks when trying to find a lost iPhone. Also, read how Trend Micro researchers went… Continue reading This Week in Security News: New Zero-Day Vulnerability Findings and Mobile Phishing Scams

By Chia Ching Fang and Shih-Hao Weng (Threat Researchers) In malware research, threat hunting and sharing of threat intelligence, such as exchanging indicators of compromise (IoCs) in the form of hashes (e.g., MD5s, SHA256s), are common industry practices and helpful for information security professionals. Researchers, for instance, would typically search for malware samples on VirusTotal… Continue reading Malware Classification with ‘Graph Hash,’ Applied to the Orca Cyberespionage Campaign

By Augusto Remillano II One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers. The script sends an email with an embedded link to a scam… Continue reading Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion

When was the last time you looked at your home router? We tend to only notice these magical boxes when something goes wrong. And given that many of us get our router as part of a single broadband box (technically known as a gateway, combining modem and router in one device), there’s even less incentive… Continue reading Finding a Better Route to Router and Home Network Security

by Jaromir Horejsi and Joseph C. Chen We recently caught a malvertising attack distributing the malware Glupteba. This is an older malware that was previously connected to a campaign named Operation Windigo and distributed through exploit kits to Windows users. In 2018, a security company reported that the Glupteba botnet may have been independent from… Continue reading Glupteba Campaign Hits Network Routers and Updates C&C Servers with Data from Bitcoin Transactions

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about how a total of 118 new ransomware families emerged in the first half of 2018, but only 47 new ones debuted in the first six… Continue reading This Week in Security News: Ransomware Campaigns Persist with WannaCry as Most Common