web analytics

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle[.]press/, which was advertising a chat app called “Chatrious.” Users can download… Continue reading Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack

Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we also found… Continue reading Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Stalking the Stalkerware

Ever get the feeling you’re being followed? Unfortunately, when it comes to our digital lives, this is increasingly the case. But while we’re all keen to boost our followers on social media, it’s a different matter when it comes to anonymous third parties secretly stalking us online. Yes, we’re already tracked by ISPs every time… Continue reading Stalking the Stalkerware

Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the… Continue reading Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps

This Week in Security News: Trend Micro Unveils New Cloud Security Platform and Thousands of Disney+ Accounts are Compromised

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about Trend’s new Cloud One platform that provides workload, container, file object storage, serverless and application, and network security. Also, read about the recent Disney+ account… Continue reading This Week in Security News: Trend Micro Unveils New Cloud Security Platform and Thousands of Disney+ Accounts are Compromised

Warning! Windows 10 Fake Update is Actually Ransomware

Microsoft never sends updates via email. Many folks don’t know that, which is why a new ransomware campaign masquerading as a Windows 10 update is so pernicious. You may have already gotten a fake notice saying “Install Latest Microsoft Update Now!” Or “Critical Microsoft Windows Update!”, with the body of the message asking you to… Continue reading Warning! Windows 10 Fake Update is Actually Ransomware

Online Phishing: How to Stay Out of the Hackers’ Nets

Despite the growing popularity of social media and messaging apps, email remains the preferred way to communicate online for millions of Americans. And the bad guys know it. Of the 28.6 billion cyber-threats Trend Micro blocked globally in the first half of 2019, over 24.3 billion were carried by email. That’s 91%. Many of these… Continue reading Online Phishing: How to Stay Out of the Hackers’ Nets

Mac Backdoor Linked to Lazarus Targets Korean Users

By Gabrielle Joyce Mabutas Criminal interest in MacOS continues to grow, with malware authors churning out more threats that target users of the popular OS. Case in point: A new variant of a Mac backdoor (detected by Trend Micro as Backdoor.MacOS.NUKESPED.A) attributed to the cybercriminal group Lazarus, which was observed targeting Korean users with a… Continue reading Mac Backdoor Linked to Lazarus Targets Korean Users

How To Be An Informed Skeptic About Security Predictions

It doesn’t take a wily prediction to see that the cycles of tech procurement and planning are increasingly compressed. In enterprise IT, the two largest forces at play are business changes and technology changes. These two major forces are somewhat independent; a lot of tech change happened during the last economic downturn, and in fact… Continue reading How To Be An Informed Skeptic About Security Predictions

3 Reasons MSPs Must Evolve Beyond Endpoint Detection and Response

Endpoint protection is a critical component of a security strategy. But it’s not enough. Today’s threat landscape is so wide and varied, it requires round-the-clock monitoring, full visibility into IT environments and a multilayered approach to keep hackers at bay. For MSPs, this creates a sizable opportunity to protect clients with a comprehensive security strategy… Continue reading 3 Reasons MSPs Must Evolve Beyond Endpoint Detection and Response